Hi community,

Does anyone have a clue on how can I achieve the following?

Let's say I have an object called Record. This record object has multiple fields but I want to highlight just two:

• Access Type (Enumerated String: Open, Restricted)
• Viewers (User Multi-Select)

So the idea is that, if one of my records has the Access Type field set to Restricted, then just the users within the Viewers field should see the record.

I already tried to create a "Security Rule" for my Record object, but unfortunately didn't worked as I expected. This is the rule I created just as a reference:
Security: Restrict
Status: Enabled
Access Controls: [] Create, [x] Read, [x] Update, [x] Delete, [x] Associate
Formula:

(([Record].[Group].[Access Type] IN ('Restricted')) AND NOT(END_USER IN [Record].[Group].[Viewers]))

If you want just change who can see this record, so you can just assign "Read" in Security Rule. Another permissions like "create, associate" are gonna follow their Role Templates in the Folder they have access, of course, if they can, previously, se the record with the "Read" option.

The Security Rule for this is:

(([Record].[Group].[Access Type] IN ('Restricted')) AND (END_USER IN [Record].[Group].[Viewers]))

OR 

(([Record].[Group].[Access Type] IN ('Open'))

In this case if the User is in the field Viewers and the Record is Restricted, his access is granted, or, if the Record is Open, his access is granted.

(([Record].[Group].[Access Type] IN ('Restricted')) AND NOT(END_USER IN [Record].[Group].[Viewers]))