First let me say, you explanation is not entirely clear, but I have tested record visibility by referring to the @Company layout.
After a bit of a play around with your file I can't solve it, but can offer the following:
1. It seems to have something to do with how your privileges are set, in particular the various unstored calcs
2. When you log into the file and attempt to check/uncheck the All Companies checkbox on the RHS of your screen a dialog comes up: "This field cannot be modified until "id_tableName_User" is given a valid value". The only way to get around this block seems to be to click on ANY account in the left hand portal.
3. Once logged in as either Peter or Kim, checking or unchecking the All Companies checkbox alters the record visibility but not necessarily on the first switch.
4. I note that clicking on this portal is what sets the $$tableName_User global variable, which is what sets the missing field value referred to in 2 above.
5. If I log in as either Peter or Kim while the All Companies checkbox is already checked I can see all records immediately, but thereafter checking/unchecking alters their visibility. Conversely if I log in with it unchecked then the initial state is limited visibility, which can be altered by the checkbox. If I relogin as admin the state of the checkbox makes no differences, as you would expect.
Somewhere in all of this lies your answer. Hope you can solve it.
The calculation in the privilege set is being evaluated from the wrong context so you are referencing fields in an unrelated table. I think you need to change the context from SC_Company to LS_Company » Globals and in the calculation itself, change Privileges_Users::privileges to LS_Users ≫ Globals::privileges
I have stripped a lot of the coding and layouts.
the layout for the security set-up is not the problem, to reset the show all records remove the value in the layout @ user privilege for the field Access_all and re-login as "peter" and look in the @ company layout there are records with <no access>.
The security calculation works fine, the records are blocked, but are shown the last point is the problem.
How can i avoid that these records are visible.
In my relation graph we have also an relation from TO "SC_Company" to TO "Privileg_users" to TO "UserPrivileges"
so the calculation is in the correct context. The calculation is working, some records are blocked when login as Peter or Kim
But still visible in the layout @ Company, that is the problem, some records are shown with fields with <no access>
Sorry, I misunderstood. I thought that the issue was that the records were <No Access>. If understand correctly, you want the no access records to not be visible. You could use a filtered portal to only show the records for which the user has access. If you can't use a portal, you might try a layout trigger that contrains the found set to juts the records the user should see. You would need to use custom menus to modify Show All, Find, Show Omitted, etc to prevent them from changing the found set.
Hi that's is the point when we use an perform find on UUID with "*" then the records should not be visible , even in a standaard filemaker "list view" the perform find is trigged when the layout is loaded, but even then the records are shown.
How can we prefend to get the records with <no access>
No Access will always show when a record is displayed but the privileges do not authorize seeing that field. You can either do find or constrain to filter out those records so they don't see them or you can use the hide function so the fields go away when they are not authorized. However if you hide them, you'll still see the blank line showing a record.
When we perform a find on the field UUID and the records are marked as <no access> will filemaker find these records?
When a search on the internet to this question is seems that filemaker should not show these records.
Performing a find with "*" is going find all of the records, regardless of if they have access. If you want to show just the records they can access you are going to need to preform a find for the records with IDs in the access_ID field for the user. You could also create a Company portal that is filtered based on the UserPrivileges::access_ID field or a Company portal that is based on a relationship between the UserPrivileges::access_ID field and the Company::id field
Absolutely NOT the case. This is one of the great features of record access privileges. Find operation will not reveal no access records.
Sorry, I should have been more clear. The way the attached file is setup it will display all records in the company table regardless of access because when you click the relogin button to log in as Peter, it doesn't perform the find again. It is still showing the found set that was there when the file was opened as Admin.
The "Show Accesable" script is set to run with full access privileges so it is ignoring the privilege set.
Thanks, that little box solves the problem.