Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

IWP login and record access control

Cortical
in Other Internet Technologies

Featured Replies

IWP login and record access control

The FM database is accessed via IWP over the WAN. The (proposed) login is via external server authentication. The need is to restrict the logged in user to just their own record.

Clients (i.e. the user) login then access their own record in the Clients table. At no time should the logged in client, be permitted to access any other client's information.

Is it possible to pass the external server authentication credentials (username/password) into the FileMaker database? If so a script could be used to deliver just the single client record.

At the moment it seems as if a 2 stage login is inevitable. I am considering storing a database (i.e. record access) username and password in the client table,

e.g.

1. The user logs into the site using the external server authentication and is granted access to the database login page, as an authenticated member of the ESA group.

2. The user then enters name/pw (i.e. again; possibly a different name pw than the web login), and a find or go related is used to forward the user to their single record in the clients table.

With menu options disabled, and (possibly) the status area hidden, the user should not be able to 'leave' their own single record.

Is this a viable approach, or is there a more efficient way of achieving this.

  • Newbies

We authenticate externally and have a People table that has account name. You don't need the password. The login script uses get(accountname) and does a Find against the People table. Then, a global field, gPeople_ID is set. You could use it in relationships or to do Finds as part of a Go To Layout script.

I use the same method as stated above, the login script does a find with the account name, taking the user to his record. The user access doesn't allow him any method to navigate to another record.

Manuel

Instead of performing a find, would it be possible to use Privilege sets? If there is a field in the record that stores the username, you could allow access privileges to rows in a table based upon whether Get(AccountName) matches the contents of a field in that record.

Not sure if that provides any advantages over a scripted Find.

Create an account or sign in to comment

https://fmforums.com/topic/65574-iwp-login-and-record-access-control/
Go to topic listing

Similar Content

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.