Define restrictions with a restriction declaration.

All values are optional.

restriction example:restriction:sensitive-attributes
    title: Sensitive Attributes
    restrict-type std:type:person
    restrict-if-label example:label:sensitive-information
    label-unrestricted example:label:can-view-sensitive-information
    attribute-restricted example:attribute:record-identifier
    attribute-read-only example:attribute:notes


Name of the restriction, for display in System Management.


Zero or more types to which this Restriction applies. If none specified, this Restriction applies to all types.

Restrictions are always applied to root types, even if you specify a sub-type.


Zero or more labels which define which objects this Restriction applies. If any labels are specified, an object must have at least one of those labels for the Restriction to apply.


Zero or more labels which ‘lift’ the restriction for a subset of users.

If a user ‘has’ these labels, specified with the hUserAttributeRestrictionLabels or hObjectAttributeRestrictionLabelsForUser hooks, then the restriction does not apply.


Attributes which should be restricted, and not shown to any users except when explicitly permitted.


Attributes which should be read only, unless the user is explicitly permitted to edit them.