Rules

Use rules to limit user access to attributes, forms, programs, and relationships. Unlike policies, rules control access to these administrative objects regardless of the object type or state.

For more information, see MQL Command Reference: rule Command.

For example, a policy might allow all users in the Engineering group to modify the properties of Design Specification objects when the objects are in the Planning state. But you could create a rule to prevent those users from changing a particular attribute of Design Specifications, such as the Due Date. In such a case, Engineering group users would be unable to modify the Due Date attribute, no matter what type of object the attribute is attached to. For a explanation of how rules work with other objects that control access, see Determining Which Access Control to UseAccess Precedence.

When you create a rule, you define access using the three general categories used for assigning access in policies: public, owner, and user (specific person, group, role, or association). For a description of these categories, see User Categories and Hierarchies.

You can also include keys in rules to specify multiple access definitions for the same user. For more information, see Credentials Access in Policies and Rules.