Kirk: Of course there are all sorts of ways this could be done. It all depends on the complexity.
We had to record by each user which records they were restricted from seeing. We also needed to permit / restrict by a group as well. Therefore we could not put a ‘flag’ within the record. When a record was first found (i.e. Query) before being displayed we would have to check each record in the selection to see if there was a record in our ‘Restricted’ table for the currently signed in User. There could be different levels of restrictions as well. For some kinds of restricted records we also needed to record what the query was that found the record(s). This was to see if they were hunting for that record, or it was by accident. Therefore for each user there was an associated table that indicated which groups they were in. We used the record keys (Primary Key) to search for each record to see if the current user was restricted in regard to the record. Of course this could be much easier if there are less possibilities. Jody > On 05/12/2017, at 1:42 PM, Kirk Brooks via 4D_Tech <[email protected]> > wrote: > > Hi folks, > I'd like to hear from some of you who have implemented systems that allow > for record-level access control in a 4D database. This is the sort of thing > where we want to prevent unauthorized users from seeing or inferring the > 'restricted' records. > > Theoretically it's pretty easy - include a field on relevant tables called > 'restricted' or some such and the rules are you filter those records out if > the user's permission doesn't allow them. Simple enough but, as we know, > there be devils there. Maybe it's a whole different approach to the > structure? > > I want to hear about the details of what it took to make that work with > respect to related records, queries on related records, sorting and so on. > > -- > Kirk Brooks > San Francisco, CA > ======================= > > *The only thing necessary for the triumph of evil is for good men to do > nothing.* > > *- Edmund Burke* > ********************************************************************** > 4D Internet Users Group (4D iNUG) > FAQ: http://lists.4d.com/faqnug.html > Archive: http://lists.4d.com/archives.html > Options: http://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:[email protected] > ********************************************************************** ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
