Custom Privilege to set per record

Thomkas · September 15, 2008

Hey Guys---

I have been looking on the board and still no luck.

Hopeful someone can help me out [deadline approaching].

We have a solultion here, created a timesheet db for the Accountant here. with a layout with 150 relational fields with 4 critera and some calc fields. Each Record is Each Person in the Employee DB link as a Rec ID Staff (a number). All the Relationships are working correctly and all is working fine so far.

My Main issue though is creating a startup script that looks at the username login, if the login name is staff then limit all records but that user. using a find? or Privillage/ or both. I was also seeing if I need to set a $vars... not a clue. If anyone can help... I would Give Kudos

Bless to be Bllessed,

Thom

mr_vodka · September 15, 2008

Do an advanced search for +record +level +Access and there should be a few posts on this.

Thomkas · September 15, 2008

Thank you for the reply---

Much help is greatly appreciated! so using the Function: Get(RecordAccess)

do I need to create script for this. Can you explain little more about Record Level Access. For I have done a Adv. Search and could not find a clear understanding of it, Thanks For your Time

mr_vodka · September 16, 2008

Here I have created a quick sample file for you since I couldnt find a sample file to point you to.

Log on with the following account names to test:

Bob

Mary

John

All 3 have blank passwords.

You can also log in with the default Admin user account which also has a blank password.

keywords: Record Level Access

RecordLevelAccess.zip

Thomkas · September 16, 2008

Grandose---

Thank You SO MUCH!

Heres the Kudos [kudos here]

Take Care---

Thom

mr_vodka · January 28, 2009

Here is an updated version that kind of shows how one can have access to others' records as well. Of course you can tweak it to use IDs as well.

Only the admin has access to edit the second table.

RecordLevelAccess_Groups.zip

El_Pablo · February 16, 2009

Speaking of group access. What would be the best practice to control access to record for a group in which there can be many users?

Let say that there are three groups eastern, western and companyAdmin.

Eastern and Western groups cannot see data from each other.

companyAdmin group can see all the data from western and eastern.

Each group can have more than one person who are members.

How can we managed this in FM?

mr_vodka · February 17, 2009

You would have 3 privilege sets; eastern, western and companyAdmin. Each user would belong to one of these Priv sets. You have your records level access to be true if a field that captures the priv set = the logged in Priv set.

Here is an example of viewing records of those in your same priv set. It uses Men and Ladies as an example.

Log on with the following account names to test:

Admin

Bob

Mary

John

Karen

All have blank passwords.

[color:red]IMPORTANT!

NOTE: While creating this demo I believe I have found a MAJOR BUG. It seems as though there is an issue in FMPA10 with this (havent tested in FMP10). Although records level access using the account name still works fine in FM10, using the privilege set name has issues. It seems as though it doesnt evaluate properly for access. This is NOT an issue with prior verions ( tested on FM9 )

[color:red]UPDATE

It seems that it is a behavior change, not a bug per se.

KB 7161

RecordLevelAccess_PRIV_SET.zip

Rich Willis · February 17, 2009

I'm not sure I understand exactly what you mean. I tested in FMP8A, FMP9A and FMP10A, and all had the same response and results for me. I could not log in using anything other than the furnished names, and the restricted users didn't have Accounts and Priviledges access.

mr_vodka · February 17, 2009

No this is regarding record level access for each user; not regarding whether or not they had access to the Account and Privileges.

El_Pablo · February 17, 2009

Here's another scenario.

A database with some product sales that are located per states (NY, WI, CA, ...).

It is possible to subscribe to the database by states. A company could subscribe only to the sales that are in NY, while another would need all the New England states and another all the west coast state. Each company can only see the data they subscribed to.

Here's my idea :

- productSales (pkProductID,...fkStatesID)

- states(pkStateID,abbreviation, ...)

- rights(pkRightID,fkStateID,fkCompanyID,...)

- companies(pkCompanyID,name,...)

- employees(pkEmployeID,username, firstName,...fkCompanyID)

For the privilege on productSales, I only need to check if the employee's username is in the list of people who have the rights to use the data.


if (Position (list (employees::username); Get (AccountName);1;1);

   true; 

/*else*/

   false

)

What do you think of this solution?

Edited February 17, 2009 by Guest

El_Pablo · February 17, 2009

I guess the problem here would be at maintenance level and speed.

Edited February 17, 2009 by Guest

mr_vodka · March 19, 2010

This has now been addresses in FMP11 with Get ( AccountPrivilegeSetName ) so I updated the example.

-)

Accounts remain the same

Admin

Bob

Mary

John

Karen

All have blank passwords.

RecordLevelAccess_PRIV_SETv11.zip

Sign In

Custom Privilege to set per record

Recommended Posts

Thomkas

mr_vodka

Thomkas

mr_vodka

Thomkas

mr_vodka

El_Pablo

mr_vodka

Rich Willis

mr_vodka

El_Pablo

El_Pablo

mr_vodka

Create an account or sign in to comment

Create an account

Sign in

Browse

Site Support

Forums

Blogs

Marketplace

Activity

Important Information