5 Replies Latest reply on Mar 21, 2011 5:34 AM by WoonT

    Restrict user only can view their own section records.

    WoonT

      Title

      Restrict user only can view their own section records.

      Post

      I have a database that stored some data for 10 sections in a small Division.

      I need to restrict each section user logon only can view/edit records belonged to their section.

      In the Startup script I use a find to get the find set of records - that is ok.

      But I cannot use custom menu set or script to hide the “Show All “ button on the tool bar. So although the find script only display the find set, but when user click the show all button they can see ALL records( including other sections ). How can I solve this problem. Also will it work in the IWP version.

      Thanks in advance.

        • 1. Re: Restrict user only can view their own section records.
          GianandreaGattinoni

          You can use security to do that:

          Create different privileges set for each section, i.e. naming them the same as section name

          For each” privilege set” for “records” in “Data Access and Design”  set “Custom Privileges”

          For all the tables you need to protect the data set for “view” and other actions “limited”

          Then insert a condition to be tested, something like:

          Get ( AccountPrivilegeSetName ) = section field

          (that in the case you have named the privilege set equal a section name and the section name is stored in a field (section field  ) of the table.

          So when a user log in, it is assign to him the corresponding privilege set.

          When the user try to read the records, if the result of the test is FALSE (his privileged set do not correspond to the section name stored in the record), the user cannot see the record data.

          • 2. Re: Restrict user only can view their own section records.
            philmodjunk

            See "Editing record access privileges" in FileMaker Help and check out this particular sub section: "Entering a formula for limiting access on a record-by-record basis" for a detailed description of how to set this up.

            • 3. Re: Restrict user only can view their own section records.
              WoonT

              Thanks for your advice(Gianandrea and PhilModJunk).

              I created an account called “Sales” with privileges set name = “Sales”

              For the Sales Privileges set for records set to Custom privileges and selected the Section table with “view” and “edit” both selected limit and then inserted the condition as you suggested:

              Get(AccountPrivilegeSetName) = SectionName

              In the Sections table – there is a field name called SectionName(which has some value = “Sales” and some other Section name values).

              Sales Privileges set – layout – set to all modifiable( to start with).

              Then in the startup script – I have something like this:

              Go to Layout[Layout Section]

              Enter Find Mode[]

              Set Field[Section::SectionName; Get(AccountName)]

              Perform Find[]

              Question:

              - If I use the Admin logon( Full access) then the startup script works – displayed only records has the Section name = Admin. Also has the Show all button on the tool bar. – works ok.

              -         Problem – when use the Sales logon – it will not display any find records. It has this error message [ No records match this find criteria.  “Modify Find”  “Continue”].  Although in the debugging widow current Section name value displayed the value = Sales, also there are a few records has “Sales” in the Section table, it appeared cannot find it using the script. But it works with the Admin logon. So not sure what is the problem. Any help/advice will be greatly appreciated.   Thanks.

              • 4. Re: Restrict user only can view their own section records.
                GianandreaGattinoni

                that because you leave the field access when you set the privileges to read the record to none. so there is not access to the field and the test cannot be performed. set the field access to "all" and it works.

                • 5. Re: Restrict user only can view their own section records.
                  WoonT

                  Gianandrea,

                  Thanks for your advice. It is working now.

                  WoonT