However, We can get a broader view of the Field Security permissions by viewing the FieldSecurity table:
In the FieldSecurity table there are a few columns to note:
- FdSe_SecType
- FdSe_RecordID
- FdSe_Permissions
The field FdSE_SecType indicates the security type of the permission.
FdSE_SecType = 1 indicates that the security type is at the User level.
If this is the case then the field FdSE_RecordID will indicate the UserId of the User being restricted.
This query can be used to find the field level securities at the user level:
select * from FieldSecurity where FdSe_sectype = 1 and FdSE_recordID = <UserID>
FdSE_SecType = 2 indicates that the security type is at the Team level.
If this is the case then the field FdSE_RecordID will indicate the team id.
The team id is from the Channel table. The Table relationship is User.User_PrimaryChannelId = Channel.Chan_ChannelId
This query can be used to find the field level securities at the team level:
select * from FieldSecurity where FdSe_sectype = 2 and FdSE_recordID = (select User_PrimaryChannelId from users where User_UserId = <UserId>)
FdSE_SecType = 3 indicates that the security type is at the Security Profile level.
If this is the case then the field FdSE_RecordID will indicate the security Profile id.
The security Profile id is from the TerritoryProfiles table. The Table relationship is User. User_TerritoryProfile = TerritoryProfiles.TPro_ProfileID
This query can be used to find the field level securities at the Security Profile level:
select * from FieldSecurity where FdSe_sectype = 3 and FdSE_recordID = (select User_TerritoryProfile from users where User_UserId = <UserID>)
The FdSe_Permissions column indicates what security level is being applied:
FdSe_Permissions = 5 indicates Read Access is Allowed and Write access is Allowed and that the field is not required.
FdSe_Permissions = 21 indicates Read Access is Allowed and Write access is Allowed and that the field is required.
FdSe_Permissions = 10 indicates Read Access is Denied and Write access is denied and that the field is not required.
FdSe_Permissions = 9 indicates Read Access is Allowed and Write access is denied and that the field is not required.
With this information we can determine if a permission is restricting a user, team or profile.
If the Permission column is set to either 9 or 10 then it is being restricted.