By default, users have full access to the objects via the access methods specified in their user groups. If the implementation plans to implement additional levels or rules, then the Application Service must use Service Types. The Service Type definition allows additional tags to be attached to service definitions and then code written to detect and take advantage of the presence of the tag to limit security access to specific object data. For example, whether data is masked or not or some limit is placed on values of data.

See Defining Security Types in the online help provided with your service for information about managing security types.