Until now, all of my development has been for clients using the solution "in house" without security privileges limiting users. I've used scripts and layouts to control access since the issues were mainly about user experience than "security".
I have a client who would like to host a database and allow users from multiple companies store their data...clearly a situation that requires more attention to record level access privileges. I'd like to limit accounts to "their" records, without having "<No Access>" show up everywhere.
It appears to limit users to records they've created, I need a text field ( named, say PrivilegeSetCreated ) with an auto-calculation = Get ( AccountPrivilegeSetName ) and in the Records: Custom Privileges...menu of the Privilege Set set the View calculation to Get ( AccountPrivilegeSetName ) = PrivilegeSetCreated. That seems to work. Will it hold up though? Is there a better way?
For the <No Access> issue, Finds and GTRR seem fine, they filter out the prohibited records. I can see I'll need to take control of the "Show All" custom menu item, and keep "Run scripts with full access privileges" option in mind when scripting. Any other "gotchas" I should keep in mind?
Anyone have experience and wisdom they'd share about building something similar?