Allow User Profile table fields to control security/visibility

+2 votes

Currently, I don't think there's a way to restrict rows or button visibility in a "grouped" manner, based on the active login. The only available option is %username%

For rows, you can at least set security per-user, e.g:
%username% IN('john','jane','susan','steve')
But this can get tedious and hard to manage.

Button visibility doesn't appear to even have %username% as a Compare Field option.

It would be nice if other fields in the designated User Profile table were available to use for this. That way, you could for example add a "Department" column to the User Profile table and set security/visibility in bulk, instead of by individual username.

I see there's an open feature request for controlling visibility via AD groups, which would be great. But I thought this could be an alternative, potentially easier-to-implement approach.

in Features (Todo) by (920 points)
edited by

1 Answer

0 votes

Expanding the role of the User Profile by allowing directly access to the profile fields in expressions would be a great improvement. I have already been considering this idea and hope to implement this in the near future.

At the same time the existing security is not quite as limited as you indicate. Specifically, you can already use sub-queries in the security expressions to check profile attributes or group membership. For example:

To check the attribute [IsAdmin] on the table [UserProfile]:

(select u.IsAdmin from UserProfile u where u.UserName=%UserName%) = 'Y'

Check if a user is a member of the 'HR' group as found in the table [UserGroups]:

(select count(1) from UserGroups where UserName=%UserName% and GroupName='HR') > 0

For more details see: User-Level-Security.

You are correct that existing button / field visibility expressions would definately benefit from direct access to profile values.

NOTE: Please vote on, or fund, this Feature Request if you would like direct access to Profile fields in expressions.

by (50.7k points)
Cool, using sub-queries didn't occur to me. That is good to know. But this still doesn't help for action buttons, correct? I don't see any way to control visibility based on the active user login.
You can use the value %UserName% in the constant part of the visibility expression.   That would allow you to verify if the user owns this current record.  But yes, otherwise it is quite limited.
DONE: Allow use of Profile Fields values in the Page Header
Welcome to the dbFront Q&A site, where you can ask questions and receive answers from other members of the community.
 | Minimalist Answer Theme by Digitizor Media
Powered by Question2Answer