How to make that an user can only see the records related to a specific field value ?

[FranciscoMtz]

I mean, in a "Projects" layout, that have "Project Name" and "Year" fields, for example:

 

Record 1: Project Name: "Project A", Year: "Year1"

Record 2: Project Name: "Project A", Year: "Year2"

Record 3: Project Name: "Project B", Year: "Year1"

Record 4: Project Name: "Project B", Year: "Year2"

 

What privileges I must change (or do scripts ) to make that an user can only see all the records for "Project A" ? and have no access for all the records from any other Project ?

[biggles1212]

Create the field you want to be the search box or the definitive field.

My suggestion would be a field that has a drop-down box with only options you want.

 

The script will be as follows:
Enter Find Mode[]

Set Field (choose the field)

Perform Find []

 

That way it goes into find mode, looks up the value from your chosen field and then performs the find. Attach this script to 'onobjectmodify' and that way when someone changes the value from the drop down box then it will trigger the search again.

 

Another tip I would use is when loading / on exit, have this layout 'refresh records' or 'show all records'. That way when it is loaded again it won't show the last searched project items but the entire record set.

 

Make sense? I hope so haha.

[David McQueen]

Have them select a project and a year from drop downs on global fields. You have now set the parameters of what you want them to see. Alternately, if they are assigned projects, have a logmin that goes and gets their current project and auto fillsmthe global fields.

From there you have about three choices

1. Build auto finds into each navigation script so that as they go from place to place only applicable records are shown.

2. Do a similar thing using relationships and go to related record.

3. Use the set global fields to set up a relationship as in 2 above, but only navigate to layouts with portals showing the applicable records.

Depending on what you have to do, a combination of the three should work for you.

The key to security here is to totally lock down the navigation.

Hth

[comment]

What privileges I must change (or do scripts ) to make that an user can only see all the records for "Project A" ? and have no access for all the records from any other Project ?

 

Did you create a privilege set for your users?  If yes, edit the set and select Records: [Custom privileges...] under Data Access and Design. Next, select the Projects table and set the View privileges to [limited...]. Enter =

Project Name = "Project A"

as the calculation.

 

 

It would probably make more sense to calculate the allowable project/s instead of hard-coding the name. Otherwise you will need to constantly edit the privilege set to allow new projects. Also, if "Project A" is renamed, they will lose access to it.

 

 

 

The key to security here is to totally lock down the navigation.

 

Huh? The key to security is to set up security.  Locking down the navigation is an additional, optional step that has nothing to do with security - its only purpose is to save users the inconvenience of seeing a bunch of records with <<No Access>> label.

 

 

Make sense?

 

I am afraid not - same thing.

[David McQueen]

 

Huh? The key to security is to set up security.  Locking down the navigation is an additional, optional step that has nothing to do with security - its only purpose is to save users the inconvenience of seeing a bunch of records with <<No Access>> label.

 

 

I'll take some issue with this. Yes, FileMaker security provisions are most important and it is assumed that they are used.

 

Perhaps I am reading more into this than you.

 

1. OP indicates that this is a project database where people are supposed to see the records for "The Project" for a particular year. This may or may not be for convenience. He/she may not want people seeing other parts of the project or other projects for various reasons.

 

2. Assuming that the business is ongoing, the projects one is to see would change from time to time, how often being unknown. This could lead to a permissions nightmare using just native FileMaker Security as one person may need to be be able to see parts of three projects and another may only be able to see one project....And next week, it all changes. The project finishes and you do not want he/she being able to go back into it again for various reasons. There is flexibility and granularity that can be added in this way.

 

3. In this scenario, you do not want them opening up the status area and going to whatever record they wish. That is part of your security control. 

 

4. You also do not want them able to do open, unscripted searches. You would use custom menu controls for this.

 

All this being said, yes the FileMaker security is there for a reason and should be used to the fullest extent. My asumption is it is already being used.

[comment]

Yes, FileMaker security provisions are most important and it is assumed that they are used.

 

Let's see:

1. OP posted this in "Security Concepts";

2. OP describes his skill level as "Novice";

3. OP asks: "What privileges I must change (or do scripts ) to make that an user can only see all the records for "Project A" ?"

And from this "it is assumed" that the privilege set has been set up properly?

As for the rest, I am sorry: it's 2013 and I don't think the point that presentation-level "security measures" are anything but needs arguing any more.

I also don't see why managing privileges in an ongoing business would "lead to a permissions nightmare".  On the contrary, I don't even want to think of all the things that could go unnoticed when attempting to manage security at layout level.

[sandrela]

LDAP is a protocol, not a directory service.  FM EA supports only two directory services: Active Directory and Open Directory.  If you want to use another one you'll have to set up a sync between your desired directory service and an AD or OD.