Hi Kirk, I'll get back to my usual NUG posting -- Private 😊
I think it depends on what you need to do, and how "general" it needs to be. I have a system that is accessed by multiple business entities, where most are limited to their own records, while one can "see" all records. In this case, the restriction applies to customers, so each entity has a list of customers they are allowed to see (modification is another story), and then all that is linked to the customer, i.e. orders, invoices, AR, history, etc. In my case, it was simpler to create an "Allowed" list for each entity, and then just use that list to narrow down the selection in any access points. This allowed me to accommodate users moving between entities (does happen, a lot), without any additional processing or change to any code. My structure link a user to a group for access control (modification and visibility is handled down to field level by table), and also a link to an entity table, which control the records that this entity can access. In my case, I use inclusion. i.e. values on the entity list were allowed, but you could also use it as a disallowed list. Since it's values (customer_ID), it's easy and fast to filter. Hope this makes sense. Much like others have indicated, stay as far away as you can from the built in 4D access shit, it's for amatures. Oh, about the listbox, I don't think its different in v16. Lahav -----Original Message----- From: 4D_Tech [mailto:4d_tech-boun...@lists.4d.com] On Behalf Of Kirk Brooks via 4D_Tech Sent: Friday, May 12, 2017 6:14 PM To: 4D iNug Technical <4d_tech@lists.4d.com> Cc: Kirk Brooks <lists.k...@gmail.com> Subject: Re: Schemes for record level access control Right - so the ultimate permission is the most permissive of all available. On Fri, May 12, 2017 at 4:56 PM, Alan Chan via 4D_Tech <4d_tech@lists.4d.com > wrote: > I assume a member might belongs to multiple teams but will a member > belongs to multiple clubs? > > Alan Chan > > 4D iNug Technical <4d_tech@lists.4d.com> writes: > >Hi Alan, > >Those are the go-to solutions. In my case we aren't using the 4D > >password system so I can't rely on that. Plus I need actual record > >level restriction. So to follow your example, I may want a Team to be > >able to > see > >themselves and other teams in their Club (just making this up) but > >not teams in other Clubs. > > > > > > ********************************************************************** > 4D Internet Users Group (4D iNUG) > FAQ: http://lists.4d.com/faqnug.html > Archive: http://lists.4d.com/archives.html > Options: http://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:4d_tech-unsubscr...@lists.4d.com > ********************************************************************** > -- Kirk Brooks San Francisco, CA ======================= *The only thing necessary for the triumph of evil is for good men to do nothing.* *- Edmund Burke* ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com ********************************************************************** ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **********************************************************************
