We use Active Directory to authenticate our users in our school district.
I am looking for a good technique that will allow users to log in an "own" records they create, and share "ownership" with others if they wish. This would prevent anyone who is NOT the owner or shared owner from viewing the record(s) of the 'owner'.
I have a Contact database (as in Directors contacting parents and logging what the conversation was about, time took, and method and resolution).
Each director would own a record which other directors should NOT have access to. So Director A would have a log (record) of each contact and Director B would not see that record. BUT, Director A might want to share that information, so I need a way for Director A to share ownership of that specific Contact record, which would allow Director B to View and optionally Edit the record owned by Director A, while still keeping Directors C-Z from viewing that record.
Since our users authenticate via Active Directory, they can authenticate with a Long or Short Name (since they authenticate via AD Groups [ou]). So I know I need to maintain a table of users, where I keep both their Long and Short Names to verify ownership of each record, since a record may have been created with a Long Name, but the user may edit logged in with a Short Name (or vice versa). FileMaker really needs to make this part simpler…
Anyway, I need to experiment but was hoping there is a way of authenticating a record based on an "ownership" field, and allowing multiple names to be part of that 'ownership' field, yet making it somewhat easy to edit that 'ownership' field without accidentally removing your own ownership so the user no longer has access to a record where they should have access.
If that all doesn't make sense, let me know where I have lost you and I will try to explain clearer.
thank you for any tips you may offer.