Restricting record access

[Calantha]

Hello,

Is it possible (I've tried many privilege combinations attempting to achieve this) to allow a user to login in with an account which only allows them to:

create a new record (for themselves)

& modify that record

but not:

view any other records

or modify any other records

Any idea?

[Steven H. Blackwell]

This is called Record level Access (RLA). Include a field--call it RecOwner for example--that auto-enters the Account Name on creation.

Then for view records set the Boolen to be something such as this:

(Exact; Lower(GetAccountName); Lower (RecOwner))

The Lower function deals with the case insensitivity of Account Names.

This will result in a user being able to see only those record that he or she created. You set a similar condition for modify, delete, etc.

HTH

Steven

[Rushhour]

Hi Steven

I am on industry attachment and my first time doing with filemaker. My boss wanted what the topic stated to restrict access, but after reading up the forum.

Quote from John

"The second way you can do this is to create a global calc field that stores the user's name. Then when the person goes to the layout with only his records, you can have it show only his related records (relationship gcUserName = RecordCreator). This way it will not show all the records, but only show the ones that he has created. "

I still do not understand how to do the script and how it works. And what both of you said are different.

Really in need of help.

Thanks a lot

Kelvin

[Steven H. Blackwell]

I don't know who "John" is, but I would not use the method he describes. A simple Show All Records will reveal all the other people's records as well.

Stick to Record Level Access.

Steven

[SiberPhrek]

I did what you said in terms of setting the Boolean for View, but i have a problem when a user clicks on an area that's not a field, all the fields lock and say "no access" how can i fix that?

Justin

[Rushhour]

Hi Steven sorry im still new to filemaker.

"Then for view records set the Boolen to be something such as this:

(Exact; Lower(GetAccountName); Lower (RecOwner))"

I dun understand what you mean, where should i put this line of code in? how to do it? How to set the boolean and I tried to put it in "if" function but failed. Sorry im a novice.

And you mean i need to have this field in all the relavant layouts if i wish to limit access level?

Thanks a lot..

Kelvin

Edited November 24, 2005 by Guest

[Steven H. Blackwell]

The <> badge is what is displayed if a user's privileges do not allow him or her to access or to see the field in question.

Steven

[Steven H. Blackwell]

The calculation goes in the Define Accounts & Privileges Section in the Define Privilege Set area. Look for the area that allows for the defining of privileges to create, edit, delete records.

Steven

[Rushhour]

Hi Steven

I had solved it thanks a lot..

I got 1 more question.. normally when a user login, system will bring user to last system record. How to actually bring user to his/her last record instead of system last record.

I put it in my 'startup' script, feel that the coding should be similar but i just can't get it works. Sorry as im still new to fm..

Help will be really appreciated..

Thanks a lot..

Kelvin

[Steven H. Blackwell]

Try a Go To Related Record based on the Account Name of the record owner. Then go to the last record in that found set, if that's what you're trying to do.

Please see the post I made about Unsderstanding FileMaker Security. it has some additional references in it.

Steven

[Rushhour]

Hi Steven,

I do a layout name by calculation:

Exact( Lower(Get(AccountName)); Lower ("RecordOwner"))

but it still shows me the last system record.. Can someone help me with it..

Thanks a lot..

Kelvin

[Rushhour]

Hi..

Can anyone help me with this..?

Thanks a lot..

Kelvin

[Steven H. Blackwell]

This calculation is for restricting record level access, not layout access.

That said, if you want to go to the first record, script that step as part of the process. Go To Record [first].

HTH

Steven

[Rushhour]

Hi Steven

My 'Exact( Lower(Get(AccountName)); Lower ("RecordOwner"))' are used in define account and privileges so users are only able to view their own records.

But this only working when i doing a 'find'. It will only shows that user records like what i wanted.

But in 'browse', it shows system last record which means record may not belong to that user, but all fields are stated no access. This user able to do 'previous' and 'next' record which will also be showing those 'no access' records.

But my boss hopes to only see user records and its last record upon login.

I was thinking can i do 'perform find' by user in the script, therefore when i go to that form layout it will only give me the user records. I tried working on it but failed.

Help needed...

Thanks a lot...

Kelvin

[Steven H. Blackwell]

You have to lock down the UI to prevent the user from acting in the manner you describe, e.g. back and forward buttons. You may need to bring in an experienced developer to assist with this project ifyou are new to use of the products.

Alternatively, you may want to sign up for a training course or two. Check Osborne's site at www.filemakerpros.com

HTH

Steven

[Rushhour]

Hi all

I managed to come up with a solution but with a tiny problem

Go to record[First]

Loop

If[RecordOwner = Get(AccountName)]

Omit Record

End If

Go to Record[Next]

Exit Loop If[Get(RecordNumber)=?]

End Loop

Show Omitted Only

Under the ?, if i put 25, it will access from first 25 of the records, but i wish to loop till the last record. But i can't figure it out what should i put in my calculation.

Can someone help me with this..

Thanks a lot

Kelvin

[Rushhour]

Hi

reliased some problem, even when i put end loop if = 25, i like having 7 staff records but only shows 4..

Help greatly needed..

Can someone help me look into it..

Really thanks a lot..

Kelvin

[mf]

This is how I resolved not showing records:

In the data table I created a calculated field (result 1 or 0) that determines the limitation I want to implement (in your case is the record owner the same as the user logged in)

In "Define Accounts & Privileges", create a new Privilege Set, in the Data Access and Design, create Custom privileges: for the table containing the records I want to limit access, I edited "set view" and "limited..." I only entered the calculated field I created earlier.

Then create a script to execute before showing the layout where you do a find using the calculated field.

Finally, make sure your users are assigned to the new Privilege set.

Whether you browse or you do a find, only the allowed records will be shown.

[Adam M.]

On the Go To Record [Next] line of your script, check the "Exit after last" box. Get rid of the Exit Loop If line.

[JudyJack]

Help me out a bit more... I have 8 schools, each with a location number. I have 350 records (each a teacher's appraisal report) that are divided into those 3 schools. I want the principals, at login, to browse and modify ONLy the records from their campus without seeing a bunch of records. How would you do that?

[Adam M.]

I'm not sure if this is the best way, but I did something similar for mine. When you login in to the file, you are taken to an opening screen.

When you click continue on this opening screen, it runs a script with the line

Set Field [zCurrentUser ; Get(AccountName)].

zCurrentUser is a global field on a table used just for that called zGlobal. It is related to a zUsers table that contains all of the details for the users of the database (first and last name, username, password, etc.) The zUsers table is then related to a table called Classes.

After the user clicks continue, there is a view classes button that opens up the classes layout by the script line Go To Related Record. This way the user only sees their classes. You could do something similar. Just relate your users table to your schools table by a userID that you put on each school record for the principal.

Like I said, I'm not sure that this is the best way. I'm fairly new to Filemaker.