fmtraining

Problem with calculated security setting on record

Discussion created by fmtraining on Jan 10, 2019
Latest reply on Jan 10, 2019 by philmodjunk

I found a problem with viewing access using a calculation in the security settings. I cannot reproduce it in a new, smaller test file. I would like to hear your opinion and suggestions.

The database was newly generated in FM7 or combined in FM7 from a few converted FM6 files. The problem occurs in both FM16 and FM17 using the database shared on FMS17.

 

Requirement

The database must contain records for different companies and employees should only see (also edit, delete) the records of their company. First this is implemented at the security level and will later be taken into account with searching etcetera.

 

Set-up

At startup an employee record is found by the account name of the current user. In his/her record a company code is manually set once per employee and by the script put in a global variable ($$company_code).

 

A table also contains a company code (in field Company Code) which is entered for new records by the value in the general variable using the auto-enter calculation option.

In the security settings for a privilege group this calculation is set for the viewing privilege:

Company Code = $$company_code

 

Problem

In the Browse mode this seems to work fine. The records of the current user’s company are fully shown. And the records of other companies are shown with <No Access> or a question mark, as expected.

Using ‘Insert from index’ on a normal text or number field however, shows an empty list. For other users without this privilege set calculation the values are all shown without a problem. The index of these fields is set to All and for English.

Because the index is empty, the entry lists based on any of the fields are also empty. While I would expect the data of all records of the current user’s company.

 

Replication

I tried to replicate the problem with a new FM17 file but that works fine, both local and shared. Because the real file can not be distributed the testfile is included as an example.

It has two accounts:

  • Admin with empty password for full access
  • Test with empty password for limited access

Logged in with the Test account you can use there buttons in the top left corner of the lay-out to set the current company code. Then see the records change between visible and no access. Including the entry list used in the popup menu for the field Test Entry. Again, this file works fine for me but a similar setup in another file behaves as described above.

 

Workaround

Use a text field with global storage option enabled. The index values are shown and the value lists are filled.

Since these global fields also need read and write privileges enabled, I rather use a global variable. In my opinion it should also work with a global variable and this may indicate a bug.

 

Your comments are welcome.

Outcomes