2 Replies Latest reply on Sep 14, 2011 8:43 AM by NaturSalus

    Mutiple User Access Rights for a Layout



      Mutiple User Access Rights for a Layout



      I am in the design stage of my next project and need some advice about how to grant selective user access.

      Let's say that I have Form A, based on Table A, that contains fields to be filled in by different people, based on their user access priviledges.

      There are two coexisting scenarios:

      • Form A with several fields that are grouped in sections. Each one accessible according to the user access privileges. For example:

      Form A Section 1 can be filled in by all users.

      Form A Section 2 can be filled in by user with supervisory access level.

      Form A Section 3 can be filled in by user with managerial access level.

      • Form A with several fields that are grouped in sections. In this case, a section accesible can be accessed by 2 o more users with different access priviledges. For example:

      Form A Section 2 which is accesible only by users with supervisory access level, could also have a Manager Approval field only for users with managerial access level.

      If I got it right, user access is controled by: File -> Manage -> Security:

      • Privilege Sets
      • Accounts


      As I understand it, FM Edit Privilege Set allows to control Field access for ALL the fields in a particular Table, but doesn't allow you to pick wich fields of a table are accesable and by whom.


      Concerning Scenario 1, the only way that I can think of assigning selective user access for Table A fields is to split it into 3 layouts, one for each user access level. But I don't know if later on I will run into trouble when trying to put together a report for all the Sections and fields of Form A ( table A).

      Is there a better way to do it?

      In relation to Scenario 2, I don't know of any way to grant different user access levels on the same layout.

      Any ideas about how can I do it?


        • 1. Re: Mutiple User Access Rights for a Layout

          You've hit on one the significant design limitations to the current version of FileMaker security settings. You are indeed limited to controlling access to specific records of a given table, and cannot specify user specific access limits for specific fields.

          There are several possible work arounds.

          1. You have figured this one out already, which is to have several layouts and control access at the layout level by taking the user to different layouts.
          2. You can split your table into two or more parts linked in one to one relationships. Now you have separate tables so you can make one of those tables the "section" of your form that needs limited access. You can still keep all the fields on the same layout due to the one to one relationship between the two tables.
          3. You can also control access at the interface level with script triggers that deny access to the field when the user's privilege set is not one where access is permitted. This is fairly easy to set up but requires that you not leave any loop holes in your layout design that enable them to have access where they shouldn't.
          4. You can use a validation rule to deny all changes to data in a field if the user's privilege set does not allow them to edit that field. They will be allowed access to the field, but when they exit, an error pops up and they are required to revert the changes. This isn't terribly user friendly, but it's a good insurance policy to put in place if you decide to use script triggers to control access to specific fields as it will plug any "gaps" in your system that you may have unintentonally left in place in your interface design.
          • 2. Re: Mutiple User Access Rights for a Layout

            Hello Phil,

            Amazing feedback as usual.

            I take good note of it.