In addition to the user interface security, it is also possible to apply security rules at the data level—to the entity objects.

Applying data security is an additional security layer that you can use to protect, especially, important or sensitive data. Your page fragments should, of course, only display the information that each user is entitled to see, but if you add data security at the entity level, you have an additional layer of protection. In an enterprise application that might be changed by a maintenance programmer five years after the project was initially built, this helps ensure that someone doesn't accidentally make data available to users who shouldn't be able to see or change it.

Implementing entity object security is a two-step process. It is detailed as follows: