**Source URL:** https://general.veevavault.dev/sitevault/mdl/component-types/atomicsecurity.md

# Atomicsecurity

**Class: ** `metadata`

Atomic security provides an additional layer of control by allowing you to configure security at the lifecycle state and/or assigned role level.

Learn about <a href="https://platform.veevavault.help/en/lr/30683#atomic_security" target="_blank">Atomic Security in Vault Help.</a>

| Attribute | Metadata | Description |
| --- | --- | --- |
| label | Type: StringRequiredMax length: 60 | UI-friendly string in the Vault’s base language. |
| active | Type: Boolean | Indicates whether the component is active. |
| object | Type: ComponentRequired | The Object the security applies to. For example, Object.country__v |
| object_lifecycle | Type: ComponentRequired | The Objectlifecycle the security applies to. For example, Objectlifecycle.general_lifecycle__c |
| state | Type: ComponentRequired | The Objectlifecyclestate of the Objectlifecycle the security applies to. For example, Objectlifecyclestate.active_state__c |

### Fieldsecurity {#fieldsecurity}

| Attribute | Metadata | Description |
| --- | --- | --- |
| label | Type: StringRequiredMax length: 60 | UI-friendly string in the Vault’s base language. |
| active | Type: Boolean | Indicates whether the component is active. |
| role | Type: ComponentRequired | The Objectlifecyclerole of the Objectlifecycle the security applies to. For example, Objectlifecyclerole.editor__v or Objectlifecyclerole.DEFAULT if specifying the default for all roles. |
| type | Type: EnumRequiredAllowed values:hide__vread__vedit__v | The type of permission to apply. |
| fields | Type: ComponentRequiredMulti-value | The fields to apply this permission to. |

### Objectcontrolsecurity {#objectcontrolsecurity}

| Attribute | Metadata | Description |
| --- | --- | --- |
| label | Type: StringRequiredMax length: 60 | UI-friendly string in the Vault’s base language. |
| active | Type: Boolean | Indicates whether the component is active. |
| role | Type: ComponentRequired | The Objectlifecyclerole of the Objectlifecycle the security applies to. For example, Objectlifecyclerole.editor__v or Objectlifecyclerole.DEFAULT if specifying the default for all roles. |
| type | Type: EnumRequiredAllowed values:hide__vview__v | The type of permission to apply. |
| object_controls | Type: ComponentRequiredMulti-value | The object control permissions to apply. Learn more about Object Control Permissions in Vault Help. |

### Actionsecurity {#actionsecurity}

| Attribute | Metadata | Description |
| --- | --- | --- |
| label | Type: StringRequiredMax length: 60 | UI-friendly string in the Vault’s base language. |
| active | Type: Boolean | Indicates whether the component is active. |
| role | Type: ComponentRequired | The Objectlifecyclerole of the Objectlifecycle the security applies to. For example, Objectlifecyclerole.editor__v or Objectlifecyclerole.DEFAULT if specifying the default for all roles. |
| type | Type: EnumRequiredAllowed values:hide__vview__vexecute__v | The type of permission to apply. |
| object_actions | Type: ComponentMulti-value | The Object level action(s) to apply this permission to. |
| lifecycle_actions | Type: ComponentMulti-value | The Lifecycle level action(s) to apply this permission to. |

### Workflowactionsecurity {#workflowactionsecurity}

| Attribute | Metadata | Description |
| --- | --- | --- |
| label | Type: StringRequiredMax length: 60 | UI-friendly string in the Vault’s base language. |
| active | Type: Boolean | Indicates whether the component is active. |
| role | Type: ComponentRequired | The Objectlifecyclerole of the Objectlifecycle the security applies to. For example, Objectlifecyclerole.editor__v or Objectlifecyclerole.DEFAULT if specifying the default for all roles. |
| type | Type: EnumRequiredAllowed values:hide__vexecute__v | The type of permission to apply. |
| workflow_actions | Type: EnumMulti-valueAllowed values:addparticipantscancelemailparticipantsremovecontentupdateworkflowduedate | The workflow action to apply. |
| workflow_task_actions | Type: EnumMulti-valueAllowed values:cancelreassignupdateduedate | The workflow task action to apply. |

### Relationshipsecurity {#relationshipsecurity}

| Attribute | Metadata | Description |
| --- | --- | --- |
| label | Type: StringRequiredMax length: 60 | UI-friendly string in the Vault’s base language. |
| active | Type: Boolean | Indicates whether the component is active. |
| role | Type: ComponentRequired | The Objectlifecyclerole of the Objectlifecycle the security applies to. For example, Objectlifecyclerole.editor__v or Objectlifecyclerole.DEFAULT if specifying the default for all roles. |
| type | Type: EnumRequiredAllowed values:read__vedit__v | The type of permission to apply. |
| document_fields | Type: ComponentMulti-value | Lists the object fields corresponding to the object-to-document inbound relationship on the specified object. |
| object_fields | Type: ComponentMulti-value | Lists the object fields corresponding to the object-to-object relationship on the specified object. |

### Supported Operations {#supported-operations}

| Operation | Support |
| --- | --- |
| Create | Yes |
| Recreate | Yes |
| Alter | Yes* |
| Drop | Yes |
| Rename | Yes |
| Describe | Yes |
| Generate Recreate | Yes |
| Queryable | No |
**Notes:**

<ul style="padding-left:1.5em;margin-top:0.5rem"><li>**Alter:** <span>MDL Operation may not be supported for some multi-value attributes.</span></li></ul>


---

**Previous:** [Appsecurityrule](/sitevault/mdl/component-types/appsecurityrule)  
**Next:** [Checklisttype](/sitevault/mdl/component-types/checklisttype)