C/SIDE does not apply record level security filters to user defined global and local variables. If your application contains complex forms that use variables to access tables containing sensitive data, the security filters that you set will not be applied to these variables. To ensure that users cannot access the sensitive data, you must modify the code that these forms contain.
By using security filters, you can ensure that a user can only post to a certain department, for example. For more information, see Applying Security Filters in a Posting Scenario. However, you should also use filters to ensure that the user can only read data from certain departments. The topics in this section describe how to limit a user's access to read data from other departments.