Hi Kirk, > On 16 May 2017, at 24:59 AEST, Kirk Brooks via 4D_Tech <4d_tech@lists.4d.com> > wrote: > > Thanks much for taking the time to share. The immediate situation I'm > trying to work with isn't as formally hierarchical as your example plus I > need to exclude 'restricted' data from even Read Only. I'm managing the > table & field access separately. ie. permission to even see a given table > is restricted by one's user group. Same idea is applied to fields within > the table. The mechanism is very similar to the one you illustrate. > > What I'm honing now is how to identify specific records that may or may not > be accessible and efficiently manage them. Your experience is confirming my > initial take.
For the restrictions to a complete record in a table introduce a LongInt field to every table. I call mine always “xStatus” and if it is set to “1” then it will be interpreted as "not deleted” record. So, LongInt gives you a couple of numbers you can use to define the status of a record. ;-) As for specific field restrictions use a table called [xFieldInfo] and hold the parameters for every field in every table in it. Of the fop of my head, use a LongInt field “AccessLevel” in [xFieldInfo] and think about how Unix handles ownership/access rights: User Group Other READ 4 4 4 Write 2 2 2 EXECUTE 1 1 1 With "chmod 777” you’ll give everyone everything. Nice idea actually I might implement something like this myself, but not that early, on an empty stomach and with no caffein in the system. ;-) Cheers Jörg ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **********************************************************************