Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Record Access Based On User Account - Concepts

GisMo
in Security Concepts

Featured Replies

Hi,

 

I have been heavily researching the record access based on the current logged in user account. 

 

In particular, I have been referencing these writeups:

 

http://help.filemaker.com/app/answers/detail/a_id/3402/~/limiting-access-by-record

and

http://fmforums.com/forum/topic/66177-possible-to-limit-record-access-based-on-username/ <- this one seems more appropriate

 

 

Anyway, a little about my database. It's a Sales and Inventory Management System. I have sales persons that manage their own customers and their orders, payments, shipments etc. When an order is flagged as ship, the warehouse can see the order and will prepare the shipment and pull it from inventory and whatnot. 

 

My main immediate concern is getting the sales person to their record own when they log in which has a portals to whatever they need. I don't want the sales rep to view other sales reps etc. Of course Admin will have access to all Sales Person records and their children.

 

So, based on the second link, I need a RecordOwner field which will match the User Account in my records. My question is, how deep do I go with this RecordOwner field? Do I need it in all tables? Or only in the Sales Person Table and then their related records are driven by foreign key relationships...

 

Also, I would like disable the status bar for these users because all of their control will be done from the layouts.

 

Just looking for some general feedback on this.

 

Thanks!

The most secure would be to have it in your child tables as well. However, if the users have no way to getting to the child records except via the portal, then you may be able to just have it on the parent. But again, if you want to be 100% sure then have the security on the child table as well.

 

 

Also see this recent post.

http://fmforums.com/forum/topic/88470-how-do-i-lock-editing-of-a-record-by-user

 

 

There should be examples on these forums as well.

Record level access should be at the data table level and should encompass all related records as well.  Remember there are many ways to view data.  The only way to protect the data is to control their access through the Privilege Set.  The User Interface is not part of the security schema.

 

Steven

  • 1 month later...
  • Newbies

i would like to appreciate you for sharing such a great info with us

Create an account or sign in to comment

https://fmforums.com/topic/88478-record-access-based-on-user-account-concepts/
Go to topic listing

Similar Content

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.