Best Practice

[UpNorth]

How would you create a database that displays only the records that match the users info. For example.... currently I have a script that says

case(get(currentuser) = "User A"; A; get(currentuser) = "User B"; B; ect....

Then I have a portal that pulls all the matching records depending if it's user A, B ect...

Well what if I wanted to make it so that an admin could manage by adding users and not have to go into the script.

I have a few idea's, for example what if I made records for each user and when they log in it only display's their record, but it doesn't seem very secure.

Any ideas are greatly appreciated.

Lisa

[Vaughan]

This can be done with the record level access privileges.

Each record needs to have a field with the account name of the person that the record belongs to. When each person logs in, put their account name into a global field. The RLA calculation would be:

gAccountname = Acountname

This will ensure that users can only view information in their own records, everybody else's records display (or something similar).

Your idea of a record for each user could work out well. This record could be the person's home base for the solution. To make maintenance easier, it could be scripted so that the user record gets automatically created for new users too when they first log-in.

[UpNorth]

Thank you very much. I wasn't for sure if my explanation made any sense, but obviously you are really good at deciphering these posts.

Thanks again.

[Steven H. Blackwell]

What Vaughan said, and you don't even have to use the global field. In the Privilege Set definition area just match the record ownser name field to Get(AccountName).

There are a few caveats to this, but it works very well. And it is one of the very best ways to protect records.

Steven

[UpNorth]

My next step to ensure security is to go into the privilege set that you described. I currently have it setup to set a global field to get (accountname) at start up. Then I've created a relationship between the global field and the records account name, which again at startup it goes to the related record.... displaying only the users record, then the record has portals brining in all of the users info from other tables.

I have the status bar hidden, along with having the users log in via iwp. Once I define the privilege set, is there anything else I should do for best practice purposes.

Thanks again for all your help!!

[Steven H. Blackwell]

Then I've created a relationship between the global field and the records account name,

Not really needed. The RLA test will block users from seeing records they don't own.

Steven