9 Replies Latest reply on May 3, 2013 10:31 AM by Stephen Huston

    Conditional view by Username How?

    ziceg

      I have a table A that has the following fields:

      - Full Name

      - Username

       

      The Full Name field is used to create a value list, which used in another table B.

       

      What I would like to do is when the user logs in, get the information of what username was used to log in to then determine what records of Table B they can see.

       

      How do I get it to:

       

      a) get the username from log in. I'm assuming it's just to create a script and use the "Get (Username)" and put that info into a Variable to then use later (would this be a $User or $$User type of variable)

      b) know that if username "auser" = to "Anthony User" as per Table A

      c) set a script so that only the Records in Table B that in User field equal to the above are shown.

       

      Thanks

        • 1. Re: Conditional view by Username How?
          Fred(CH)

          Hi Ziceg, I think there are many different ways but here is my suggestion :

           

          1 ) If you haven't yet, create an initalization script and trigg it to OnFirstWindowsOpen event of Script triggers'tab in FileMaker Pro 12 File Options... or call it on "Opening this file" section with "Perform script" button in FileMaker Pro v11 File Options...

           

          2 ) Add theses steps to your initalization script :

           

          #To connect with Account Name of Security management

          Set Variable [ $username; Value:Get ( AccountName ) ]

          #Or to connect with User Name of FMP Prefs

          Set Variable [ $username; Value:Get ( UserName ) ]

          #Anyways we are searching for corresponding FULL name...

          Go to Layout [ “Table A” (Table A) ]

          Enter Find Mode [ ]
          Set Field [ Table A::Username; $username ]

          Perform Find [ ]
          If [ Get ( FoundCount ) ]

          #Ok, lucky guy, we continue

          Set Variable [ $$username; Value:Table A::Fullname ]

          Go to Layout [ “Table B” (Table B) ]
          Enter Find Mode [ ]
          Set Field [ Table B::Fullname; $$username ]

          Perform Find [ ]

          Else

          #No luck... What to do if no match ?

          End If

           

          3 ) Create a script "search user records" to be called with a button :

           

          Enter Find Mode [ ]
          Set Field [ Table B::Fullname; $$username ]

          Constrain Found Set [ ]


          OR  with a layout script trigger when OnModeExit for instance :

           

          If [ Get ( WindowMode = 1 ) ]

          #The user is performing a custom search, we are adding a criteria to show only his records

          Set Field [ Table B::Fullname; $$username ]

          Constrain Found Set [ ]

          End If

           

          4 ) You can also increase security and use $$username to restrict record access. Etc…

           

          I hope it could help...

           

          Bye, Fred

          • 2. Re: Conditional view by Username How?
            LyndsayHowarth

            It is more secure to make the privilege set for the account level you want to restrict only see records in certain tables based on a field match and the logon account name or privilege set.

             

            For example, if the accountname is assigned to the staff privilege set and the file opens to a table for which the staff can read and edit the records... you could restrict the invoices in either of these two ways:

             

            1. you could allow the accountname to see only records where the logged on accountname equals the creator name in the invoice records by editing the privilege set called staff to limit tthe view to only matching records.

            or

            2. you could allow the privilege sets to be called "Northern Region" / "Southern Region" or similar regional classifications or perhaps "Shoe Dept" / "Haberdashery Dept" or whatever and allow the logged on user to see records where the "Region" or "Dept" value in the invoice records matches the privilege set name.

             

            The advantage of doing it this way is that your staff see only the records which they are allowed to. If you do it the way Fred suggests, the user can bypass your restrictions.

             

            There is a third way...

            3. you can use a data-separation method and lock users into an interface where they are restricted to sets of data by relationship... in which your open script would set a global field for the accountname and view the invoices via that relationship.

             

            HTH

             

            - Lyndsay

            • 3. Re: Conditional view by Username How?
              Fred(CH)

              Hi Lindsay,

              Thank you for your post !

              It is true : i misunderstood that the goal was a definitive restriction but i thought more about a simple convenient display...

              So for that, i agree 100% that your way is clearly more secure !

              Bye, Fred

              PS: Sorry beacause my english is approximative

              • 4. Re: Conditional view by Username How?
                LyndsayHowarth

                J'oublie tout mon français et votre anglais est parfaitement bien, mais j'insiste sur un 'y' pas un 'i' en mon nom. ;-)

                 

                LOL

                 

                - Lyndsay

                 

                Message was edited by: Lyndsay Howarth  AND yours was a fine solution if security was not an issue.

                • 5. Re: Conditional view by Username How?
                  ziceg

                  Thanks a lot for that, I'm still trying to work my way through your sugestions and Lyndsay's, so hope I will manage to get it to work somehow.

                  • 6. Re: Conditional view by Username How?
                    Fred(CH)

                    Hi Zyceg,

                     

                    Thanks for replying. Well, i feel you a bit... perplexed ?

                     

                    As you seen, my suggestion was based on automatic search, and just display to a user "his" related records. It can be very convenient for end user, if the goal is to facilitate his access to datas. But if your goal is to definitly restrict user access to data, you should not use my way.

                     

                    Lyndsay's main suggestion is a security based solution. It is very efficient and rather simple to set (i will detail it below) AND will guarantee you that a user who is accessing through an account configured this way, never could access to other user's data, in any way. So, you cannot use it if theses users must be able to access to other user datas too.

                     

                    I think Lyndsay didn't gave you so much details because his solution is easy to set up and fully documented. But maybe, you need a bit more "how to" explanation. If true :

                    1 ) Select menu command : File > Manage > Security…

                    2 ) Go to Privilege Sets tab and add New one.

                    3 ) Configuring this new privilege set, you must choose on Data Access for Records the "custom privileges…" item.

                    4 ) Here, the point is for Table B to choose for View access the "limited…" item. And enter this formula :

                     

                    Full Name = Get ( AccountName )

                     

                    5 ) Validate all dialogs and then, you must map the wanted accounts to this brand new privilege set, by editing the account in Accounts tab of Manage Security dialog box.

                     

                    Please note that the restricted records will be apparent but without data on it. Instead of datas, user will see the text <No Access>

                     

                    And the trick is done ... Tell us if need more help. Good luck !

                     

                    Bye, Fred

                    • 7. Re: Conditional view by Username How?
                      ziceg

                      Thanks for that step to step instruction ... just what I need

                       

                      Only issue I'm having is that the AccountName is not matching the Full Name. Let me explain:

                       

                      In Table A (Reps) where I keep all the usernames and passwords etc I have

                           Field A (Rep) - Full name i.e John Smith

                           Field B (U) - Username i.e jsmith

                           Field.....

                       

                      In Table B (Agreements) I have numerous fields but I have a "Rep Name" field where the Full Name (ie John Smith) is selected from a list which was created from getting the info from Table A Field A, whilst the login details AccountName match the info in Table A Field B

                       

                      I followed the above instructions in the custom privilege, but I don't think they match as I assume the result would be something like [John Smith = Get (jsmith)]

                       

                      I guess we are almost there....

                       

                      On another note you also mention "Please note that the restricted records will be apparent but without data on it. Instead of datas, user will see the text <No Access>" does that mean if there are no records that match his it will come up with the <No Access> window as opposed to maybe having a message window to say "No records available" or similar?

                       

                      Thanks

                      • 8. Re: Conditional view by Username How?
                        Fred(CH)

                        Hum... You have right, it seem that cannot match like this.

                         

                        Possibly you must modify a little your tables and the relationship before... I mean :

                         

                        Table Reps (A) and table Agreements (B) must be related by a matching field that must be reliable and unique on Reps table. For many reasons, I strongly recommend the use of Account Name for that instead of Full Name (that can be easily displayed anyways). Be careful about terms : FileMaker User Name is not usable here because the user can redefine it easily trough FMP Prefs. It is one reason why you must use Account Name.

                         

                        On Agreements table, you must define the field options to auto enter Account Name when creating a new record to allow end users to view the new records they add.

                         

                        For administrators, you can define a field-based list that refers Reps::Account Name field. You can display as second field the Full Name if you want. You can even show only the second. But is is only a display tip. Behind this, only the Account Name is stored. Thus, the admin can easily change Agreement's users affectation.

                         

                        Finally, yes you have right one more time, for the <No Access> when displaying records. See attachment below.

                         

                        Bye, Fred

                        • 9. Re: Conditional view by Username How?
                          Stephen Huston

                          A caveat on the use of Get (UserName):

                          The UserName returns the "name" being used by the computer, not the FM account name of the currently logged-in user. a computer's UserName can be modified in the FM program settings to anything, so it is not necessarily consistent for a user's FM account, especially if they may use more than one computer to access the files or more than one use with access to the same computer.