Security based on field value

There is a set of fields in part setup – on of which is ClassID – where access should be restricted to product managers such that each PM shall be able to edit only his parts. The field that ties a PM to a part is ClassID.

I have a BPM on the Update method which evaluates the security group of user. Several conditions later, the system either allows or prevents a change to one of the fields in the set.

This works for all the fields EXCEPT ClassID. ProdMgr A can get to product B and change product B’s ClassID from Class B to Class A. Then ProdMgr A can edit any of the other fields.

So the question is… is there a way to evaluate the contents of the ClassID field before the user touches it? Maybe a post-processing on GetRows (this is occurring to me as I type…).

I know that I can do something in the customization of the form, but would really prefer to have all in the same place and would really prefer to have it all in the same directive, if possible.

Thanks.

If you move your security checks to an In-Trans Data directive, your problem should be solved. OR you could find out what business object is run when you change the Part Class… It probably does a separate BO call when that happens and not the “update”.