Hi Jody, That sounds like real DOD level stuff. Fortunately I don't need that level but it gives me some ideas.
What kind of performance hit did you see as a result of all that extra processing? On Fri, May 12, 2017 at 4:09 PM, G-Mail via 4D_Tech <[email protected]> wrote: > Kirk: > > Of course there are all sorts of ways this could be done. It all depends > on the complexity. > > We had to record by each user which records they were restricted from > seeing. We also needed to permit / restrict by a group as well. > Therefore we could not put a ‘flag’ within the record. When a record was > first found (i.e. Query) before being displayed we would have to check each > record in the selection to see if there was a record in our ‘Restricted’ > table for the currently signed in User. There could be different levels of > restrictions as well. > > For some kinds of restricted records we also needed to record what the > query was that found the record(s). This was to see if they were hunting > for that record, or it was by accident. > > Therefore for each user there was an associated table that indicated which > groups they were in. > We used the record keys (Primary Key) to search for each record to see if > the current user was restricted in regard to the record. > > Of course this could be much easier if there are less possibilities. > > Jody > > > > On 05/12/2017, at 1:42 PM, Kirk Brooks via 4D_Tech <[email protected]> > wrote: > > > > Hi folks, > > I'd like to hear from some of you who have implemented systems that allow > > for record-level access control in a 4D database. This is the sort of > thing > > where we want to prevent unauthorized users from seeing or inferring the > > 'restricted' records. > > > > Theoretically it's pretty easy - include a field on relevant tables > called > > 'restricted' or some such and the rules are you filter those records out > if > > the user's permission doesn't allow them. Simple enough but, as we know, > > there be devils there. Maybe it's a whole different approach to the > > structure? > > > > I want to hear about the details of what it took to make that work with > > respect to related records, queries on related records, sorting and so > on. > > > > -- > > Kirk Brooks > > San Francisco, CA > > ======================= > > > > *The only thing necessary for the triumph of evil is for good men to do > > nothing.* > > > > *- Edmund Burke* > > ********************************************************************** > > 4D Internet Users Group (4D iNUG) > > FAQ: http://lists.4d.com/faqnug.html > > Archive: http://lists.4d.com/archives.html > > Options: http://lists.4d.com/mailman/options/4d_tech > > Unsub: mailto:[email protected] > > ********************************************************************** > > ********************************************************************** > 4D Internet Users Group (4D iNUG) > FAQ: http://lists.4d.com/faqnug.html > Archive: http://lists.4d.com/archives.html > Options: http://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:[email protected] > ********************************************************************** -- Kirk Brooks San Francisco, CA ======================= *The only thing necessary for the triumph of evil is for good men to do nothing.* *- Edmund Burke* ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
