Setting Up Security Rules

Shane, it depends on what you are trying to lock down. Have you looked into using elements or element groups? I've found them very effective for setting up data security.

I will take a look at the elements. Just seems like setting up security should be "simpler." I thought maybe I was missing something that would make it easier to setup conditional rules.

It really does depend on the case but you can also consider setting up your own custom LDAP attribute in the schema editor, assigning it to users and using that the secure forms off of as well. There are lots of options but that really is the great/terrible thing about LS...you start off with nothing and have to work your way up.

Okay - Another question for the group:

If I want to create a security class for HR access and ESS how do I lock things down when one class will have rules that might deny a form or field while another rule under a different class might have conditions to allow if employee and company numbers match? Which rule would win? (For example I might want to deny access to a file in one class but then give them access to their own information through another class that would be assigned for ESS?)

Lets say I setup HR Rep access to files and forms ...
1. DENY would be setup under a class for the BENEFITS table
2. ESS/MSS would have ALLOW access under another class if the user.employee and file.employee match

My fear is that I am going to need to build the ESS/MSS into every class - what I want is to just have one ESS/MSS class and then assign it to everyone along with any "job related" classes that might allow unlimited access to a file or field.

I found my answer - I think ... Looks like it will use the most generous rule for the user. So if I deny file access one place and grant file access in another place it will use the grant rule. (Just thought I should include the answer I found - if you know something else please feel free to add it.)
Thanks