This is driving me crazy because I know I've done this before a couple of times... How would I use a relationship including a field calculation of Get ( AccountName ) equal to a field where a user's name is stored, to restrict the user to see only their records?

I already know about the alternative of using a privilege set restriction, but that's just plain ugly because the user can see other records, but with a "no access" message, at least until the initial find is executed.

Other than using a portal (which doesn't give us much freedom for reporting), I seem to remember using an intermediary table somehow, and also there was the issue of having no records throwing things off, so sometimes opting for a global field to hold the user name is better.

Has anyone else designed something like this, and what am I forgetting in putting it together? I remember it was design-intensive until it was written, but then it was great because it was all based on relationships that just worked, so we didn't have to adjust scripts & whatnot to keep users out of areas they shouldn't see.

Any input would be appreciated!

Thanks,

Pam

How would I use a relationship including a field calculation of Get ( AccountName ) equal to a field where a user's name is stored, to restrict the user to see only their records?

I assume you mean Get (AccountName) equals a field that contains the AccountName that created the record.

You can set a global to Get (AccountName) on startup and then gtrr from the global.

I already know about the alternative of using a privilege set restriction, but that's just plain ugly because the user can see other records, but with a "no access" message, at least until the initial find is executed.

Well, this is the only secure way to do it. Why not just do a find in a nav script? Any find, such as a "*" find will work.

This white paper discusses Viewer tables. I'm not a big fan, but maybe it's what you are remembering..

Thanks for your input, although I would appreciate hearing from someone who has done this via relationships!

The "relationships" method won;t stop users form being able to export the other records out, or linking to the database via another file and being able to see everything.

The relationships method is just interface: interface is painting lines on the ground to control where people can go. If you want real security you need to build walls. Record level access restrictions are walls.