3 Replies Latest reply on Jun 9, 2014 12:03 PM by aewerdt

    Custom View Record Privilege that evaluates a field to a global variable does not work with related...

    aewerdt

      Summary

      Custom View Record Privilege that evaluates a field to a global variable does not work with related data on Go.

      Product

      FileMaker Go

      Version

      Go_iPad 13.0.4

      Operating system version

      iOS 7.1.1

      Description of the issue

      Custom Record View privileges are set up for each table so that tableA::ID_User = $$userID and tableB::ID_User = $$userID. ID_User is set automatically in each table on creation to equal $$userID. This is done so that users can only view records they have created.

      In FileMaker Pro, within a layout for table a that displays data from both table a and table b, security is properly applied to records of both tables.

      In FileMaker Go within that same layout, security is applied properly only to data of table a. Data of table b; whether it is shown as a field or a portal, is blank.

      Steps to reproduce the problem

      To make sure other issues weren't involved, I reproduced this using the Inventory starter solution:
      - For the two tables Inventory and Stock Transactions, create a text field ID_Clinic, and set auto enter calculation to equal $$clinicID.
      - Create a Privilege set. It can have permissions to everything, but give custom view privileges to the records of Inventory and Stock Transactions such that ID_Clinic = $$clinicID.
      - Assign a user account to this new privilege set.
      - Edit the 'Trigger | On First Window Open' script and add to the end "Set Variable [$$clinicID; Value:Get (AccountPrivilegeSetName )].
      - In FileMaker Pro, log in and create a new item and a new transaction. If you look at a table view, the new records should have ID_Clinic equal your privilege set name
      - Share the solution in FileMaker Pro or on a Server and open via FileMaker Network using FileMaker Go.
      - In FileMaker Go, log in using the new user and browse to the Desktop -> Product Details layout (only because it is a layout that displays the transaction data as well).
      - Unlike FileMaker Pro, which shows all data, FileMaker Go does not display any data from the related Stock Transactions table.

      I can upload this Inventory database if requested.

      Expected result

      The same as FileMaker Pro, so that my multi-user database works on all platforms.

        • 1. Re: Custom View Record Privilege that evaluates a field to a global variable does not work with related...

               Aaron Ewerdt:

                

               Thank you for the post. 

                

               A previous user encountered this issue with limiting portal view access in IWP here:

                

          IWP portal not visable when record restrictions are in place but work fine in FMP environment.

                

               The workaround is to place $$clinicID into a regular global text field (not an auto-enter), and limit the record access such that TableA::Field = ID_Clinic where field is the value of $$globalVariable instead of a global variable itself.

                

               Let me know if any of the above requires additional clarification.  

                

               TSFalcon

               FileMaker, Inc.

          • 2. Re: Custom View Record Privilege that evaluates a field to a global variable does not work with related...
            aewerdt

                 Thanks, that workaround seems to have fixed my issue.

                 What I did for my solution:

                   
            •           Create a global text field in my z_References table, that all tables can see.
            •      
            •           In my startup script, change Set Variable [$$clinicID; Value: Get ( AccountPrivilegeName )] to Set Field [z_References::z_ClinicID; Get ( AccountPrivilegeName )]
            •      
            •           Change all of my custom record view privileges from Table::ID_Clinic = $$clinicID to Table::ID_Clinic = z_References::z_ClinicID
            • 3. Re: Custom View Record Privilege that evaluates a field to a global variable does not work with related...
              aewerdt

                   OK, so I finally got this up to a FileMaker Server, and the workaround only kind of works for Web Direct.

                   When the layout is loaded, or when a it is reloaded by doing a GTRR to a different record using the same layout, the portal(s) are blank again (and Hide Objects When conditions are not evaluated for objects in the portal). By clicking pretty much anywhere, the portals do load their data, but having the portals appear blank by default wasn't very user friendly.

                   I tried all the standard script steps to get this to load automatically (Commit, Go To Object, Go To Field) but nothing worked until for whatever reason I tried to pause the script. So my workaround to get portals to display data in web direct immediately when the portal's table has conditional permissions based on a global field is this:

                     
              •           Pause/Resume Script [Duration (seconds): .1]