Enabling
security at the item level affects runtime performance because it
disables page caching.Item level security is a mechanism which allows controlled and granular access to specific items in a given page or tab. Item level security authorizes item owners to grant explicit item access privileges to users and groups who would otherwise not be authorized.
By default, items inherit page or tab level security which means that only those users or groups who are authorized to access a given page or tab can access its items. If item level security is enabled for a page or tab, all items in the page or tab will initially use the security applied to the page or tab. That is, until item owners choose to grant explicit access on a given item to specific users and/or groups. For example, a user granted the View page-level (or tab-level) privilege would be authorized to edit the item if the item owner explicitly grants the Own Item or Manage Item item-level privilege to the user.
The Manage and Manage Content page-level privileges override item level security privileges. However, item level security takes precedence over other page-level privileges, such as Manage Style. If a user has the Manage Style privilege on a page, and (1) item level security is enabled for the page, and (2) item level access privileges have been defined for the items, the user can manage the items based on the item level privileges. Additionally, if a user has the View privilege on a page, all items on the page can be viewed provided that the items do not have the Own Item and Manage Item item-level privileges defined for them. In this case, the item level security privileges would take precedence over the View privilege on the page.
Enabling
security at the item level affects runtime performance because it
disables page caching.
Item level security is useful in the following cases:
Explicitly granting access to a specific item to a user or group who does not have any page or tab level privileges. This would grant the user or group access to the specific item, yet still restrict them from other items in the page or tab.
Restricting access to specific items in a page or tab to users or groups that have page level privileges. However, page group administrators, page owners, and users with the Manage or Manage Content page-level privileges, have privileges on the page that cannot be superseded by an item level privilege. For example, if a user has the Manage privilege at the page level but is not granted any item level privilege, this user is still authorized to manage the item regardless.
There is no relationship between item level security and item versioning. The latter feature enables users maintain multiple versions of the same item.
What is an item?
Enabling item level security
Granting access privileges to your item
Item privileges