2 Replies Latest reply on Aug 31, 2011 12:02 PM by joelande

    Record Level Security



      Record Level Security

      Your post

      I want to deploy a rapid-development web-based database, so I am looking for a quick and easy way to do this (i.e. without writing lots of custom code).


      I want to put a database online, and share it through instant Web Publishing. Done.

      I want to authenticate users to my OSX directory. Done (set up an external account authentication and entered a group name).

      I want to setup security so that users can:

      a) only edit the records they create

      b) view anybody's records (read-only)


      That is where I get stuck. I created a new Privilege Set.

      I clicked on custom for records access, selected the "limited..." option for edit and was presented with a calculation box.


      From there I wasn't sure what the best approach was.

      Perhaps I have to do an auto-entry field that captures their username when they create a new record, then look for a match when editing?


      Ideas? Advice?

        • 1. Re: Record Level Security

          Hi Joel Anderson:

          Thanks for posting.

          With record level security, you first need a mechanism to track which users created a record.  Once this is in place, you can then setup your custom privilege set to restrict access by this field.  An auto enter field that enters the users account name would be the best way to go about this.

          In your database, you can create a text field called CreationName in Manage database.  After creating this field, click on options and go to the auto-enter tab.  Check off the Creation option and set it to account name.  Now you have a field to base your privilege set calculations from.

          Next, you can go back into Manage Security to set up your restricted privilege set.  You’ll want to set Records to Custom privileges to set the record level access.  In Custom Record Privileges, set Edit to limited, which will bring up a calculation field.  The calculation you can use would be the following.

          CreationName = Get ( AccountName )

          The remaining options can be set to yes, allowing the restricted user to view, create, and delete.  This should allow the restricted user to edit only those records they have created.  Let me know if you have questions on this.



          FileMaker, Inc.

          • 2. Re: Record Level Security

            Thank you TSDuck!


            That worked quick and easy.


            One clarification - you will want to make the same user calculation limitation to the "delete" records option, otherwise one user can delete another user's records - at least that is what I found in my quick test.