Showing log in form for editing data.

[Mark Pastoril]

I have a portal,which i could add data, and i have a button in every data that the user can edit the data entered,but i want to set up a security before editing,it will show the account log in form before they can continue editing each data.

[Wim Decorte]

Why not do this up front?  Either the user is authorized to change the data or they are not.

When a user logs into the solution they are assigned a privilege set and the privilege set determines what they can and cannot do.  So by the time they get to your layout with the portal you already know if they should be able to edit or not.

 

[Mark Pastoril]

Thanks for the response sir,but for security purposes,with the setting /environment of our office/department we want to secure each data for making sure that the user that edits the data is allowed/is the user of the account that can have access for editing the billing data.

[Wim Decorte]

What you have in mind is not more secure than what I describe, in fact - based on the fact that you feel doing an authorization check at that particular moment - it may indicate that your security is not adequate.

FM's security schema is role-based.  If you define each user's role and set the privilege set accordingly then you do not need to force a re-authentication at the start of pieces of functionality.  Based on the priv set or the extended privilege bits you create your script would already know if the user is allowed to edit data or not.  And you can even use that in the hide conditions of buttons that start the edit.  But even if you leave the buttons visible, if the privileges are set correctly on the table itself the user will simply not be able to edit the data.

[Mark Pastoril]

Yes that's a very good point sir,but that's my supervisors request to have that kind of setting.

But i just wanna clear if this setting is applicable sir?

[comment]

12 minutes ago, Mark Pastoril said:

but that's my supervisors request to have that kind of setting.

It's not clear to me what exactly "this kind of setting" is. 

Suppose user John has an account named "John" that belongs to a privilege set named "Employees". If this privilege set allows the editing of the data in question, then John is already authorized to edit the data. If the privilege set does not allow it, then John would have to re-login using a different account with a different name, belonging to a different privilege set.

I don't think your supervisors would want each user to have two (or more) accounts. Not to mention that John could simply login to his "better" account from the beginning to avoid having to re-login later.

You can always force a user to re-login at some point (e.g. after a period of inactivity). But that does not change what they are allowed to do.

 

 

[Mark Pastoril]

Ok sir,i think i will discuss this situation to my supervisor later, and need to explain about the accounts privileges. Thanks for the very informative explanations sir.