To avoid this heading down a path that will cause confusion, let me try and provide some insight into what is happening and you should find that all permutations of what you are getting, what folks remember, or when things might or might not be visible are explained.
If a field is assigned access to a group and YOU are a member of that group -- You will see the field AND you will see data in the field -- You can read the data and if the group is assigned change access, change the field (within licensing restrictions of course) If a field is assigned access to Public -- EVERYONE can see the field AND EVERYONE can see data in the field If a field has the "Allow any user to submit" option set -- REGARDLESS OF ANY GROUP ASSIGNMENT, EVERYONE can see the field (you have said that ANY user can submit data so they have to be able to see the field to submit things) -- Whether they can see data or not is dependent on other group settings if NO other groups are assigned, then there will be no data access but you can see the field If the Submitter, Assignee, Assignee Group, or the other implicit row level security groups are assigned any permission -- REGARDLESS OF ANY GROUP ASSIGNMENT, EVERYONE can see the field (you have said that if their group membership matches, they can see the data so that means they have to be able to see the field) -- Whether they can see data or not is dependent on the CONTENT of the field or fields on the form that match the groups assigned permissions So, if ANY of the following things are true, you can see the field: 1) You are a member of a group assigned permission 2) The field has "Allow any user to Submit" assigned 3) The field has any of the implicit groups assigned (Submitter, Assignee, Assignee Group, or the other 1000 row level security groups you can create) If NONE of these are true, you cannot see the field under any circumstances Once the field is visible, permissions control whether or not you can see the data in the field. So, just seeing the field does not mean that you can necessarily see data in the field. OR that you can see the data for all rows. You may be able to for some rows but not others because of row level security. In the different scenarios being discussed, the permission of the group is generally checked and it is found that the user doesn't have permission by an explicit group assignment. However, the "Allow any user to submit" or the use of implicit groups is generally not looked at and that is the source of why a field would be visible when not expected. If you look at all the items noted here, I think you will find that the field is visible or not and the data within it is visible or not consistently under the rules stated. I hope this helps stop confusion about the rules of field visibility. Doug Mueller -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Dwayne Martin Sent: Monday, April 07, 2008 6:29 AM To: arslist@ARSLIST.ORG Subject: User can see fields with no permissions Dear List, We have a permission group called "IT". We have a form with some fields that "IT" used to have permission to, but we have decided to remove those permissions. So I went into the Admin Tool and removed "IT" from the permission list in each field. But when a test user with only "IT" permissions opens the form he can still see all the fields. If he tries to change the data and save the form he gets, "ARERR [333] You have no access to field : [field name]", but with "no access" he shouldn't even be able to see the field. I cleared the cache, and made a cosmetic change, and the cosmetic change appears on the screen, so it isn't a caching issue. What is going on? (ARS 7.1, RH Linux server, Oracle 10.2 db) Dwayne Martin James Madison University _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"