AnsweredAssumed Answered

Record Level Access incorrectly blocks access on initial parent record

Question asked by philmodjunk on Sep 24, 2013
Latest reply on Sep 26, 2013 by philmodjunk

Summary

Record Level Access incorrectly blocks access on initial parent record

Product

FileMaker Pro

Version

12.04

Operating system version

Windows 7

Description of the issue

As initially reported here: http://forums.filemaker.com/posts/8a5e40af9f?commentId=258347#258347
With a limited Access privilegeset where a lock expression compares a value to the table's foreign key in a related child table, the child records are not accessible from the context of the initial parent record even when a script has correctly set the variable's value.

Steps to reproduce the problem

Create a standard Parent child, one to many relationship between two tables.
Parent---- Parent::PrimaryKey = Child::ForeignKey

Put a portal to the child table on the parent layout.
Create at least two Parent records with several child records linked to each.
In Manage Security, set up a limited access user account with limited access on the child table with this Lock Expression on the "view" setting:
$$Portfolio = ForeignKeyField
Select "All" in the Field Access drop down.
Use the OnRecordLoad and OnFirstWindowOpen triggers to perform this script:
Set Variable [$$Portfolio ; value: ParentTable::PrimaryKey ]
Now close and reopen the file with the limited access user account and password.

Expected result

The records listed in the portal should be visible so long as $$Portfolio has the correct matching value, the records should be visible in the portal. If the variable's value is changed so that it does not match, the fields in the portal show "no access".

Actual result

For the record that is current when the file opens and ONLY that record, the portal appears empty.

Configuration information

A sample test file may be downloaded here: https://dl.dropboxusercontent.com/u/78737945/RLABug.fmp12
This is a brand new created from scratch file set up to demonstrate the bug. The file has two accounts: Admin and User. No password is specified for either. It is set up to fail and the work around script is also present so you can use file options to quickly "fix" the issue after seeing it demonstrated.

Workaround

As found in the demo file, set up this script to be performed by the OnFirstWindowOpen script:
Set Field [ ParentTable::PrimaryKey ; ParentTable::PrimaryKey ]
Commit Records []
Set Variable [$Portfolio ; ParentTable::PrimaryKey ]

Outcomes