The Client/Server Solution of fORM requires that all users of the database are defined and given access to the RDBMS. This function is RDBMS specific and not managed within the Client server product itself.

Access rights to the End User Models are controlled by the users network logon. To update any data held within the database the user must log on (providing a valid user-id and password to the RDBMS for verification). The user-id must also match an entry in the security tables within the application. If there is no match the login is rejected.

Internal security within fORM controls user access rights. The Client/Server Solution has a number of objects that can be assigned or removed from users, controlling what records users can see and what rights they have over those records, i.e. read-only or full read/write.

The System Administrator can assign user ownership to reviews and also delete entire reviews. They can add new users to the security tables and assign access rights to a review, a portion of a review, or to system functions such as security and system administration.

Users connect to the database through the End User Model and their access rights determine their particular view.