Attribute Security Filters and Record Security Filters determine which of a repository's attributes and records may be read or edited. Defining security for a repository consists of granting access permissions to user groups for the records and attributes the security filters have made available for reading and editing.
Attribute security filters list which attributes are available to be read or edited. If a repository's security settings do not specify an attribute security filter, the default filter will be used and no attributes will be visible – no users will be able to see any data in that repository.
Record security filters return only the records that match their search conditions. The use of record security filters is optional. If a record security filter is not applied, the default record security filter returns all records.
Repository security consists of defining for the set of records the record security filter returns, and the attributes made visible by an attribute security filter, what access permissions are assigned to particular user groups.
Security for profiles, code sets, hierarchies, and taxonomies does not use attribute and record security filters. User groups are directly assigned permissions.