The main security implementation is currently under development (that will allow you to define users, roles, contexts, etc. within the application). However, the hooks for the security are currently implemented and in order to check field-level security, you must simply handle the CheckFieldSecurity event on a business object and set the appropriate values within the event arguments to enable/disable/make read-only the controls.Once the complete security implementation has been released, you will set a permission key on a business object's field and that permission key will be tested by the currently logged on user to determine whether the field can be accessed.