Here is what I want to do in a critical table: Allow viewing and creating new records, but limit editing to a certain field. It is not apparent to me how to do that. Can any of you experts explain that to me?
Or, one other possibility is splitting apart your fields into separate tables (with a one-to-one relationship) where you could lock down the records in one table (the data fields), but allow access to the record in the other table (the status field). For just one field that might not be worth it, but it you fully want to go the privilege set route, that's one option to get there.
In Edit Layout, each field can be individually set to allow or block Field Entry.
1) go to Edit Layout.
2) Open the Inspector.
3) Select a field.
4) In the Inspector, tap on the Data tab, top right.
5) Go down find Field Entry, uncheck Browse Mode and Find Mode. Or set as desired.
I guess I am not being clear. All fields need to be able to be entered, because I am allowing users to create new records. Once the record is created, they can edit the record if they are the creator of the record for the first five minutes after the record was created. After that, they cannot edit the record. What I want to be able to add is the ability for any of that group of users to be able to edit one field to inactivate a record no longer needed.
There are (at least) two ways of doing this.
1). You could set up layered fields on your layout - one that has field entry allowed and another that doesn't. Then you could specify a Hide condition to ensure the one that allows field entry is hidden under the appropriate conditions.
2). Alternatively, you can set up Privilege Sets in Manage -> Security that provide the necessary privileges (using Custom privileges for Records, selecting "limited.." under the Edit privileges for the corresponding fields and then specifying the appropriate conditions.
In general I would recommend the second approach as it then automatically carries across to all occurrences of that field in your system (ie. if they are on another layout), whereas the first approach is specific to that layout (and if someone switches to another layout where the layered fields haven't been set up, they could access the fields). The first approach requires more work at the layout level and for every layout where the fields occur; the second approach requires more work at the privilege set level but then that automatically carries over to all layouts.
This is not probably a very elegant solution, but what I am doing as a solution is: I created a button that runs a script with full privileges then set the button to be invisible except when the conditions are met to allow editing.
What I wanted to do and couldn't figure out how to do is to deal with this in the custom privileges in security. I tried various formulas that identified the field I wanted to open to editing using Get functions, but couldn't get it to work.
Ah, I see. Yes, FileMaker primarily works with record-level access, not field-level access. So, if you want some fields to be modifiable but not others, you can't completely set that up through record-level access in the privilege sets. You could still use the layered fields approach on a layout. Or, you do what you are currently doing, if there is just one field that they should be allowed to edit, modify that field using a script running with Full Access. I think that is a reasonable approach.
YES! That gets me where I want to go. Hadn't thought of that, but it's a beautiful solution. Thanks! I wanted something more than a one-off solution.
Kudos to you for wanting to go there! I probably too often assume that people want the quick and easy solution, rather than being willing to make the extra effort to make it more robust.
Frankly, I think that you gave darn near perfect assistance here. Your first post directly and specifically answered the question based on the info provided and then when more details were shared, you took them through a series of options from simple to more sophisticated.
Retrieving data ...