Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Best Practice

UpNorth
in Security Concepts

Featured Replies

How would you create a database that displays only the records that match the users info. For example.... currently I have a script that says

case(get(currentuser) = "User A"; A; get(currentuser) = "User B"; B; ect....

Then I have a portal that pulls all the matching records depending if it's user A, B ect...

Well what if I wanted to make it so that an admin could manage by adding users and not have to go into the script.

I have a few idea's, for example what if I made records for each user and when they log in it only display's their record, but it doesn't seem very secure.

Any ideas are greatly appreciated.

Lisa

This can be done with the record level access privileges.

Each record needs to have a field with the account name of the person that the record belongs to. When each person logs in, put their account name into a global field. The RLA calculation would be:

gAccountname = Acountname

This will ensure that users can only view information in their own records, everybody else's records display (or something similar).

Your idea of a record for each user could work out well. This record could be the person's home base for the solution. To make maintenance easier, it could be scripted so that the user record gets automatically created for new users too when they first log-in.

  • Author

Thank you very much. I wasn't for sure if my explanation made any sense, but obviously you are really good at deciphering these posts.

Thanks again.

What Vaughan said, and you don't even have to use the global field. In the Privilege Set definition area just match the record ownser name field to Get(AccountName).

There are a few caveats to this, but it works very well. And it is one of the very best ways to protect records.

Steven

  • Author

My next step to ensure security is to go into the privilege set that you described. I currently have it setup to set a global field to get (accountname) at start up. Then I've created a relationship between the global field and the records account name, which again at startup it goes to the related record.... displaying only the users record, then the record has portals brining in all of the users info from other tables.

I have the status bar hidden, along with having the users log in via iwp. Once I define the privilege set, is there anything else I should do for best practice purposes.

Thanks again for all your help!!

Then I've created a relationship between the global field and the records account name,

Not really needed. The RLA test will block users from seeing records they don't own.

Steven

Create an account or sign in to comment

https://fmforums.com/topic/63016-best-practice/
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.