Rule search order The system is aware of the instance object hierarchy when it tries to identify a security rule to apply to a particular entity in the contextual security model. The search order for a field level rule is: explicit rule on self explicit rule on field in parent ... until parent does not contain field wildcard rule on self wildcard rule on field in parent ... until parent doesn't contain field Example: Given incident.number Search is: incident.number task.number *.number incident.* task.* *.* Precedence between Row and Field Level Rules What happens if a row level rule and a field level rule are in conflict? Perhaps my row level field indicates that I shouldn't be able to write to a particular row, but the field level rule indicates I do have write access? In a nutshell, both rules must be met before an operation is allowed. So, given a row level rule on incident, and a field level rule on incident.number, access to the number field would be allowed only if both rules evaluated to true. Multiple Rules at the Same Level What if the system, for example, finds two rules for incident.number? The system evaluates both rules and if either is true, then the requested access is allowed.