What is the best way to make multiple sets of fields read only/read writ for specific user groups. Can’t find anything in the Wizards and I am thinking that there will need to be some C# code in the load of a page done by customising. Trouble is I can’t work out how to extract the groups that I can set the read/write access for.
I have also tried setting this up in the Field Security and Security Group maintenance but it doesn’t allow enough flexibility in that in certain programs I want unlimited read/write acces for certain security groups but in others require no access, leaving the fields as read only.
Is this a customisation method better approach than making data/method directives which stop the update and simply return an error message?
A simple LINQ Query could be done to see if the user is a member of the security group. Put this in the function that the Extended Properties Wizard generates.
CORRECTION
LINQ won’t work in the customization. Have to use adapters or whatnot.
I tend to gravitate towards method directives for implementing user security on field updates. It is often the case that we need to code in more logic than Field Security can handle. For example, Sales can change customer Terms only when changing from, say, Credit Card to some other immediate payment terms code, but only Accounting can grant something like Net 30 terms. Since I already have a lot of security like this where I 100% need BPMs, I just use BPMs entirely even in the places where I technically could use Field Security.
For fields that we don’t use at all as a company (or where we never change the default value), I set them to Read Only in Extended Property Maintenance. This makes the UI much less intimidating when users can clearly see which fields they need to worry about vs ones they never have to touch. I only do this for screens like Customer, Quote, Order, etc.
