Scenario: Security by job function
Applies to: 
All auditors on the same team have the same profile, role template, and security context points. However, each auditor can have a different function for each audit. As an administrator, you want more flexibility in the way you apply security at the field level for each auditor.
An auditor can have a different job function on different audits. For example, in Audit A, Jim is the lead auditor and can edit more fields than the other auditors.
| Auditors | Job function | Permissions |
|---|---|---|
|
Jim |
Lead (In-charge) |
Jim can edit the Audit A instance of the Audit object and its descendants, Audit Sections, and Audit Workpapers. Jim's access controls are Create, Read, Update, and Associate. |
|
Susan |
Field |
Susan can read and update specific areas of the Audit Sections and Audit Workpapers in the Audit A instance. Susan's access controls are Read and Update for these areas. |
|
Ellen |
Field |
Ellen can read and update specific areas of the Audit Sections and Audit Workpapers in the Audit A instance. Ellen's access controls are Read and Update for these areas. |
However, in Audit B, Susan is the lead auditor while Jim is a field auditor.
| Auditors | Job function | Permissions |
|---|---|---|
|
Susan |
Lead (In-charge) |
Susan can edit the Audit B instance of the Audit object and its descendants, Audit Sections, and Audit Workpapers. Susan's access controls are Create, Read, Update, and Associate. |
|
Jim |
Field |
Jim can read and update specific areas of the Audit Sections and Audit Workpapers in the Audit B instance. Jim's access controls are Read and Update for these areas. |
|
Ellen |
Not involved in this audit |
Ellen has no access controls set for her. |