Jump to content

Restricting record access


Calantha

This topic is 6618 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Hello,

Is it possible (I've tried many privilege combinations attempting to achieve this) to allow a user to login in with an account which only allows them to:

create a new record (for themselves)

& modify that record

but not:

view any other records

or modify any other records

Any idea?

Link to comment
Share on other sites

This is called Record level Access (RLA). Include a field--call it RecOwner for example--that auto-enters the Account Name on creation.

Then for view records set the Boolen to be something such as this:

(Exact; Lower(GetAccountName); Lower (RecOwner))

The Lower function deals with the case insensitivity of Account Names.

This will result in a user being able to see only those record that he or she created. You set a similar condition for modify, delete, etc.

HTH

Steven

Link to comment
Share on other sites

  • 1 month later...

Hi Steven

I am on industry attachment and my first time doing with filemaker. My boss wanted what the topic stated to restrict access, but after reading up the forum.

Quote from John

"The second way you can do this is to create a global calc field that stores the user's name. Then when the person goes to the layout with only his records, you can have it show only his related records (relationship gcUserName = RecordCreator). This way it will not show all the records, but only show the ones that he has created. "

I still do not understand how to do the script and how it works. And what both of you said are different.

Really in need of help.

Thanks a lot

Kelvin

Link to comment
Share on other sites

Hi Steven sorry im still new to filemaker.

"Then for view records set the Boolen to be something such as this:

(Exact; Lower(GetAccountName); Lower (RecOwner))"

I dun understand what you mean, where should i put this line of code in? how to do it? How to set the boolean and I tried to put it in "if" function but failed. Sorry im a novice.

And you mean i need to have this field in all the relavant layouts if i wish to limit access level?

Thanks a lot..

Kelvin

Edited by Guest
Link to comment
Share on other sites

Hi Steven

I had solved it thanks a lot..

I got 1 more question.. normally when a user login, system will bring user to last system record. How to actually bring user to his/her last record instead of system last record.

I put it in my 'startup' script, feel that the coding should be similar but i just can't get it works. Sorry as im still new to fm..

Help will be really appreciated..

Thanks a lot..

Kelvin

Link to comment
Share on other sites

Try a Go To Related Record based on the Account Name of the record owner. Then go to the last record in that found set, if that's what you're trying to do.

Please see the post I made about Unsderstanding FileMaker Security. it has some additional references in it.

Steven

Link to comment
Share on other sites

Hi Steven

My 'Exact( Lower(Get(AccountName)); Lower ("RecordOwner"))' are used in define account and privileges so users are only able to view their own records.

But this only working when i doing a 'find'. It will only shows that user records like what i wanted.

But in 'browse', it shows system last record which means record may not belong to that user, but all fields are stated no access. This user able to do 'previous' and 'next' record which will also be showing those 'no access' records.

But my boss hopes to only see user records and its last record upon login.

I was thinking can i do 'perform find' by user in the script, therefore when i go to that form layout it will only give me the user records. I tried working on it but failed.

Help needed...

Thanks a lot...

Kelvin

Link to comment
Share on other sites

You have to lock down the UI to prevent the user from acting in the manner you describe, e.g. back and forward buttons. You may need to bring in an experienced developer to assist with this project ifyou are new to use of the products.

Alternatively, you may want to sign up for a training course or two. Check Osborne's site at www.filemakerpros.com

HTH

Steven

Link to comment
Share on other sites

Hi all

I managed to come up with a solution but with a tiny problem

Go to record[First]

Loop

If[RecordOwner = Get(AccountName)]

Omit Record

End If

Go to Record[Next]

Exit Loop If[Get(RecordNumber)=?]

End Loop

Show Omitted Only

Under the ?, if i put 25, it will access from first 25 of the records, but i wish to loop till the last record. But i can't figure it out what should i put in my calculation.

Can someone help me with this..

Thanks a lot

Kelvin

Link to comment
Share on other sites

  • 5 weeks later...

This is how I resolved not showing records:

In the data table I created a calculated field (result 1 or 0) that determines the limitation I want to implement (in your case is the record owner the same as the user logged in)

In "Define Accounts & Privileges", create a new Privilege Set, in the Data Access and Design, create Custom privileges: for the table containing the records I want to limit access, I edited "set view" and "limited..." I only entered the calculated field I created earlier.

Then create a script to execute before showing the layout where you do a find using the calculated field.

Finally, make sure your users are assigned to the new Privilege set.

Whether you browse or you do a find, only the allowed records will be shown.

Link to comment
Share on other sites

  • 4 weeks later...
  • Newbies

Help me out a bit more... I have 8 schools, each with a location number. I have 350 records (each a teacher's appraisal report) that are divided into those 3 schools. I want the principals, at login, to browse and modify ONLy the records from their campus without seeing a bunch of records. How would you do that?

Link to comment
Share on other sites

I'm not sure if this is the best way, but I did something similar for mine. When you login in to the file, you are taken to an opening screen.

When you click continue on this opening screen, it runs a script with the line

Set Field [zCurrentUser ; Get(AccountName)].

zCurrentUser is a global field on a table used just for that called zGlobal. It is related to a zUsers table that contains all of the details for the users of the database (first and last name, username, password, etc.) The zUsers table is then related to a table called Classes.

After the user clicks continue, there is a view classes button that opens up the classes layout by the script line Go To Related Record. This way the user only sees their classes. You could do something similar. Just relate your users table to your schools table by a userID that you put on each school record for the principal.

Like I said, I'm not sure that this is the best way. I'm fairly new to Filemaker.

Link to comment
Share on other sites

This topic is 6618 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.