1 of 1 people found this helpful
Ideally you'd use external authentication for this, with one account for each facility. Then you'd manage users and groups using Active Directory or Open Directory. Then you'd set up record-level access privileges with a calculation like FacilityID=1 for each facility/account.
You might still need to do some account checking in scripts, but this puts the main functionality into the security settings where it belongs.
this is best handled by giving each user in a facility a permission set that controls their ability to access data.
Couple intelligent internal security settings/configuration with external authentication and you have the best of both worlds.
Thanks for the suggestion, I used a variation of this.
I added a field in my Facility descriptions for ID#,
then use that ID# in the User Login Permissions to denote which records they can view.
I would prefer to use external auth, however this saved me several headaches.