1 Reply Latest reply on Nov 29, 2013 11:22 AM by philmodjunk

    Record Level Access System to easily add and remove user privileges

    RayGerman

      Title

      Record Level Access System to easily add and remove user privileges

      Post

           Hello,

           I was asked to build an internal employee database which will store basic employee, goals, reviews, and include a bonus calculator. The information is sensitive and I was asked to build the system then have the the finance department reset the admin password so even I will not be able to see all records. I can understand as the bonus calculator will have employees salaries, which is sensitive data.  I am running FileMaker Server and have it bound to AD, so I believe I can create AD groups that will allow me to add and remove access without actually accessing the records in the database.

           I have attached a screen shot of the access levels and number of records for each department. I believe the proper way to limit access to the records is by using calculations in the security panel. All users will log into the system using their AD username and password, and I can create a calculation that if the user logins match the employee name_first and name_last they can see their own record. Is their any way to tag on an additional parameter in the calculation to also check if they are department A's manager, they can see all of department A's employee records?

           Thanks,

           Ray

      Screen_Shot_2013-11-29_at_2.00.52_PM.png

        • 1. Re: Record Level Access System to easily add and remove user privileges
          philmodjunk

               Managers can be given a different privilege set and thus can be given different record level access control calculations that limit access differently. Thus enabling you to do what you want here.

               What I see in your screen shot would see to require three such privilege sets. The bottom row represents the most limited privilege set. Rows 3 - 9 would represent a manager level of access where they can see all records for a specified department. and row two would require a 3rd privilege set.