I have a combination of security requirements that I can't seem to achieve. I need to have both 1 AND 2 apply to a particular user:
1. User can view ALL records, SOME layouts, and can only edit SOME fields.
2. User can edit ALL fields for SOME records. (Example: if the customer is ACME, the user can edit all fields; for all other records, the user can only edit some fields)
Between privilege sets and startup scripts, I have achieved either one of the two, but not both at the same time.
I hope this will fall into that category of "simple and clever solution" that I had not thought of.
Thanks to all!