Clarification - When I say all users have full access privleges, what I mean is these privleges are granted in the Edit Privleges Set.
1 of 1 people found this helpful
Your Full_Access privileges should be reserved for the developer only.
I assume you have created a privilege set which the user account you mentions uses. This privilege set hold the key to your settings. Let's call it "client".
Your user can then be limited to see files (Records actually) based on the privilege set name being equal to the value of the ID_Status. I assume you have done this by making the account name "Client". That only works for one account whereas using the privilege set allows several users to be restricted.
In the privilege set you can define custom access to each field, layout and allow users to view or edit the data. You have to go in to the settings and open up the restrictions you have set. If you have used one of the default privilege sets as a basis, they may have come with too many restrictions which you have to loosen up.
Perhaps you could show us a screen pic of the privilege set so we can talk specifics.
Hi Lyndsay! -
Yes, your assumptions above are correct. Much of my concern was not that access couldn't be limited, but that limiting access was creating UI issues. Records were marked no access in every field - but still visible. -or- the correct records were visible - but unmanagable. At a dead end, I abandoned this path to take a different approach.
Since posting my question, I've been experimentinfg with relationships between tables, the information related between them and limiting access through layouts attached to related tables. I'm not quite where I need to be in terms of comprehension - but I think what I just said makes sense - I think. Since following this tact I've been more successful and I see promise, not at such a dead-end as when I posted. For me at least, much of learning is in doing.
I may yet take you up on a more specific discussion if (when) I find myself mired again.
Thanks for the response and the comments,
Most certainly the relationships will restrict the set of records shown. This is one of the key things you need to get a handle on.
The relationship alone won't lock out the data that the user shouldn't ever see whereever he navigates. This is where the privilegesets come in.
The privilege set you built did not entirely lock out the user as it showed the <no access> which you won't get if you do it the right way.
It is tricky.... I perhaps I should build a demo one day.