Hi everyone

I am currently trying to work out an access privilege scheme for a medium sized DB project.

There is a number of user accounts. By means of DB tables the corresponding account names are attributed to usergroups (tables [color:green]Users and [color:green]UserGroups). These usergroups are then attributed via an m:n relationship (intermediate table [color:green]WriteAccess) to another table with sensitive data. (table [color:green]SensitiveData)

See the simple DB scheme attached...

The idea is that I use the calculation dialog box available for limited custom record privileges to decide whether a user gets write access to the sensitive data.

Personally, I can't find a way to implement this. Can anyone either confirm that I am asking too much of FM or give me a hint of how to code this?

Any help would be highly appreciated.

Here's what I would like to do in pseudo code:

find

  all records of "Get (AccountName)"

  within UserGroups

find

  the corresponding Groups

  via the found set of UserGroups

find

  the Groups attributed to the current item

  within SensitiveData

if

  any of Groups attributed to the item in SensitiveData

  is identical to

  any of the Groups attributed to "Get (AccountName)"

allow write access

Using a DBMS where you can write SQL code directly this would result in a rather deeply nested WHERE ... IN (...) statement.

Thanks in advance for any comments from those among you who have experience with the capabilities and limitations of the FM custom record privileges.

Cheers,

Shepherd

Have you found a solution, for this.