Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

Cascading security question

DownhillRacer

By DownhillRacer
in Security Concepts

 Share

This topic is 7872 days old. Please don't post here. Open a new topic instead.

Recommended Posts

DownhillRacer Rookie

DownhillRacer

Posted
Posted

I would like to give users access to a set of databases based on a profile. For example: a European user has edit rights on all European records but has read only rights on all non-European records. And to make a little more challenging this user should have no access to Australian records. It should also be possible to restrict access to layouts which display certain fields.

I figured out I need something like this set of db's: Users, Profiles (stores access to which layouts), User_Profile (stores region and links users & profiles 1:m), and for example Orders and Order_Items. If each user would have just 1 profile I can get it done. What I have not figured out is how to get the example to work. In the end this user should be able to add records for Europe and browse the database and see all records except for the Australian records.

Any suggestion will be appreciated. TIA.

LiveOak Grand Master

LiveOak

Posted
Posted

A couple of points here. It is popular and convenient to create separate login and privilege files outside of FM built in security. You must however heed the warnings from Steven H. Blackwell (see Steven's articles on database security in FileMaker Advisor magazine) about such systems. Everything outside of FM systems, login files, etc. is a potential hole and weakens security.

I would use FM's built-in record level security to set record level privileges (Browsing, Editing, Deleting) based upon Status(CurrentGroups) and set Groups based upon passwords. Access to layouts and individual fields can be controlled by Group. The ability to create records can be controlled by Password.

Before I created too many outside security files, I would thoroughly read and understand and experiment with FM's built in security features.

-bd

DownhillRacer Rookie

DownhillRacer

Posted
  • Author
Posted

Points well taken.

I would like to use built-in security, but for my application I see two problems:

- record level access is based on dynamic criteria.

- I do not want to give a user access to entire database, just so he/she can add and delete users. Can't do it myself.

This topic is 7872 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept