8 Replies Latest reply on Apr 3, 2012 10:49 AM by ppaulo

    designing for limited RLA privileges

    DavidJondreau

      Until now, all of my development has been for clients using the solution "in house" without security privileges limiting users. I've used scripts and layouts to control access since the issues were mainly about user experience than "security".

       

      I have a client who would like to host a database and allow users from multiple companies store their data...clearly a situation that requires more attention to record level access privileges. I'd like to limit accounts to "their" records, without having "<No Access>" show up everywhere.

       

      It appears to limit users to records they've created, I need a text field ( named, say PrivilegeSetCreated ) with an auto-calculation = Get ( AccountPrivilegeSetName ) and in the Records: Custom Privileges...menu of the Privilege Set set the View calculation to Get ( AccountPrivilegeSetName ) = PrivilegeSetCreated. That seems to work. Will it hold up though? Is there a better way?

       

      For the <No Access> issue, Finds and GTRR seem fine, they filter out the prohibited records. I can see I'll need to take control of the "Show All" custom menu item, and keep "Run scripts with full access privileges" option in mind when scripting. Any other "gotchas" I should keep in mind?

       

      Anyone have experience and wisdom they'd share about building something similar?

       

      Thanks,

      David

        • 1. Re: designing for limited RLA privileges
          RayCologon

          Hi David,

           

          You can, of course, limit users' access to records via a range of criteria using RLA, but ensuring that they won't see "<No Access>" flags appearing is somewhat challenging, especially if you intend to provide access to the native Status Toolbar controls for switching layouts and so on.

           

          Some time back, we published a proof-of-concept file in the form of a demo of a method for combining custom menus and script triggers to make this work - more or less along the lines you've outlined. If you'd find the demo of interest, you can download a copy of it at:

           

          http://www.nightwingenterprises.com/demosX/demoX07.html

           

          It's unlocked (provided you remember to extract it from the archive before opening ) so, if it would be helpful, you can have a look at the approach we took.

           

          There are a few issues you haven't mentioned (such as clicks on the "pie" icon and the "Show Omitted Only" menu command) that you will see code for in the demo. Beyond that, it's a question of how far you want to go - for example, preserving the user's found set as they switch between layouts while also filtering to remove "<No Access>" records etc. You'll need to consider the use-cases for your specific solution to decide what's important and how best to "address and finesse" nuances of that kind.

           

          Regards,

          Ray

          ------------------------------------------------

          R J Cologon, Ph.D.

          FileMaker Certified Developer

          Author, FileMaker Pro 10 Bible

          NightWing Enterprises, Melbourne, Australia

          http://www.nightwingenterprises.com

          ------------------------------------------------

          • 2. Re: designing for limited RLA privileges
            DavidJondreau

            Thanks a lot, Ray. I'll take a look at your demo.

            • 3. Re: designing for limited RLA privileges
              ppaulo

              Hi Ray,

               

              your webpage claimed the demo to be unprotected, but when opening it (with FM11adv) the "Verwalten" (i.e. "Manage Database"(?)) Submenu is grayed out ??

              • 4. Re: designing for limited RLA privileges
                RayCologon

                ppaulo wrote:

                 

                Hi Ray,

                 

                your webpage claimed the demo to be unprotected, but when opening it (with FM11adv) the "Verwalten" (i.e. "Manage Database"(?)) Submenu is grayed out ??

                 

                Hi ppaulo,

                 

                The demo isn't locked. As noted above, the most likely reason why 'Manage Database' (and various other menu commands) would appear inaccessible would be if you opened the file from the archive you downloaded it in, without first extracting it to a local drive. Files opened directly from archives open as read-only, so commands such as Manage Database, Manage Scripts etc will therefore be grayed out.

                 

                That being the case, if you drag a copy of the demo file from the archive onto your local hard drive, then open it from there, you should find you have full access to the file (while you have "Admin" selected from the "currently logged in as" drop down menu on the ClientAccounts layout).

                 

                Regards,

                Ray

                ------------------------------------------------

                R J Cologon, Ph.D.

                FileMaker Certified Developer

                Author, FileMaker Pro 10 Bible

                NightWing Enterprises, Melbourne, Australia

                http://www.nightwingenterprises.com

                ------------------------------------------------

                • 5. Re: designing for limited RLA privileges
                  ppaulo

                  Thanks for your reply!

                  However, I did copy the file, i.e. I was working with an unprotected read/write version.

                  • 6. Re: designing for limited RLA privileges
                    RayCologon

                    Hi ppaulo,

                     

                    In that case, you need to ensure that you have selected the "Admin" account from the currently logged in as drop-down. The menu is set up to change the login account, and you'll only have access to Manage Database while logged in as Admin.

                     

                    All the best,

                    Ray

                    ------------------------------------------------

                    R J Cologon, Ph.D.

                    FileMaker Certified Developer

                    Author, FileMaker Pro 10 Bible

                    NightWing Enterprises, Melbourne, Australia

                    http://www.nightwingenterprises.com

                    ------------------------------------------------

                    • 7. Re: designing for limited RLA privileges
                      LyndsayHowarth

                      Hi David,

                       

                      I have a system (of many) which uses the principle technique Ray was suggesting at many different levels throughout the system. It determines what each user can see and do. The top level host user from one company who can create/delete other users assigned to a range of privilege sets and determine which regions, modules etc the new user has access to. This user, however, has no way of knowing that there maybe 10 other top level host users from different companies... whose data they can't see any evidence of. Even record IDs are host-specific.

                       

                      It is a matter of layering your security across the project making as much as possible determined by field values that can be switched...

                       

                      I know of such systems also where the filtering calculations use comparison between $$variables and fields... not just Fields.

                       

                      In addition...

                      - try to limit the number of "Finds" you allow... and instead use controlled filtering.

                      - check access level of the user and prevent them going where they have no access... don't allow them to go there and then find out.

                      - Don't put fields on layouts where a user might be denied access... unless you mask them on a different tab allowing access only to only those with adequate privileges.

                       

                      HTH

                      - Lyndsay

                      • 8. Re: designing for limited RLA privileges
                        ppaulo

                        Hi Ray,

                         

                        just to make sure I haven't missed or misunderstood something important:

                        AfaIk there is no option to retrieve a complete list of user accounts in FM via a script step or function so I guess you have populated your user-valuelist manually?

                         

                        I am asking this because I want to implement a solution which uses the FMButler/PrinterSwitch plug-in in the multi-user version. To get a user- (i.e. admin-) friendly result it would be very convenient if the admin could be enabled to define the individual printer-setups for each user without having to access the database/manage/security screen and to check/update the current set of users.