11 Replies Latest reply on Jan 20, 2012 10:57 AM by RayCologon

    Restrict a user to seeing only his records

    danknight

      Forgive me if this is a simple process, but I'm new to FM currently migrating from Access because Access web interface is well you guess.

       

      Im creating a time sheet database that will require users to be able to see only their records (ie: their timesheets). I'm hoping to either use the built-in User login and permissions to restrict non-admin users to only a timesheet layout. However what I need is a method to have the timesheet only show the data (timesheets & related Details, Expenses, Allocation (all three different tables)) for the given user.

       

      Any suggestions.

       

      Thanks,

       

      Dan Knight

        • 1. Re: Restrict a user to seeing only his records
          RayCologon

          Hi Dan,

           

          In one form or another, limiting users to a given set of data is a fairly common requirement.

           

          FWIW, you'll find a "proof of concept" demo of one of the ways to approach this at the following link:

           

          http://www.nightwingenterprises.com/demosX/demoX07.html

           

          The method in question requires FileMaker 10 or later, and uses a combination of features (access privileges, custom menus, scripting and triggers) to make the experience relatively seamless.

           

          Hopefully that will provide you with a starting point, and to give you a few ideas to work with.

           

          Regards,

          Ray

          ------------------------------------------------

          R J Cologon, Ph.D.

          FileMaker Certified Developer

          Author, FileMaker Pro 10 Bible

          NightWing Enterprises, Melbourne, Australia

          http://www.nightwingenterprises.com

          ------------------------------------------------

          1 of 1 people found this helpful
          • 2. Re: Restrict a user to seeing only his records
            danknight

            Thank-you Ray,

            I'll check out your example and play with it over the holidays.

            I'll also check out your book; Is there a FM 11 version?

             

            Dan

            • 3. Re: Restrict a user to seeing only his records
              CarstenLevin

              There are different methods you can use, either on their own or in combination.

              • Model A: You can choose to use relations based on the user ID to display only the correct time sheets.
              • Model B: You can choose to set up searches to display only the relevant time sheets (making sure that searches always include the user ID).

               

              One important question: Do you want to limit the display of time sheets to give the users a better UI experience or is it important that one employee can not see data from other employees?

              • If this is the case you should always combine the UI solution (model A and B) with relevant security measures. In this case using a privilege set with a calculation based on the Account Name (use Creation Account or other relevant method).

               

              You can of course choose to use the privilege set only to limit what the users can see. This will make sure that nobody can see data not intended for them. But being able to see records you should not see is usually not a good user-experience.

               

              Model A:

              You could probably set up a rather secure solution by only having layouts showing data based on relational values using the Account Name. And you can build very userfriendly solutions by using portals for showing lists and related fields on detail layouts.

               

              Model B:

              This model will be fine as well, but if you permit the user to searc freely they could maybe end up committing searches showing time sheets belonging to other people. This can be avoided by controlling the search process with scripts and/or scripttriggers ensuring that the User ID is always included.

               

              Still: I would always use the FileMaker Security model (privilege set) to make sure that if I (the developer) make a mistake (or forget something) in the UI, people will still only be permitted to see what they should see.

               

              Bad user experience - just the usual example

              First how it would look without any limitation:

              timesheetaccess04full.jpg

              And here logged in as one of the users:

              timesheetaccess04limited.jpg

              As usual FileMaker's security model makes sure that data is correctly protected. But it is not a good practice to show the users records giving them a badd user-experience by showing <no access>.

               

              A few extra thoughts

              • When setting up the privilege set allowing people to see only their own time sheets, you can also set them only to be editable lets say "3 hours" after the creation time or within "24 hours", depending on your business rules.
              • Consider reports and other summary data. Which Privilege Sets do you need for those?
                If the UI is the primary issue and if you want to be able to create full reports within the users Privilege Set, you could consider the model with relations and without the privilege set limitations.

               

              Well, your question is already a month old, but i happened to stumple over it.

               

              Best regards

               

              Carsten

              1 of 1 people found this helpful
              • 4. Re: Restrict a user to seeing only his records
                ptrc

                I use a combination of access privledges and contrain found set to eliminate the <No Access> situations. In a few of my solutions some of the users can only see the records once a higher level use has enabled them. The constrain found set in the startup script works like a charm and the users are non the wiser.

                • 5. Re: Restrict a user to seeing only his records
                  danknight

                  Ray,

                  I downloaded the demo and it appears to do what I desire and quite seamless. However, I can't get to the scripts or privilege sets to see what you've done to make it work.

                   

                  Dan

                  • 6. Re: Restrict a user to seeing only his records
                    RayCologon

                    danknight wrote:

                     

                    Ray,

                    I downloaded the demo and it appears to do what I desire and quite seamless. However, I can't get to the scripts or privilege sets to see what you've done to make it work.

                     

                    Dan

                     

                    Hi Dan,

                     

                    The demo is fully unlocked, so if you don't have access to scripts or security while the Admin account is selected (in the pop-up menu at the top of the main screen) that would most likely be if you opened the file directly from the archive it downloads in - files opened from archives open as read-only.

                     

                    If that's the case, then just close the file, drag a copy of it out of the archive onto a local hard drive and open it from there and you should find that you have full access.

                     

                    Regards,

                    Ray

                    ------------------------------------------------

                    R J Cologon, Ph.D.

                    FileMaker Certified Developer

                    Author, FileMaker Pro 10 Bible

                    NightWing Enterprises, Melbourne, Australia

                    http://www.nightwingenterprises.com

                    ------------------------------------------------

                    • 7. Re: Restrict a user to seeing only his records
                      danknight

                      Ignore the previous reply; the privilege sets are right where they're suppose to be. Note to self: Think BEFORE posting.

                      • 8. Re: Restrict a user to seeing only his records
                        danknight

                        Yes they are there, although I'm not sure I'm fully here. Thanks. Learning curves are hard on old guys

                        • 9. Re: Restrict a user to seeing only his records
                          RayCologon

                          No problem, Dan.

                          danknight wrote:

                          Learning curves are hard on old guys

                           

                          Actually, the way I see it, yer not old 'til you *stop* learning.

                          • 10. Re: Restrict a user to seeing only his records
                            danknight

                            Ray,

                            I've set up my database as best I can attempting to emulate the privilege sets you set up in your demo. it appears to work too well. When I log in as Admin (full Access) I see all the records; When I log in as Dan Knight (privilege set to restrict access) I see all the records, BUT all the fields/controls display <<No Access>>.

                             

                            What am I missing?

                             

                            Dan

                            • 11. Re: Restrict a user to seeing only his records
                              RayCologon

                              danknight wrote:

                              What am I missing?

                               

                              Hi Dan,

                               

                              On the Info screen of the demo there's a fairly detailed description of what's involved. Setting up the accounts and privilege sets is the first step, but as the info screen explains, there are several other things that are required - there are a number of things working together to achieve the effect shown in the demo.

                               

                              After you read through the details on the info screen in the demo, you would probably want to check out the scripts, including the one named "Show User Data", and also take a look at the way the custom menu set is configured - especially the Records menu in that set.

                               

                              Cheers,

                              Ray

                              ------------------------------------------------

                              R J Cologon, Ph.D.

                              FileMaker Certified Developer

                              Author, FileMaker Pro 10 Bible

                              NightWing Enterprises, Melbourne, Australia

                              http://www.nightwingenterprises.com

                              ------------------------------------------------