Magnus Fransson

Please criticize my quirky security idea.

Discussion created by Magnus Fransson on Jan 24, 2017
Latest reply on Jan 25, 2017 by Malcolm

Hi all,

 

I have an awkward security demand to solve.

 

At first it seems straightforward: A certain group of users should be able to crate (and edit) records in a table only through scripts.

-Easy! You say. Just block the group in the security settings, and grant the scripts "Full access".

-Not enough. I say.

The problem is that the system uses the "separation model". The records will be blocked in the data file and the script will have "Full access" only in the GUI file.

 

My suggested solution uses a Global field in a calculated security that only allows access to the table if the Global field contains a specific value. That way the script can manipulate the Global field to temporarily turn on, and then off, the access to the table. And since the Global table are in the GUI file I can even make the Global field require "Full access" to be manipulated by the script.

 

What I'm thinking of right now is: Any and every way anyone can punch a hole in the solution. And how I can "repair" said holes.

 

With best regards Magnus Fransson.

Outcomes