{{tag>Index Action Action_List Business_Object Business_Rule Attribute}} 
====== PROTECT ======

This action protects a business object or its attribute from access by all or specified users. There are several variations of this action:

===== Syntax =====

  * [ ''READ'' ] ''PROTECT'' [ ''IN FORMS'' ] AttributeIdentifier () ''FROM'' Identifier () ( ''AND'' Identifier ())* 

protects business object or attribute from access by users operating at the specified access level(s)

  * ''PROTECT'' AttributeIdentifier () ''FROM ALL'' 

protects business object or attribute from all users

  * ''PROTECT'' AttributeIdentifier () ''FROM ALL EXCEPT'' Identifier () ( ''AND'' Identifier ())* 

protects business object or attribute from all users except those operating at the specified access level(s)

===== Example =====

<code aim>IF Transaction.State='APPLIED' THEN 
  PROTECT Transaction FROM ALL </code> do not allow any changes to a transaction if it is in the Applied state
<code aim>IF Transaction.State='APPLIED' THEN 
  PROTECT Transaction FROM ALL EXCEPT Administrator </code>
<code aim>IF Account.State='CLOSED' THEN 
  PROTECT Account.Name FROM User </code>

If an attribute of a business object is protected it is read-only on forms of this business object. If the entire object is protected all its attributes are read-only.

Notes:

  * By default protection applies not only to changes done via the user interface, but also to changes done by a process. It is possible to distinguish between these two situations by specifying System as access level, for example:

<code aim>IF Account.STATE <> 'NEW' THEN 
  PROTECT Account.Balance FROM ALL EXCEPT System  </code>

In this case users will not be able to change the account balance when the state of the account is not new, however, it is possible to configure process rules that change the account balance.

  * Protecting attributes of referred objects is not allowed, for example the action 
<code aim>PROTECT Transaction.Account.State FROM ALL </code> is invalid.
  * The action can only be used in rules attached to a business object to be protected. The action may not be used in a process.
  * ''IN FORMS'' key may be specified to indicate that the action only applies in forms, but not in queries (this can speed up performance of queries on the object that owns the rules
  * The action specified in the format described above protects against changes to a business object or its attribute (“write protection”). If “read protection” is required, the ''READ'' prefix should be added in front of the action. For example,

<code aim>IF Transaction.State='APPLIED' THEN 
  READ PROTECT Transaction FROM ALL </code>

When a business object is “read protected” the instances that match protection condition will not be read from the system. If an attribute is “read protected” its value will not be visible on any forms and cannot be changed.