13 Replies Latest reply on Jan 1, 2015 11:55 PM by ruud@rnb-it.nl

    Privilege Set , <No Access> records

    ruud@rnb-it.nl

      Hi,

       

      I have one problem with the Privilege Set and Security issue, some records are still shown with the <no Access> in the fields, even after an Perform Find on a UUID with "*".

       

      In the SecurityApp we have restricted the records by an calculation, defined in the PrivilegeSet: MultiSourceUser.

      the calculation determine if the user is granted to view the data, if true it sees the data if not it should not be visible.

      When loading the layout i preform a find on an UUID but still the records are shown with <no acces>


      see the attached file.

      UIgloabals frm is for the administrator, when looked in as Admin we have Full Access, when relogin as "Peter" (no password)

      there are two records blocked.


      can anyone help to solve this problem.


      Ruud

       

        • 1. Re: Privilege Set , <No Access> records
          keywords

          First let me say, you explanation is not entirely clear, but I have tested record visibility by referring to the @Company layout.

          After a bit of a play around with your file I can't solve it, but can offer the following:

           

          1.     It seems to have something to do with how your privileges are set, in particular the various unstored calcs

          2.     When you log into the file and attempt to check/uncheck the All Companies checkbox on the RHS of your screen a dialog comes up: "This field cannot be modified until "id_tableName_User" is given a valid value". The only way to get around this block seems to be to click on ANY account in the left hand portal.

          3.     Once logged in as either Peter or Kim, checking or unchecking the All Companies checkbox alters the record visibility but not necessarily on the first switch.

          4.     I note that clicking on this portal is what sets the $$tableName_User global variable, which is what sets the missing field value referred to in 2 above.

          5.     If I log in as either Peter or Kim while the All Companies checkbox is already checked I can see all records immediately, but thereafter checking/unchecking alters their visibility. Conversely if I log in with it unchecked then the initial state is limited visibility, which can be altered by the checkbox. If I relogin as admin the state of the checkbox makes no differences, as you would expect.   

           

          Somewhere in all of this lies your answer. Hope you can solve it.

          • 2. Re: Privilege Set , <No Access> records
            mtwalker

            The calculation in the privilege set is being evaluated from the wrong context so you are referencing fields in an unrelated table. I think you need to change the context from SC_Company to LS_Company » Globals and in the calculation itself, change Privileges_Users::privileges to LS_Users ≫ Globals::privileges

            • 3. Re: Privilege Set , <No Access> records
              ruud@rnb-it.nl

              I have stripped a lot of the coding and layouts.

              the layout for the security set-up is not the problem, to reset the show all records remove the value in the layout @ user privilege for the field Access_all and re-login as  "peter" and look in the @ company layout there are records with <no access>.

              The security calculation works fine, the records are blocked, but are shown the last point is the problem.

              How can i avoid that these records are visible.


               

              • 4. Re: Privilege Set , <No Access> records
                ruud@rnb-it.nl

                In my relation graph we have also an relation from TO "SC_Company"  to TO "Privileg_users"  to TO  "UserPrivileges"

                so the calculation is in the correct context. The calculation is working, some records are blocked when login as Peter or Kim

                But still visible in the layout @ Company, that is the problem,  some records are shown with fields with <no access>

                • 5. Re: Privilege Set , <No Access> records
                  mtwalker

                  Sorry, I misunderstood. I thought that the issue was that the records were <No Access>. If understand correctly, you want the no access records to not be visible. You could use a filtered portal to only show the records for which the user has access. If you can't use a portal, you might try a layout trigger that contrains the found set to juts the records the user should see. You would need to use custom menus to modify Show All, Find, Show Omitted, etc to prevent them from changing the found set.

                  • 6. Re: Privilege Set , <No Access> records
                    ruud@rnb-it.nl

                    Hi that's is the point when we use an perform find on UUID with "*"  then the records should not be visible , even in a standaard filemaker "list view" the perform find is trigged when the layout is loaded, but even then the records are shown.

                     

                    How can we prefend to get the records with <no access>

                    • 7. Re: Privilege Set , <No Access> records
                      taylorsharpe

                      No Access will always show when a record is displayed but the privileges do not authorize seeing that field.  You can either do find or constrain to filter out those records so they don't see them or you can use the hide function so the fields go away when they are not authorized.  However if you hide them, you'll still see the blank line showing a record. 

                      • 8. Re: Privilege Set , <No Access> records
                        ruud@rnb-it.nl

                        When we perform a find on the field UUID and the records are marked as <no access> will filemaker find these records?

                        When a search on the internet to this question is seems that filemaker should not show these records.

                        • 9. Re: Privilege Set , <No Access> records
                          mtwalker

                          Performing a find with "*" is going find all of the records, regardless of if they have access. If you want to show just the records they can access you are going to need to preform a find for the records with IDs in the access_ID field for the user. You could also create a Company portal that is filtered based on the UserPrivileges::access_ID field or a Company portal that is based on a relationship between the UserPrivileges::access_ID field and the Company::id field

                          • 10. Re: Privilege Set , <No Access> records
                            BruceRobertson

                            Absolutely NOT the case. This is one of the great features of record access privileges. Find operation will not reveal no access records.

                            • 11. Re: Privilege Set , <No Access> records
                              mtwalker

                              Sorry, I should have been more clear. The way the attached file is setup it will display all records in the company table regardless of access because when you click the relogin button to log in as Peter, it doesn't perform the find again. It is still showing the found set that was there when the file was opened as Admin.

                              • 12. Re: Privilege Set , <No Access> records
                                mtwalker

                                The "Show Accesable" script is set to run with full access privileges so it is ignoring the privilege set.

                                • 13. Re: Privilege Set , <No Access> records
                                  ruud@rnb-it.nl

                                  Thanks, that little box solves the problem.