Advance Record-level Access Privilege Detection

Document created by PeterDoern on Mar 20, 2018Last modified by PeterDoern on May 26, 2018
Version 2Show Document
  • View in full screen mode

Problem: you want to detect ahead of time whether a user has sufficient privileges to view, edit, create records in or delete records in a table. Right now our only option is to Set Error Capture [ On ], try the operation, and see what Get ( LastError ) returns.


Here is a relatively simple way to detect record-level access ahead of time. Attached is a video and a demo file.


1. Each table should have four global number fields: canView, canEdit, canCreate, and canDelete. EDIT: This has become trivial with FileMaker 17's DefaultFields.xml

2. Add a custom function:


hasAccess ( entity ; View|Edit|Delete|Create|Layout ) =

Case (
  View|Edit|Delete|Create|Layout = "Layout" ;
  not IsEmpty ( FilterValues ( LayoutNames ( "" ) ; entity ) ) ;
  // Else
  EvaluationError ( Evaluate ( entity & "::can" & View|Edit|Delete|Create|Layout ) ) = 0


Set up your account privileges as per usual. The one extra step is to set your field-level privileges for each table so that access privileges for the four fields above match the access privileges for the table.


For example, if you want to allow View and Edit for a table but prevent Create and Delete, you would set the privileges for canView and canEdit to modifiable and the privileges for canCreate and canDelete to no access.


Example Usage

hasAccess( LayoutName ; "Layout" ) will return 1 if a user has privileges for a specific layout.

hasAccess( TableName ; "Edit") will return a 1 if a user has edit privileges for a table, or a 0 if the user does not.


hasAccess() will return 0 in any case if you've turned off View access for a table... the View parameter is probably redundant but I went too far with this to change it now.

13 people found this helpful