The literature on physical database design in general, and on file segmentation in particular, typically ignores any consideration of data security and the cost to enforce it. If records can be physically designed so that all data elements in a given record type have identical security restrictions for a given user, then data element level security enforcement can be transformed into the less costly file level security enforcement for that user and rie. Similarly, if all record types have identical security restrictions, file based security might be sufficient. This paper extends an earlier model for file segmentation to include security considerations. The extended model embeds the security measures into the logical file structure and exploits a four category taxonomy of security restriction types. The model is used to generalize the interaction between element level selective security and physical database design.