2 Replies Latest reply on May 28, 2014 9:36 AM by user22711

    Tiered Privileges

    user22711

      Title

      Tiered Privileges

      Post

           Employees can only view 7 edit & delete their own records…

           Managers can only view, edit and deleted records of Employee’s (maybe filtered by department of responsibility) but not other managers…

           Executive Manager can view, edit & delete records of Managers, Employee’s but not other Executive Managers…

           ..and so on..

           I have a Departments Table and am writing this to a Variable and a global field on start up, but I’m stuck on how to manage the tiered permissions… most records have a Department field assignment except setup tables (Vendors, Employees, etc, which all managers should be able to view, create, etc.).. but still I am stuck on implementing this… and I’m not even sure what to search here on web as the only thing than comes up is limiting records to self.

        • 1. Re: Tiered Privileges
          philmodjunk

               Are you familiar with: "Editing record access privileges" in FileMaker Help and this particular sub section: "Entering a formula for limiting access on a record-by-record basis"?

               The details will depend on what data you have to work with in your tables and how your tables are linked in relationships, but the "lock expression" that controls access to specific records can be a different expression for different privilege sets. Employees would use one privilege set where the value in a field is check to determine if it is one of "their records"--perhaps by a field that auto-enters an Account Name when the record is created.

               Managers would have different privilege set with a different lock expression that determines whether that same field value makes it a record "owned" by an employee from the manager's department or the lock expression might check a "department" field to make that determination.

               Executive Managers would then have a privilege set that does not have a lock expression as they are granted access to all records.

          • 2. Re: Tiered Privileges
            user22711

                 Yes in fact I am using Get (AccountName)= zCreatedAccountName for View, Create & Delete for Employee records now...

                 I knew the answer was in there, I am not correctly thinking though how to relate each Manager, their location, their department and Employees. Yet, it’s all there in the tables. Thanks for confirming I am headed in the right direction...