Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

How to set up "individual" record access for different users / overlapping user groups?


This topic is 5189 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted

Hey,

This is about granularity and record access. It has turned out that the FileMaker solution I developed requires a more "individual" way of dealing with user rights.

The solution holds all sorts of "knowledge management" records (hints for other users, instructions, library entries, and so on). The records of the category "Library" can be viewed by everyone; records of the category "Division A" can be viewed only by the members of division A (same for B, C, D...) Some records cannot be viewed by freelancers, some can only be viewed by the record's creator himself. Many user groups overlap. As a matter of fact, I would like to go so far that every user who creates a record decides himself which groups can view his records.

So, I am looking for a suitable way of marking users and records.

For a while I've used a user table for this; but this turned out to be not the best solution. After all, FileMaker has to check for every record in the main table if the current user has the appropriate rights ticked in the related user table. Looking up this information makes the search-as-you-type very slow, so this is not an option. Furthermore, I know that user tables can be a little tricky, if not dangerous; as Steven Blackwell points out. I'd rather use FileMaker’s Accounts and Privileges settings to get things done. However, too complicated calculations slow the system down very much.

Has anybody an idea how to set up the desired settings?

Thank you very much :P

Mike

Posted

"As a matter of fact, I would like to go so far that every user who creates a record decides himself which groups can view his records."

Perhaps that's the key. If you let the user flag the record with which groups are allowed, and then define the RLA rule to support that.

Posted

Hello,

Thank you for your reply!

This is exactly where things are getting difficult.

Currently, I have a field in my main table called "RecordAccess". Those records that can only be viewed by members of the Group "001" get a "001" written in this field.

Then there is a field "RecordAccess_USR" in my user's table, too. If a user belongs to the group "001" he has "001" written in this field.

In Accounts and Preferences there is a condition that says that a record that is marked with 001 can only be viewed, if this here is true:

Case ( MainTable::RecordAccess = "001" ; MainTable_User::RecordAccess_USR = "001" ; 1 )

In words: If a record is marked with "001" in the field RecordAccess, then the result is only true, if the user has in his related User table also "001", otherwise it is false. For all other records (the ones without 001) the statement is always true.

This approach works, but it is not very fast.

Can you think of a better approach?

(I already was thinking of setting up individual preference sets per user...)

Posted

Your approach is close, but doesn't allow for each record to have multiple groups allowed to edit/view it. Additionally, your users are limited to membership in one group (is that OK?).

I see the need for two join tables. Users>Membership

When a user logins in, you can set their groups into a $$var, and the rla can use that to see if the record is accessible to them.

This topic is 5189 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.