Defining field level security rules

Use field level security to restrict access to specific fields within an object.

Before you begin

You must enable System Administration Mode before you can define field level security.

Procedure

  1. Click Open Administration menu Administration menu > Users and Security > Security Rules.
  2. Click the name of the object type for which you want to define a security rule.
  3. In the Field Level Security Rules section, click Add.
  4. Add a name and description for the security rule.
  5. Click Choose Fields, and select the fields on which to apply the security rule.
  6. For each field that you selected, specify the access controls.
    Read Only
    Users can read the field values, but not update them.
    Read and Update
    Users can read and update the field values.
  7. Add the formula for the security rule.

    You can type the formula or use the toolbar buttons to define parts of the formula. You can also use a combination of them. For more information, see Grammar for security rules.

    1. On premises On Cloud Cloud Pak for Data: To reference another object, either a parent or child, complete the following actions.
      For more information, see Paths for parent and child objects.
      1. Click Add Path.
      2. Click Parent or Child and select whether the path follows parent objects or child objects.
      3. Click Starting Object Type and select the object type that is the starting point for the path.
      4. Click Ending Object Type and select the object type that is the ending point for the path.
      5. Click Search to view the possible paths.
      6. Select one or more paths. If you select more than one path, use Combine Paths to specify how to use the multiple paths. Select Any Path if you want to use any of the paths or select All Paths if you want all paths to be used for the rule to be applied.
      7. Click Insert.
    2. To define a field condition, complete the following actions.
      For more information, see Terms for data types.
      1. Click Add Field.
      2. Select an object type.
      3. Select the field that you want to use.
      4. Select an operator. The list of operators changes depending on the field data type.
      5. Enter the value of the field condition.
      6. Click Insert to add the field condition into the rule formula.

      If you type the field condition, ensure that you use system names. If you do not specify an object type, the rule uses the object type for the object to which the rule applies. If you specify an object type, the object type must be either the subject of the rule or be specified in a path expression that contains the field reference.

      You can use square brackets to ensure that when elements of field references contain spaces or other special characters, these field references are parsed.

    3. To add operators or keywords, click Add Terms.
  8. Click Add.
  9. Click Show rule analysis. Review the results and adjust the rule to reduce its performance impact.
    For more information, see Best practices for security rules.

What to do next

Test the security rule with a representative data set in a non-production environment. For example, test the grid views and reports that use the object types in the rule.