5 Replies Latest reply on Mar 26, 2013 5:41 PM by Lemmtech

    controlling access to individual fields - possible?


      I'm looking for a way to control access to individual fields based on some user configuration values, but without having to change privilege set.


      Details: I have a database that has various stages of the lifecycle of a product (let's call them "phase1", "phase2", and "phase3" for now). In each phase there are several fields that I need to offer more security for. Let's say the special fields are as follows (this is made up to illustrate the issue):


      phase 1:

      start date



      contact cell phone

      phase 2:



      code word

      phase 3:

      signature container


      Note in particular that the "secure" fields are not of the same kind. Also, while I only show 8 "secure" fields, in reality I have more such fields, and I may at any point need to add yet more "secure" fields, and I may even add entirely new "phases" with new secure fields.


      The previous developer had four privilege sets: basic (can't see any of the secure fields), phase 1 (can see the secure fields in phase 1 but not in phases 2 and 3), phase 2, and phase 3. Thus, if a user needed to access the "code word" field in phase 2, she'd re-login under the phase 2 privilege set. (This of course assumes they log in under different account names to obtain different access -- they used group accounts.)


      Apart from the reliance on group accounts rather than individual accounts, it simply doesn't scale -- in our scenario, an individual user may be given permission to view ANY specific combination of secure fields; the number of privilege sets/accounts required to set this up would be prohibitive.


      What I thought to do was to have a checklist in the user record where I could indicate what secure fields the user has access to...


      Specify what fields user can access:

      x start date



      x contact cell phone


      x salary



      then I would control access to the corresponding field by privilege set logic such as:


      PatternCount( user_list ; this_field ) > 0 (etc.)


      This would have been fine IF FileMaker security allowed you to specify field-level access by calculation -- but it doesn't: it's just "no access", "view", or "modify". (The calc-based contol is at whole RECORD level...)


      I can easily control access via the interface with calc logic, of course, but this leaves the data still vulnerable at the data level -- someone could easily export the records and the fields are wide open, even if I "hid" them in the interface.


      So: is it possible to securely control access to individual fields in a case like this -- where any individual field may in principle be turned on or off for access (i.e., there are no natural "groups"), and I want to have users log in by their usernames and not switch privilege sets?


      How do you handle such a case?




        • 1. Re: controlling access to individual fields - possible?

          I don't think there's a way to do field level access control as you said.


          We have previously gotten around this by doing different layouts for the level inside of a value list, then having a session global variable, and script triggers, that deny access to layouts that a user does not have access to.


          Login with: set variable $$privs = 1


          GoTo Layout - Level 2

             script trigger onRecordLoad:

             if ($$privs > 2)

               GoTo Layout - Dashboard

               Show custom dialog - "ERROR, YOU CAN NOT ACCESS THIS LAYOUT"

             End If

          • 2. Re: controlling access to individual fields - possible?

            Maybe you need to loolk at shutting down the user's ability to export whatever they want.  Do the exporting through scripts were you pre-define what fields are exported based on what the phase is.

            • 3. Re: controlling access to individual fields - possible?

              Kevin -


              If you really need to be able to turn on and off individual field access in this way, then yes, you'll need to do it with a combination of interface and privileges. As you rightly note, a user can export records to gain access to the "secure" fields, so you'll have to disable the "Export Records" privilege in the appropriate privilege set (possibly trapping the command in the menu with a Custom Menu for a better user experience). In addition, you'll need to trap external access (such as ODBC, web publishing or other FileMaker files) to prevent unauthorized individuals from accessing the "secure" fields.


              Another question would be, do you need for these users to be able to edit the data in these fields, view the data, or not see it at all? Reason being, if they need to be able to view, but not edit, then a calculation field is a possible option. It clutters your schema, but you can echo out the field in a calculation for the users with View, but not Edit privileges. This would allow them, for example, to copy the contents of the field without being able to change it. As an added bonus, you can set the calculation result to null for those cases where they don't have access.





              • 4. Re: controlling access to individual fields - possible?

                Kevin Cunningham wrote:


                I'm looking for a way to control access to individual fields based on some user configuration values, but without having to change privilege set.


                You can also consider using the Staff table using checkbox to add additional refinements to the privileges (although it would NOT replace them).  You then only allow these checkboxes on certain fields and only certain privilege sets can modify them or even access the layout.  This provides manager-control over those types of privileges which are user-specific and change regularly.


                As for fields, most can be tested upon entering then and entry refused.  Checkboxes, radio buttons and pop-ups will not stop entry but you can use OnObjectKeystroke and stop them and kick them out (with a nice message of course).  There are many options to assist with the process.  The right one for any specific situation would differ.

                • 5. Re: controlling access to individual fields - possible?

                  It's not clear what level of control you are after. Not being to see the data in the field or not view the field at all? FM doens't have condiional visiability of objects so once you turn off the ability to export data (which should have been done already) then it's it just a matter of using the GUI to hid what you don't want people to see but it sounds like your combinations might be endless. You could set merge variables with just the data you want people to see if then don't need to search on the data I suppose.