Jump to content
Server Maintenance This Week. ×

Record Access Based On User Account - Concepts

GisMo

By GisMo
in Security Concepts

 Share

This topic is 3949 days old. Please don't post here. Open a new topic instead.

Recommended Posts

GisMo Community Regular

GisMo

Posted
Posted

Hi,

 

I have been heavily researching the record access based on the current logged in user account. 

 

In particular, I have been referencing these writeups:

 

http://help.filemaker.com/app/answers/detail/a_id/3402/~/limiting-access-by-record

and

http://fmforums.com/forum/topic/66177-possible-to-limit-record-access-based-on-username/ <- this one seems more appropriate

 

 

Anyway, a little about my database. It's a Sales and Inventory Management System. I have sales persons that manage their own customers and their orders, payments, shipments etc. When an order is flagged as ship, the warehouse can see the order and will prepare the shipment and pull it from inventory and whatnot. 

 

My main immediate concern is getting the sales person to their record own when they log in which has a portals to whatever they need. I don't want the sales rep to view other sales reps etc. Of course Admin will have access to all Sales Person records and their children.

 

So, based on the second link, I need a RecordOwner field which will match the User Account in my records. My question is, how deep do I go with this RecordOwner field? Do I need it in all tables? Or only in the Sales Person Table and then their related records are driven by foreign key relationships...

 

Also, I would like disable the status bar for these users because all of their control will be done from the layouts.

 

Just looking for some general feedback on this.

 

Thanks!

Link to comment
Share on other sites
mr_vodka Grand Master

mr_vodka

Posted
Posted

The most secure would be to have it in your child tables as well. However, if the users have no way to getting to the child records except via the portal, then you may be able to just have it on the parent. But again, if you want to be 100% sure then have the security on the child table as well.

 

 

Also see this recent post.

http://fmforums.com/forum/topic/88470-how-do-i-lock-editing-of-a-record-by-user

 

 

There should be examples on these forums as well.

Link to comment
Share on other sites
Steven H. Blackwell Grand Master

Steven H. Blackwell

Posted
Posted

Record level access should be at the data table level and should encompass all related records as well.  Remember there are many ways to view data.  The only way to protect the data is to control their access through the Privilege Set.  The User Interface is not part of the security schema.

 

Steven

Link to comment
Share on other sites
  • 1 month later...

This topic is 3949 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept