4 Replies Latest reply on May 22, 2012 9:12 AM by philmodjunk




      Help - Security


      I have the following relationship:


      CC holds all the past and present courses the student was/is enrolled in.

      Ideally, teachers should only see the students assigned to them -


      Current settings are:

      Students::TeacherID=List(CC::teacher_number)   ---this will get all the teacherIds for the courses the student is enrolled in


      Teachers can see students when:



      The "Open" script goes to the teachers table, finds/gets the teacherID based on the account name, sets the ID with a global field called gTeacherID and performs a find on the TeacherID field.


      This works for what I need. However, I do not want users to search on an unstored calculation everytime they log in. I've had several server crashes before because of multiple users searching on an unstored calculation (on a different database).

      Question is, what is a more efficient/effective way to accomplish this? ideas are very much welcome.


        • 1. Re: NoFields

          Can I ask, truji, what you originally typed as the title for this post?  Or did you see any warnings or dialogues as you posted?  Recently a number of posts have come up with the title 'NoFields' (like yours) and you can't all be making the same mistake, so there must be a bug somewhere.



          What happnes when you have the access privileges set for each teacher to see their own students, and you just 'Show All'?  Does it not limit the found set to only those the teacher is permitted to see?

          BTW: I'm not sure why you bother to use PatternCount in the privilege check.  Are you using a text field as the unique ID?

          • 2. Re: NoFields

            Actually, patterncount could permit access to the wrong records in some cases. FilterValues would be a better option for matching the current ID to a list of IDs like this. keep in mind that a Teacher_Number of 1 will cause this expression to evaluate as true for Teacher_Numbers of 10, 11, 12, 21, 111 etc. That may be something you've avoided by using text fields and Teacher_number values of all the same number of characters, but I'd use a number along with this expression:

            Not IsEmpty ( FilterValues ( Students::TeacherID ; gTeacherID ) )

            I've had several server crashes before because of multiple users searching on an unstored calculation (on a different database)

            That isn't normal behavior and could indicate possible problems with that other database file, but neither do you need a lock expression that checks for a value in a list like this either.


            Students::gTeacherID = teacher_number

            as the lock expression for the CC table.

            Create a new occurrence of CC, CCbyTeacherID and relate it like this:

            Students::gTeacherID = ccByTeacherID::Teacher_Number AND
            Students::Student_number = ccByTeacherID::Student_Number

            Then your lock expression for the Students table can be:

            Not IsEmpty ( ccByTeacherID::Teacher_Number )

            • 3. Re: NoFields


              the title I entered was "Help - Security" - there must be a bug somewhere?


              Thanks Phil. Your solution's performance is much better as well.

              • 4. Re: NoFields

                @Sorbuster and Truji_,

                There is a bug in the forum software that occaisonally puts "NoFields" in the title field instead of the title entered by the poster. I brought this to Modman's attention several weeks ago so that he could report this to the RightNow programmers.