Record Security is used to determine which Teams and/or Users can see which Records within a Record Type. If a user is accounted for in one of the rules then the only items that user can see are those that match their respective settings. If a user is not accounted for by the rules then they will be able to see all record in the Record Type.


To setup Record Security, add a new security rule for the field(s) on which you wish to limit access. For instance, if you want to make sure that a certain team only has rights to see invoices from the ACME company then you might add a rule for the VendorName field. 


Next, enter the value(s) that you want to make sure the can see in the Value From field. In the example above that would be "ACME". If you had a range you wish to limit on (dollar amount, date, etc) you can use the Value From and Value To fields to provide the range. NOTE: You can use server or user variables in these fields but not Record, Document or Workflow variables because they are not available until AFTER a Record has been found - not before.


Lastly you will want to select who is limited by this rule.You can select users, teams or a combination of both. Anyone selected or anyone in the teams selected will only be able to see records that match this rule. Use the ALL USERS team to apply the logic to everyone. You can also specify to apply the security for anyone NOT in a team - which is handy for certain applications such as AP where anyone NOT in the Accounting team can only see invoices for their own department.


You can also combine multiple rules for even greater flexibility.In the example above you could add a second rule that would include the same users/teams but would key off the Amount field. You could make a new rule where the field named Amount would need to have 0 to 1000 in it for the users/teams to see it. If the same user is affected by both rules then they would only be allowed to see invoices from ACME that were from $0 to $1000.


Multiple Possible Values

An advanced usage of this feature is to compare a field value with a list of possible matches. You can do this by setting the Value From setting to a list delimited by | (pipe) symbols. For instance, you could set a security rule where an invoice is only visible if the Department field is set to "HR", "Admin", "Warehouse" or "Other". Just set the Field Name to "Department" and Field Value to "HR|Admin|Warehouse|Other". 


Team Security

You can combine the Multiple Possible Values method above with the variable called USERTEAMS to secure a record based on team membership. [USERTEAMS()] will return a pipe-delimited list of all the team names in which the current user is a member. If you use this for the Field Value setting then if any of that user's team names match the field value then they will have access.