Jump to content

Restricting view access to matching records prevents self-join?


This topic is 3584 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Hello,

 

I've read a few similar threads in this area, but none were quite the same as what I'm experiencing.  I have a table of employee project records, and I was trying to set up a custom privilege set such that an employee can only view records where the "empID" field matches the global variable $$EmpID.  This is so that, should an employee somehow manage to get the Found Set to include records not belonging to them, they would just see the <No Access> label, instead of the data.  By setting the View privilege for the table to "Limited" and entering the calculation "empID = $$EmpID", this works.  However, what I have discovered is that this somehow prevents all related records from being viewed - even those which cause the calculation to be true.

 

For instance, I have a self-join relationship which returns all the employee's entries for the week, based on the date of the current record.  This works without issue, until I apply the above View restriction.  Then no related records are returned.  Shouldn't it still be able to find records via the relationship, when the "empID" field contains the same value on both sides?

Link to comment
Share on other sites

Are you sure the current record is one that the user has permissions to view?

 

 

Unrelated to your question, but this:

 

an employee can only view records where the "empID" field matches the global variable $$EmpID

 

is not a good idea, security-wise. Use a global field and make sure that users cannot modify it (have a script running with full access populate it as needed).

Link to comment
Share on other sites

Are you sure the current record is one that the user has permissions to view?

 

Yes, when the file opens, the script does a find and displays the user's records for the current month.  If the View privilege is left at "Yes", related records via the self-join are accessible.  If the View privilege is set to "Limited", where "empID = $$EmpID", then doing something like "Count(Week::date)" returns 0.

 

I will take your advice about using a global field.  Thanks for the tip.

Link to comment
Share on other sites

This topic is 3584 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.