Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Custom Privilege to set per record

Thomkas
in Security Concepts

Featured Replies

  • Newbies

Hey Guys---

I have been looking on the board and still no luck.

Hopeful someone can help me out [deadline approaching].

We have a solultion here, created a timesheet db for the Accountant here. with a layout with 150 relational fields with 4 critera and some calc fields. Each Record is Each Person in the Employee DB link as a Rec ID Staff (a number). All the Relationships are working correctly and all is working fine so far.

My Main issue though is creating a startup script that looks at the username login, if the login name is staff then limit all records but that user. using a find? or Privillage/ or both. I was also seeing if I need to set a $vars... not a clue. If anyone can help... I would Give Kudos

Bless to be Bllessed,

Thom

Do an advanced search for +record +level +Access and there should be a few posts on this.

  • Author
  • Newbies

Thank you for the reply---

Much help is greatly appreciated! so using the Function: Get(RecordAccess)

do I need to create script for this. Can you explain little more about Record Level Access. For I have done a Adv. Search and could not find a clear understanding of it, Thanks For your Time

Here I have created a quick sample file for you since I couldnt find a sample file to point you to.

Log on with the following account names to test:

Bob

Mary

John

All 3 have blank passwords.

You can also log in with the default Admin user account which also has a blank password.

keywords: Record Level Access

RecordLevelAccess.zip

  • Author
  • Newbies

Grandose---

Thank You SO MUCH!

Heres the Kudos [kudos here]

Take Care---

Thom

  • 4 months later...

Here is an updated version that kind of shows how one can have access to others' records as well. Of course you can tweak it to use IDs as well.

Only the admin has access to edit the second table.

RecordLevelAccess_Groups.zip

  • 3 weeks later...

Speaking of group access. What would be the best practice to control access to record for a group in which there can be many users?

Let say that there are three groups eastern, western and companyAdmin.

Eastern and Western groups cannot see data from each other.

companyAdmin group can see all the data from western and eastern.

Each group can have more than one person who are members.

How can we managed this in FM?

You would have 3 privilege sets; eastern, western and companyAdmin. Each user would belong to one of these Priv sets. You have your records level access to be true if a field that captures the priv set = the logged in Priv set.

Here is an example of viewing records of those in your same priv set. It uses Men and Ladies as an example.

Log on with the following account names to test:

Admin

Bob

Mary

John

Karen

All have blank passwords.

[color:red]IMPORTANT!

NOTE: While creating this demo I believe I have found a MAJOR BUG. It seems as though there is an issue in FMPA10 with this (havent tested in FMP10). Although records level access using the account name still works fine in FM10, using the privilege set name has issues. It seems as though it doesnt evaluate properly for access. This is NOT an issue with prior verions ( tested on FM9 )

[color:red]UPDATE

It seems that it is a behavior change, not a bug per se.

KB 7161

RecordLevelAccess_PRIV_SET.zip

I'm not sure I understand exactly what you mean. I tested in FMP8A, FMP9A and FMP10A, and all had the same response and results for me. I could not log in using anything other than the furnished names, and the restricted users didn't have Accounts and Priviledges access.

No this is regarding record level access for each user; not regarding whether or not they had access to the Account and Privileges.

Here's another scenario.

A database with some product sales that are located per states (NY, WI, CA, ...).

It is possible to subscribe to the database by states. A company could subscribe only to the sales that are in NY, while another would need all the New England states and another all the west coast state. Each company can only see the data they subscribed to.

Here's my idea :

- productSales (pkProductID,...fkStatesID)

- states(pkStateID,abbreviation, ...)

- rights(pkRightID,fkStateID,fkCompanyID,...)

- companies(pkCompanyID,name,...)

- employees(pkEmployeID,username, firstName,...fkCompanyID)

For the privilege on productSales, I only need to check if the employee's username is in the list of people who have the rights to use the data.


if (Position (list (employees::username); Get (AccountName);1;1);

   true; 

/*else*/

   false

)

What do you think of this solution?

Edited by Guest

I guess the problem here would be at maintenance level and speed.

Edited by Guest

  • 1 year later...

This has now been addresses in FMP11 with Get ( AccountPrivilegeSetName ) so I updated the example.

:)-)

Accounts remain the same

Admin

Bob

Mary

John

Karen

All have blank passwords.

RecordLevelAccess_PRIV_SETv11.zip

Create an account or sign in to comment

https://fmforums.com/topic/62282-custom-privilege-to-set-per-record/
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.