I strongly recommend that you not make separate database files for each band. That will greatly multiply your work load. You can set up record level access privileges that limit the records a user can see provided each table includes a field that identifies who can see that record.
In your case, You'd give all the members from "Band A", the same account name, "Band A" and set access privileges up with the expression.
Get (Account Name ) = table::BandName
For more on this approach, look up "Entering a formula for limiting access on a record-by-record basis" in the Filemaker Help system.
Im not sure about using privilege sets for data driven security but there are ways to implement it but will require a bit of work to secure.
How sophisitcated can you make the limited calculation rather than use all the same login they just need the same privilege set
You would need to create an access control list that would join on the table key and contain the user name
Then you could limit based on get(accountname) = accesslist:username
is there a reason why it wouldnt work then you could build an access control list by username.
The record would already be related to the accesscontrol list by its key item.
Good point. Now that I think about it, I wouldn't use an account name for this.
Yeah you can create some really neat things with Access control lists like this.
you could then use joins to have this same list filter multiple records
You just need to set up the access control list with the proper values.
On the other hand, if you have a relatively small user base, it may be easier to name the privilege sets after the bands and compare privilege set name to the band name to control access.
but why limit yourself in the design like that?
Seems that there is some dispute on the best way to solve this issue. aammondd, would you be willing to detail the method in which to create the access control list as well as the table key if this is what you believe to be the best solution? TBH I'm not following your idea very well at all, and if it IS in fact the answer I would very much like to learn and use this method. Unless Phil has any more retorts that is.
but why limit yourself in the design like that?
It's a design trade off. If your solution is fairly small and not likely to involve large numbers of users, setting up a check against the privilege set name is much simpler and quick to set up. If your user base should grow in the future, you haven't prevented yourself in any way from switiching to that approach in the future.
YOu create a table called , for lack of a better term, AccessControlList
It has the following fields
* = optional fields that can be used later
You then Join this table to your Band Table by BandName = ControlValueText
Then you set up a new privilege set and in the Records portion you use custom access
under the band table you would then under view and edit options select limted
which will bring up a calculation dialog
In that calculation dialog you will use the following calc
Get(AccountName) = AccessControlList::Username
This is just one portion of the overall setup of your solution but should give you a start
You need to populate the Access Control List ControlValueText with the BandName and the username combinations that they will access.
You can then join this AccessControlList table to a number of tables by the matching field and then setup the privilege set to limit based on the same calc as above
You should also be able to create sets of data in intermediate tables and join them You could for example create a table that groups Venues by Route
Then join that table to the venue table and the access control list table this Route table and then only have to plug in a single route entry per user and it would filter the venues based on the access control list.
thats the concept at least.
I have finally gotten around to attempting to implementing this solution into my database but I have some questions.
First of all I started by following the instructions exactly as they were written by aammondd which involved me adding a bandname table as well as the accesscontrollist table, and connecting them by the filed as described. I then was able to set up the privilage set based on the accesscontrollist calculation as it was written.
The next step is what is confusing me. I am now to populate the controltext with the band name and user name combinations and then connect the controltext with the records I already had via it's same key field. Why did I make the bandname table? Do I then need to set the privilages for each user to the specific calculation as aforementioned?
I think my confusion may stem from the fact that I am not sure how the software recognizes these privilege sets.