3 Replies Latest reply on Nov 14, 2008 2:03 PM by Karnel

    Restrict users access to records

    Karnel

      Title

      Restrict users access to records

      Post

      I need to setup user's access to my database based on which school they are in and only be able to access the records for their school.  I have a field that identifies which school the record belongs to.  I have been able to accomplish this by setting up a custom privilege set and have that field to = the school using a calculation.  This works and that user can only see their records, but they also have all of the other records come up with <No Access> in all the fields.  I'm wanting the user to only have their own records.   Is there a way to have FM not show all of the records with <No Access>? 

       

       

        • 1. Re: Restrict users access to records
          TSGal

          Karnel:

           

          Thank you for your post.

           

          There is a Get (RecordAccess) function that returns a number in a calculation.  If 0 (zero), you have neither View nor Edit privileges for the current record.  If 1, you have View privileges, and 2 if you have Edit (and View) privileges.

           

          One of the options when opening a file is to perform a script, so you can have a script that performs a find on this RecordAccess field for a value greater than 0.  That way, it allows you to see only those specific records that you have access.

           

          There are probably other ways to do this, and I'd like to hear from other users how they would approach this.

           

          TSGal

          FileMaker, Inc.

          • 2. Re: Restrict users access to records
            Orlando
              

            <!--  StartFragment  -->

            HiKernel / TSGal

             

            I would approach this using the Separation Model. Its fairly complex but would allow you to restrict the user to only see the records they areallowed to see and never going near ones they cant.

             

            It does require you scripting almost every action the user needs to make like whenthey perform a search, scroll through records etc.

             

            Looking at your post here is a rough idea of what you might consider, please bare with me as this quite difficult to explain and apologies in advance if it doe snot make sense.

             

            You would want to create an interface file with a single table, which the user interacts with; this table has a few global fields for linking and controlling which data the user sees.

             

            When a user logs in to the system you populate an AccessLevelGlobal to that users setting.

             

            Any list of records the user view will be through a portal that has this join

             

            AccessLevelGlobal --=-- School Identifier

             

            And when a user clicks on a row you set a RecordIDGloabl to the selected rows SchoolRecordsID and then go to a layout within you interface, which looks like your details screen, but all the fields are related from the schools table via a relationship of

             

            RecordIDGloabl --=-- SchoolRecordsID

             

            And technically the record the user is in is from the table in the interface file. This way you are controlling access and the user will only ever see records they should see.

             

            The description I have given is so brief but I hope it gives you an idea of what I am talking about, there is so much more to it than this but don’t think I should take up pages and pages on the forum explaining it in detail.

            <!--  EndFragment  -->

             

            Let me know if you do want me to go in depth, or if you have any questions about this. Or look up Separation Model on FMForum, as I know there has been allot of discussion about this over the years. 

            • 3. Re: Restrict users access to records
              Karnel
                

              TSGal, I was able to get your idea to work and it does bring up just the records for the school that I assigned in the access privileges; however when I perform a find it would bring back those unwanted <No Access> records.

               

              Orlando, I think you're suggestion is definately getting me closer to where I need to be, because I don't want any of the schools to even know there are other records there. I do need more in depth detail. I'm probably just not looking in the right place, but I haven't found anything in the FMForum that has been much help.  Can you give me more detail or do you know of any other resources (books, white papers, ect..) that would give me some specific step-by-step instruction.  I've worked in FM for awhile now, but not so much with some of these advanced techiques.  I have heard about Data Separation Model, but have not ever done it or seen it done. Your info has given me a great start.  I appreciate your input!

               

              Thanks Orlando and TSGal!