11 Replies Latest reply on Mar 14, 2013 11:39 AM by philmodjunk

    privilege sets to restrict access to records

    HeidiStewart

      Title

      privilege sets to restrict access to records

      Post

           ok i realize there have been a lot of posts about this, but i've been reading and reading and can't find an answer.

           i'm using FileMaker Pro 12, i'm setting up an IWP., i'm using classic theme and i can see my database on the homepage.

           In the database i have a table that has a field called Dept, it is a drop down list using a value list with 5 different dept names.  i'm trying to set up 5 different privilege sets (1 for each dept) that allows them to only see their records, also not allow them to hit "show all" and see a bunch of "No Access" or "Missing file" messages.  if my database has 250 records and 1 dept has 100 records, when they log in they should see that there are only 100 records, not 250.  how to i limit the records they view and not not have the "no access" ones show?

           I've read that i need to specify a calculation, but i'm not sure how to have it pull which dept that record has selected, and then how to put in the formula which one it should match.  do i just type "Physics" in brackets like that?  if the privilege set itself is called Physics but i don't see a function called Get(AccountName) like i keep reading.  so how to i specify which dept the records should match?

        • 1. Re: privilege sets to restrict access to records
          philmodjunk

               The lock expression will control access, but that's what will produce all the records that are concealed behind "no access" when a user selects Show All Records. If you only have FileMaker Pro, there's no way to prevent that when a user selects Show All Records.

               If you have FileMaker Advanced, there are ways to use a custom menu such that either Show All Records is not an available option in the Records menu or Show All Records performs a script of your own design that finds all records for which the current user is permitted to view.

               If you have a text field in your table that stores the department name and you have matching privilege sets that are also named in exactly the same way, your lock expression would be:

               FileMaker 11 and newer:

               Get ( accountPrivilegeSetName ) = DepartmentFIeld

               FileMaker 10 and older:

               Get ( PrivilegeSetName ) = DepartmentField

          • 2. Re: privilege sets to restrict access to records
            HeidiStewart

                 ok i put that calculation in my privilege set, but when i sign in using that account it says 0 records, all fields say "File Missing"

            • 3. Re: privilege sets to restrict access to records
              philmodjunk

                   "File Missing"

                   does not have anything to do with the access permissions. It appears when you have a reference to a different file and that reference is, for some reason, not successfully finding and opening a file.

              • 4. Re: privilege sets to restrict access to records
                HeidiStewart

                     ok i was able to fix the "fle missing" error, but now when i log in under someone who should only have access to the Biology students, i can see all of the students, even non-biology students.  so i'm guessing the privilege set isn't working.

                • 5. Re: privilege sets to restrict access to records
                  philmodjunk

                       I spotted <unknown> in the "context" drop down in specify calculation for the lock expression. Select an occurrence of the Faculty of Science table in this drop down, re-login and see if it now works.

                  • 6. Re: privilege sets to restrict access to records
                    HeidiStewart

                         Yes i noticed that too.  unfortunately it won't let me change it.  when i click on the arrows nothing happens.  i can't select anything, there are no options to change it.  any idea why?

                    • 7. Re: privilege sets to restrict access to records
                      philmodjunk

                           As shown in the uploaded image, the drop down lists every table occurrence for the current table that exists in your file. The fact that you can't pull down this menu would suggest that you do not have a table occurrence in Manage | database | Relationships that refers to this data source table.

                      • 8. Re: privilege sets to restrict access to records
                        HeidiStewart

                             hmmm so maybe it has something to do with the fact that this database is simple a ghost of my main database?  let me explain.  in order to put the database on IWP none of the layouts in my database can have a layout other than Classic, so i created a new database and linked in the tables from my main database and just made a copy layout in classic theme with all the fields linking to my Faculty of Science database.  maybe this wasn't the best option??  i'm not sure how else to leave my database as is (with bamboo theme) and still post it on IWP.  I'm open to other options of how to make my database (with restricted records to their own dept only) accessable to 10+ people.  we do not have a shared drive to save the file on, i thought IWP was the best option.

                        • 9. Re: privilege sets to restrict access to records
                          philmodjunk

                               In other words, you added an external data source reference to a table in your original file. I'm not sure if that approach will work for IWP. I suggest testing it soon if you have not already done so.

                               The record level access controls such as this lock expression would need to be specified in the original file instead of this one.

                          • 10. Re: privilege sets to restrict access to records
                            HeidiStewart

                                 it was working, until i added the privilege sets and created the accounts in my main database, now it won't let me log in at all. 

                                 are there any other options to allow me to share this database with other people working on different computers in multiple locations not at all connected and whom most do not have filemaker pro on their computers?

                            • 11. Re: privilege sets to restrict access to records
                              philmodjunk

                                   As long as IWP works for this file, you should be able to set record level access control in the data file and have this work for you. It's always a good idea to work from a copy of your file when working with manage | security. If you accidentally lock yoursefl out of the file, you can delete the copy and try again from the original. You should, however, not have a problem with record level access control when opening the database with a full access account.

                                   In fact, saving frequent back up copies of your file is a good practice for any database your are currently developing. This process can be automated so that you do not have to remember to save the copies: Saving Sequential Back Ups During Development