I’ve just delivered a solution to a client allowing them to control edit permissions in forms for tables on a record by record base.
The solution is heavily inspired by the existing record level security, hence the title of this post.
The feature is almost totally generic, as it has a hook into the document cursor method on SysSetupFormRun. But to be totally bulletproof (well as bulletproof as things get in the client UI) you must include a single statement in validateWrite and validateDelete on the tables you want covered.
To minimize the negative impact on performance, I interpret the query of the table setup to be covered by this, and if it is a simple query I don’t need to actually run the query to figure out the permissions. If I do need to run the query, I have some code adding everything I need to cover the unique index of the table.
And of course the permissions for each record is cached while the form is open.
Leave a comment if you want more information.