Security framework

[Steve Wright]

I know this has been discussed time and time again but i am still unclear about what to do. Here is my setup.

I have a filemaker 7 database with various tables. Users should be grouped into teams and should only be able to view their teams work. There is also the possibility that i will include other databases at a later date. I therefore only want to enter the users and group data once.

My questions are as follows:

1. How do i limit access to a users group records using FINDS? I do not particularly want to display the 'greyed out layout no access'. However, i would like a user to be able to use the standard navigation and menu commands.

2. Do i have a separate security database that duplicates information to the other database(s)?

Can someone provide explain to me a 'real world' example of this in operation?

Sorry if this seems like going over old ground. I have read an awful lot on the forum but i still don't know where to start.

Thank you for your time

[Steve Wright]

This is a quick reply to my question. I have been doing a lot of playing around today and come up with a basic solution that may be of use to some beginners, although it does have a glitch that I will describe later.

Effectively what happens is that each record has a text field called project_users that contains all users that are able to access this record. Please note: that these user names must match account names that have been set up in the privileges part of the database.

Then go to Accounts & Privileges and the privelege sets tab. Create a privilege set called 'restricted access' and set the records field to custom privileges. I left layouts, value lists and scripts as view only.

I then made each tables view limited by the calculation

PatternCount ( project_users ; Get ( AccountName ) )

All others I made yes.

What this does is checks if the persons account name (i.e. what they have logged in as) equals a value entered in the field project_users. If it does, access is allowed.

If access is not allowed for a record the layout is displayed but with all data missing. What is good with this approach is that if you do a FIND and search for records it will only search those records that you have access to. That means that the found result will contain no inaccessible records. This makes navigating through your records a lot more efficient.

I have one little problem however. I have added a related table which is accessed through a portal. This table has the same privileges set, but uses the parent tables project_users field. Therefore, the calculation becomes

PatternCount ( test_security::project_users ; Get ( AccountName ) )

This all works fine. i can add records in the portal. However, when i put this database on my filemaker 7 server the portal fails to display any records.

I am confused.

I have included the file for people to pull apart...if they are interested. Access is by username of admin. Password is test.

test_security.zip