Outgoing email messages, which can include the results of query actions, use AR System access control for forms and fields. If a user does not have access to the field or form being queried, the field and its contents are not included in the outgoing email message.
The email server uses the following criteria to define security for outgoing emails that contain query results:
An email sent to only one user can contain only data that the user has permission to view in the browser.
An email sent to more than one user can contain only data that the user with the most restricted permissions can view in the browser. For example, if an email is sent to both an administrator with full access permissions and to a user with only public access, only data allowed by public access are included in the email.
If the system locks a record by using the row-level access feature, the record is included only if all the email recipients have access to it.
If an email that includes query results is sent to a non-registered AR System user, the form and fields queried must have public access, and the AR System server must be configured to allow guest users.