10 Replies Latest reply on Aug 25, 2016 11:43 AM by rporter

    Hiding a Button based on Security

    rporter

      I have a layout with a button bar "Create New Item" and "Delete Item".  Can I hide the Delete button based on Security?  So, for data entry users they only see Create new and admins see both?

       

      Is it better to script it or create a duplicate layout and only allow admins see that layout?

       

      Thank you

        • 1. Re: Hiding a Button based on Security
          dtcgnet

          Better to hide the button that to duplicate a layout.

           

          Double click on the Delete button in layout mode. In Inspector, add something like the following as the hide condition:

           

          Get ( AccountPrivilegeSetName ) ≠ "[Full Access]"

           

           

          You can use and's or or's as needed. If your admins have a defined privilege set, use that name instead of "[Full Access]".

          • 2. Re: Hiding a Button based on Security
            Benjamin Fehr

            You can easily use same layout with the 'HideObjectWhen' Function:

            Get ( AccountPrivilegeSetName )   ≠ "[Full Access]"

             

            Select the object and set the formula in Inspector in the Field

                 Behaviour

                      Hide object when

            • 3. Re: Hiding a Button based on Security
              matthewbellin

              For one more layer of protection, don't have the delete button just delete the record, but instead launch a simple script. 

               

              If(Get ( AccountPrivilegeSetName )   ≠ "[Full Access]")

              Exit Script

              End If

              Delete Record/Request

               

              • 4. Re: Hiding a Button based on Security
                Mike_Mitchell

                If it's important that the user not be able to delete a record, you should trap it using the security model, not the interface. There are way too many ways to bypass an interface-only control.

                 

                If you're already doing that, then using interface to improve user experience is a fine idea. (You can also use Custom Menus to remove the Delete command from the Record menu.) But fundamentally, start with the security layer.

                • 5. Re: Hiding a Button based on Security
                  dtcgnet

                  +1 to Mike_Mitchell's comments. If you don't want users from a specific privilege set to be able to run a script, edit that privilege set so that users have no access to the script in question.

                   

                  Let's say a privilege set is named "BigWigs". Your script is hardcoded as follows:

                   

                  If ( Get ( AccountPrivilegeSetName ) ≠ "BigWigs"

                  Exit Script

                  End If

                  Show All Records

                  Delete All Records

                   

                  That'll work UNTIL someone renames the privilege set without thinking. Since the privilege set name is hard-coded in...a change in that name eliminates your security regarding that script.

                  • 6. Re: Hiding a Button based on Security
                    rporter

                    Thank you for the replies.

                     

                    I think the Hide option will work out best.

                     

                    Mike - all my users will be web only and the menu bar is hidden for them.   So, I'm not really worried about them finding a delete work around.

                    • 7. Re: Hiding a Button based on Security
                      matthewbellin

                      Excellent point.   Here's a slight variation.   In this case, if the privilege set is changed, then the default is a non-functioning script.

                       

                      If ( Get ( AccountPrivilegeSetName ) = "BigWigs"

                      Show All Records

                      Delete All Records

                      Else

                      Exit Script

                      End If

                      • 8. Re: Hiding a Button based on Security
                        Mike_Mitchell

                        You should be.

                         

                        Never rely on interface for security. It WILL bite you. You can either deal with it now, or suffer with it later. (Voice of experience.)

                        • 9. Re: Hiding a Button based on Security
                          Mike_Mitchell

                          This is fine as an extra layer. But if you really want the control, it needs to be done in the Manage > Security dialog.

                          • 10. Re: Hiding a Button based on Security
                            dtcgnet

                            +1 again. An experienced user can open your solution in their own personal copy of FileMaker Pro Advanced if they have one. Their credentials get them in to WebDirect, so...if that privilege set has fmapp and fmwebdirect access, then they can open the database using FileMaker Pro Advanced or FM Pro. Mike's voice of experience is a pretty good thing to listen to.

                            1 of 1 people found this helpful
                            • 11. Re: Hiding a Button based on Security
                              rporter

                              Mike- Point taken. I also have privileges set for users to note allow delete. So there will be privilege and the hide option in place. Also, the privilege sets are tied our corporate active directory. Security groups.

                               

                              dtcgnet- I will not have any users besides two admins with access to FileMaker Pro or Advanced. The users in the field will only have webdirect or FMGo available to them.