6 Replies Latest reply on May 22, 2013 2:09 AM by SamThomas

    Restricting access per user

    snkm

      Title

      Restricting access per user

      Post

      I have an database in which each mployee must enter evaluations about every employee on their project.  I need the employees to only be able to see the records they have entered.

       

      User A - can only see records entered by user A

      User B - can only see records entered by user B

       

        • 1. Re: Restricting access per user
          ninja
            

          howdy again snkm,

          Thanks for the question!

           

          First, you would have to have each record tagged with who made it.  This could be an autoenter field (Table::Fieldname) calculated with Get(AccountName).

           

          Then:

          Under File>>Define>>Accounts and Privileges, you can define a Privilege set that restrics access to records, layouts, scripts and tables.

           

          Under records, you would choose "Custom Privilges" and set the calculation to Table::Fieldname = Get(AccountName)

           

          Check out FMP help for this also, the example they use is exactly what you're looking to do. (Rare thing, but it does happen)

           

          When I use this, I try to consider how nasty it is to see <No Access> all over the place and put in buttons that restrict the found set automatically such as scripting

          Go to layout [Inventory]

          Enter Find mode

          Setfield[recordowner;Get(AccountName)]

          Perform Find

           

          instead of just the normal "Go to Layout" button.

           

          Food for thought...

          • 2. Re: Restricting access per user
            krempch
              

            I am working on a similar project - restricting who can see 'notes' in personnel files. I hope this is helpful. :smileyhappy:

             

            step 1:

            Create your new 'check' field. Note where its at (table name).

             

            step 2:
            Add the "Check" field in each record to contain the user's login name.
            Populate that.

             

            step 3:
            Make this field updatable by admin only by updating every user-defined priv set.  How I did that:
                ( FILE | Manage (or DEFINE) | Accounts & Privileges).

                Opened the user-defined priv set (You can't change the admin priv).

                Clicked the 'records' dropdown, and CUSTOM PRIVILEGES at the bottom of
                the dropdown. The Custom Record Privileges dialog opens.

             

                Once in this dialog, select the table holding your new "check" field.

                Click the Field Access dropdown in the lower right corner.
                Select LIMITED from it.

                Find your new "Check" field.

                Set it's specific privileges to either 'view only' or 'no access'.

             

            step 4:

            Now that I had the check field, I updated the script logic to check for
            a match and control access.

             

              Sample code:

             

               If [HR_table::check  -not equal- Get(AccountName)]

                 Show Custom Dialog ["unauthorized"]

               End If 

               If [HR_table::check = Get(AccountName)]

                 Go To Layout ["notes"]

               End If

             

            If the two DO NOT match, it displays the error "UNAUTHORIZED".

            If the two MATCH, the script goes to the "NOTES" layout.

             

             

             

            • 3. Re: Restricting access per user
              snkm
                 How do I automate a script to begin when the user logs into their account?
              • 4. Re: Restricting access per user
                ninja
                  

                Howdy snkm,

                 

                krempch gave more detail, but we are talking about the same thing (I'm 99% sure).

                When you are setting up the privilege set and choose "custom privileges" for access to records, a screen will appear with selections for how you would like the records handled.

                 

                Down the left side will be a list of tables, you set privileges for records from each table separately.

                 

                Click on the table whose records you'd like to restrict.  Click on the dropdown box on the bottom of the window directly below "View" and choose "limited..."

                A calculation box will appear.  In the calculation box, it is essentially saying "I should show records when the following is true."

                 

                Enter the calculation Table1::Yourcheckfield = Get(AccountName)

                 

                now people can only see the record contents when the account name they logged in with matches the checkfield contents.

                 

                The script snippet I posted above is a way to help people get to the records they are allowed to see rather than to go to the layout and stare at a page of blank fields (blank because they aren't allowed to see the contents).

                 

                Is that clearer?  Please let us know how you make out...

                 

                PS: Under File>>File Options you can define a script to run upon startup...I think that that was your direct question.

                • 5. Re: Restricting access per user
                  krempch
                    

                  Hi snkm - Ninja directed you at the right place in File|Options. Best wishes.

                  Let us know how you make out with this.

                  • 6. Re: Restricting access per user
                    SamThomas

                         hey hii..this solution is works but things is its shows no acccess on another records...is it possible ..when criteria is matched .then shows only these  records onlyy ....??  ndd with this i'm nt able to create new record ...?/i \in Record->Custome privilege-set create-true...still nt able to create new record