It should work, even with USERS hidden
In the USERS file, Accounts, make sure the Extended Priveleges include IWP
Thanks for the reply. I double checked and the Extended Privledges are set correctly to include IWP.
This should work and it is odd to me that you say it works in FMP but not in IWP. Check for proper authentication in the USERS file. You need to have corelation between accounts in the two files.
Example: John Doe logs into BID_LOG using an account of "jdoe". There has to be a way for John Doe to authenticate against the USERS file with proper privs. This could mean that you need an account in USERS of "jdoe" or it could mean that you have the built-in Guest account turned on and linked to a priv set. The default priv set for the Guest account is [Read-Only Access], but you can change this as needed.
Doug de Stwolinska
Thanks for the feedback. I do have the proper access set between the files. We authenticate through AD. I set a global field to the Account Name in an On Open script and this is the foreign key to the USERS file. Other than in IWP this works flawlessly.
I will find a workaround I am sure. Thanks again for your input.
This is definitely baffling now as I have a dB with virtually the same setup that you do. I have a main file for the solution and a "users" file that is also hosted on the FM server and is accessed by other solutions as well as this one. All authentication is done via Active Directory. In my case, I have several specific AD groups in the main file, but only two groups in the users file. One of the two groups in the users file is a general "domain users" one that all staff are put into by default. I have this group linked to the built-in Read-Only priv set. The other group is a high-level AD group that I belong to.
Because it is IWP, when staff access the main file, the IWP authentication page comes up. They enter their AD username/pwd and then the users file opens hidden in the background. We don't have the specific AD groups in the users file, but they are able to authenticate against the "domain users" group. If you don't have a separate, "catch all" AD group for use in the USERS file, you will need to have the same AD groups in there that you have in the main file. If this is the case, make sure that the name of the AD group is exactly the same in the main file and the USERS file.
I too, am setting their AD username into a global in the main file upon login and this serves as the basis for a relationship to the users file that also contains the username of the staff.
What if you were to try and open up the users file directly in IWP? It should present the authentication page and you should be able to input an AD username/pwd that you know is in an AD group that you have coded in the file. Do this with a staff account, not your high-level account.
If you haven't done so already, put the global field that contains the username on a layout and verify that upon login via IWP that the global is getting set correctly. Maybe also drop a related field in the USERS file on the same layout. In IWP, you should be able to change the global field and (depending on your AD setup/permissions), see the desired, related data change as well.
How do you have the external data source to the USERS file setup in the main file? If it is hosted on the same server, all you need is a regular "file:filename" type reference.
That's about all I can think of right now.