Parikshit, Hidden access is still permission to access. The users can open the form in the User Tool if they are tricky enough, or if you have workflow that does it. (not as easy as changing a URL, but not much harder either.)
If the users have access to the data then it is not a security problem for them to see the form or the data that they _ALREADY_ have access to. ( If they should not see the data then look at row level access, or other filter based ways of getting at the data.) If you want to block people from opening a form then you could create Window Open active links that would give an ERROR message and/or close the form for them. ( This might be their last Mid-tier window and might "close the browser" too. Which would make them loose their session with the mid-tier and cause a higher incident of "your already connected from another IP and you can not override that address yet" on the re-login attempts too.) NOTE: Active links will not "protect" data from an API client. But they could block the form from being opened in the Mid-tier client if that is the only place that this logic should be applied. ( or in both the User Tool and Mid-Tier if you want as well.) HTH ARS101 -- Carey Matthew Black Remedy Skilled Professional (RSP) ARS = Action Request System(Remedy) Love, then teach Solution = People + Process + Tools Fast, Accurate, Cheap.... Pick two. On 11/10/06, parikshit saxena <[EMAIL PROTECTED]> wrote:
** Hi All We are trying to limit the accesss for a particuler group of user on our application vies on mid tier 6.3. The issue here is that the URL can be manipulated now by any user logging into the application and hence all sensitive data is exposed. We are trying to give Hidden permissions on the critical forms for this group, so that data can be accessed from those, but the forms are hidden on the web client. But this doesn't seem to work here. Though the forms are not coming in the object list on ARUser now, but they are still visible on mid tier (despite of cache flush). Would be grateful if someone can provide some insights on this. Regards Parikshit
_______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
