Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

Best Practice

UpNorth

By UpNorth
in Security Concepts

 Share

This topic is 5872 days old. Please don't post here. Open a new topic instead.

Recommended Posts

UpNorth Enthusiast

UpNorth

Posted
Posted

How would you create a database that displays only the records that match the users info. For example.... currently I have a script that says

case(get(currentuser) = "User A"; A; get(currentuser) = "User B"; B; ect....

Then I have a portal that pulls all the matching records depending if it's user A, B ect...

Well what if I wanted to make it so that an admin could manage by adding users and not have to go into the script.

I have a few idea's, for example what if I made records for each user and when they log in it only display's their record, but it doesn't seem very secure.

Any ideas are greatly appreciated.

Lisa

Vaughan Grand Master

Vaughan

Posted
Posted

This can be done with the record level access privileges.

Each record needs to have a field with the account name of the person that the record belongs to. When each person logs in, put their account name into a global field. The RLA calculation would be:

gAccountname = Acountname

This will ensure that users can only view information in their own records, everybody else's records display (or something similar).

Your idea of a record for each user could work out well. This record could be the person's home base for the solution. To make maintenance easier, it could be scripted so that the user record gets automatically created for new users too when they first log-in.

UpNorth Enthusiast

UpNorth

Posted
  • Author
Posted

Thank you very much. I wasn't for sure if my explanation made any sense, but obviously you are really good at deciphering these posts.

Thanks again.

Steven H. Blackwell Grand Master

Steven H. Blackwell

Posted
Posted

What Vaughan said, and you don't even have to use the global field. In the Privilege Set definition area just match the record ownser name field to Get(AccountName).

There are a few caveats to this, but it works very well. And it is one of the very best ways to protect records.

Steven

UpNorth Enthusiast

UpNorth

Posted
  • Author
Posted

My next step to ensure security is to go into the privilege set that you described. I currently have it setup to set a global field to get (accountname) at start up. Then I've created a relationship between the global field and the records account name, which again at startup it goes to the related record.... displaying only the users record, then the record has portals brining in all of the users info from other tables.

I have the status bar hidden, along with having the users log in via iwp. Once I define the privilege set, is there anything else I should do for best practice purposes.

Thanks again for all your help!!

Steven H. Blackwell Grand Master

Steven H. Blackwell

Posted
Posted

Then I've created a relationship between the global field and the records account name,

Not really needed. The RLA test will block users from seeing records they don't own.

Steven

This topic is 5872 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept