Non-password account has precedent over password account?

[erostratus]

Hello all,

I have a database that has a data-entry-only account that is used for submitting web forms using CWP. No problems here. Users can freely browse to this web page and submit a form (for a job posting), and there is no need for a username/password.

Part of the data that gets submitted from this form turns into a job listing that only certain users can look at. What this means is that when the data is submitted, anyone (a company) can do it, but when a user (a job seeker) wants to view the same data, they need a username and password.

Herein lies the problem for me. We want the data entry to remain free of logins. If a user clicks on the link to browse the records, instead of asking for a username/password, it just pulls up a page of zero records (which means that the data entry account is being activated, and since it has no browse privilege, no records are shown).

I thought I could remedy this by duplicating the table, then changing access privileges so the data entry account has access to one table only, and the browse account has access to a different table. Despite calling (in the URL even) the browse table, the web browser still pulls up zero records and does not ask for a username/password.

The only way I have been able to make it work is to require a username/password for the data entry account. So my question is this: Can you have an anonymous access data entry account and a password-protected browse account in the same database?

Thanks so much for your help!

Matt

[Steven H. Blackwell]

Can you have an anonymous access data entry account and a password-protected browse account in the same database?

Yes. It works very differently for Custom Web Publishing than for Instant Web Publishing. Which way do you want users to access the file?

Steven

[erostratus]

Via CWP (I hope I understand your question correctly). Basically, the web form gets submitted using the [Guest] account, which has a modified [Data Entry Only] privilege set (as it must be able to read value lists). This form has about 60 fields.

When a user browses that same record, this time as a job listing, he sees about 40 of the 60 fields. But I want him to have to use a username/password to access these same records.

So: Creating record = anonymous. Viewing same record = username/password.

Any thoughts?

Thanks!

[Steven H. Blackwell]

Try submitting credentials as hidden field values for the guest access. For the credentialed users, have them access through a separate UI file that shows the required data and that calls the basic HTTP authentication dialog that CWP presents.

This is usually accomplish by a query file in the xsl format stored on the server.

This is not a 100 percent secure solution for anyone who understands XML and XSLT, but it will work reasonably well.

As an alternative you could have the credentialed user come in through IWP.

Steven