This Article describes what happens when a user fails an Access Control check (does Not have rights). For a better understanding, let's explore what that looks like VISUALLY...
Read, Write, Delete and Create Access Controls may be defined at the Record-level or the Field-Level... and they control the behavior of the User Interface on both List Views and Forms. This leads to 32 different combinations, or scenarios. (However 12 of the Field Level scenarios don't really apply, since Record-level Access Controls override Field-level Access Controls; these scenarios are marked NA in the chart below.)
Let's number our Scenarios, and then look at a picture of each one one in action...
Scenarios 0 through 8 show how Record Level Access Controls affect List Views...
1. List View - Record Read Granted
The user can see all records. Field headers are also displayed.
2. List View - Record Read Denied
The list view appears, and records which were denied are simply filtered out from the list. (In this example record number CAR001002 has been filtered out.) The user has no way of knowing if, or how many, records were omitted.
...additionally, if Read access to ALL records was denied, the entire list view is hidden as well as the filter, search bar, and field headers. The message "Security constraints prevent access to requested page" is displayed below an image of a vault.
3. List View - Record Write Granted
The user can edit fields directly in the List View.
4. List View - Record Write Denied
The user is unable to edit any fields of the List View and sees the message "Security prevents writing to this field".
5. List View - Record Create Granted
A NEW button appears at the top right of the List View.
6. List View - Record Create Denied
The NEW button is omitted from the top right of the List View.
In the "Actions on selected rows" menu, a Delete menu item is present.
8. List View - Record Delete Denied
In the "Actions on selected rows" menu, the Delete menu item is grayed out (disabled).
Scenarios 9 through 16 show how Field Level Access Controls affect List Views...
9. List View - Field Read Granted
**A field may not be read if the record it is contained in has been denied read permission.
10. List View - Field Read Denied
Records are listed, but blank spaces are shown for those fields which failed the Read Access Controls.
If the user tries to Double Click on a field he cannot read, nothing at all will happen. He will not have the ability to edit that field.
(in this example, the user was denied Read permission for the Color field for records Car001002 and Car001003.)
11. List View - Field Write Granted
**A field ma not be written to if the record it is contained in has been denied write permissions.
12. List View - Field Write Denied
The user is unable to edit ONLY those fields for which he was denied Write permission. Other fields are still editable.
13. List View - Field Create Granted
**A field may not be created if the record it would be contained in has been denied create permission.
14. List View - Field Create Denied
**Denying the create permission on an individual field has no effect, if create is allowed at the record level.
15. List View - Field Delete Granted
**Granting the delete permission on an individual field has no effect, if delete is denied at the record level.
16. List View - Field Delete Denied
**Denying the delete permission on an individual field has no effect, if delete is granted at the record level.
Scenarios 17 through 24 show how Record Level Access Controls affect Form views...
17. Form - Record Read Granted
Here the user can see all fields on the form.
18. Form - Record Read Denied
All fields are hidden from the form.
19. Form - Record Write Granted
All fields are Editable.
20. Form - Record Write Denied
All fields are grayed out and Read Only.
21. Form - Record Create Granted
After the user hits the New button on a list view, or navigates directly to a Record Creation type URL, fields will be Editable and there will be Save and Submit buttons.
22. Form - Record Create Denied
Even if the user navigates directly to a Record Creation type URL, no fields show up for data entry, and there is no Submit button on the title bar or Save menu item in the speed menu.
23. Form - Record Delete Granted
A Delete button is present at the top right of the form.
24. Form - Record Delete Denied
The Delete button is omitted from the top right of the form.
Finally, Scenarios 25 through 32 show how Field Level Access Controls affect Form views...
25. Form - Field Read Granted
**A field may not be read if the record it is contained in has been denied read permission.
26. Form - Field Read Denied
Only those fields which deny read access are omitted from the form. In this case the "Color" field was omitted.
27. Form - Field Write Granted
**A field may not be written to if the record it is contained in has been denied write permissions.
28 Form - Field Write Denied
Only those fields for which Write access is denied are Grayed Out and Read Only.
29. Form - Field Create Granted
**A field may not be created if the record it would be contained in has been denied create permission.
30. Form - Field Create Denied
**Denying the create permission on an individual field has no effect, if create is allowed at the record level.
31. Form - Field Delete Granted
**Granting the delete permission on an individual field has no effect, if delete is denied at the record level.
32. Form - Field Delete Denied
**Denying the delete permission on an individual field has no effect, if delete is granted at the record level.
Please mark this article as "Helpful" if it helped you in some way. Thanks!
