From 98b776a8d1494a0d04fd7d1137646f5c58f8541f Mon Sep 17 00:00:00 2001
From: Allan Bowe <4420615+allanbowe@users.noreply.github.com>
Date: Fri, 20 May 2022 16:26:02 +0100
Subject: [PATCH] Update column-level-security.md

---
 docs/column-level-security.md | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/docs/column-level-security.md b/docs/column-level-security.md
index d463687..e0e677a 100644
--- a/docs/column-level-security.md
+++ b/docs/column-level-security.md
@@ -5,6 +5,9 @@ description: Column Level Security prevents end users from viewing or editing sp
 og_image:  https://docs.datacontroller.io/img/rls_table.png
 ---
 
+!!! warning
+    In development - coming soon!
+
 # Column Level Security
 
 Column level security is implemented by mapping _allowed_ columns to a list of SAS groups. In VIEW mode, only allowed columns are visible.  In EDIT mode, allowed columns are _editable_ - the remaining columns are read-only.
@@ -16,8 +19,8 @@ The variables in MPE_COLUMN_LEVEL_SECURITY should be configured as follows:
 ### CLS_SCOPE
 Determines whether the rule applies to the VIEW page, the EDIT page, or ALL pages.  
 
-- When applied to VIEW, then only the allowed columns are visible.
-- When applied to EDIT, then only the allowed columns are _editable_ (the remaining columns are read-only, and visible)
+- When applied to VIEW, then only allowed columns are _visible_
+- When applied to EDIT, then only allowed columns are _editable_ (the remaining columns are read-only, and visible).  Also, when CLS is applied in EDIT mode, the user will not be able to ADD or DELETE records.
 
 ### CLS_GROUP
 The SAS Group to which the rule applies.  The user could also be a member of a [DC group](/dcc-groups). 
@@ -50,13 +53,15 @@ Example values as follows:
 |VIEW|Group 1|MYLIB|MYDS|VAR_4|1|
 
 
-If a user is in Group 1, and viewing `MYLIB.MYDS` in EDIT mode, all columns will be visible but only the following columns will be editable:
+If a user is in Group 1, and viewing `MYLIB.MYDS` in EDIT mode, **all** columns will be visible but only the following columns will be editable:
 
 * VAR_1
 * VAR_2
 
-If the user is in both Group 1 AND Group 2, viewing `MYLIB.MYDS` in VIEW mode, only the following columns will be visible:
+The user will be unable to add or delete rows.
+
+If the user is in both Group 1 AND Group 2, viewing `MYLIB.MYDS` in VIEW mode, **only** the following columns will be visible:
 
 * VAR_2
 * VAR_3
-* VAR_4
\ No newline at end of file
+* VAR_4