Menu

Allow User Profile table fields to control security/visibility

+2 votes

Currently, I don't think there's a way to restrict rows or button visibility in a "grouped" manner, based on the active login. The only available option is %username%

For rows, you can at least set security per-user, e.g:
%username% IN('john','jane','susan','steve')
But this can get tedious and hard to manage.

Button visibility doesn't appear to even have %username% as a Compare Field option.

It would be nice if other fields in the designated User Profile table were available to use for this. That way, you could for example add a "Department" column to the User Profile table and set security/visibility in bulk, instead of by individual username.

I see there's an open feature request for controlling visibility via AD groups, which would be great. But I thought this could be an alternative, potentially easier-to-implement approach.

in Features (Todo) by (780 points)
edited by
Share on
share on gp share on fb share on tw share on li

1 Answer

0 votes

Expanding the role of the User Profile by allowing directly access to the profile fields in expressions would be a great improvement. I have already been considering this idea and hope to implement this in the near future.

At the same time the existing security is not quite as limited as you indicate. Specifically, you can already use sub-queries in the security expressions to check profile attributes or group membership. For example:

To check the attribute [IsAdmin] on the table [UserProfile]:

(select u.IsAdmin from UserProfile u where u.UserName=%UserName%) = 'Y'

Check if a user is a member of the 'HR' group as found in the table [UserGroups]:

(select count(1) from UserGroups where UserName=%UserName% and GroupName='HR') > 0

For more details see: User-Level-Security.

You are correct that existing button / field visibility expressions would definately benefit from direct access to profile values.

NOTE: Please vote on, or fund, this Feature Request if you would like direct access to Profile fields in expressions.

by (47.7k points)
Cool, using sub-queries didn't occur to me. That is good to know. But this still doesn't help for action buttons, correct? I don't see any way to control visibility based on the active user login.
by (780 points)
You can use the value %UserName% in the constant part of the visibility expression.   That would allow you to verify if the user owns this current record.  But yes, otherwise it is quite limited.
by (47.7k points)
Welcome to the dbFront Q&A site, where you can ask questions and receive answers from other members of the community.

Categories

Most popular tags

error table-view lookup-field security user-interface advanced-search form-fields action-button tables stored-procedure reporting css installing table-grid export single-sign-on user-help login customizing logo field-preferences custom-visibility import mysql sqlserver authentication table-relationships custom-css license cascading-lookup attachments table-preferences printing themes connector date-field active-directory url iis oracle backup user-profile integrations attachment-properties drop-down-list debugging checkbox date-format custom-list tooltips header rollback email audit primary-key record filter csv azure migrating display hosting database help sidebar-help client-access database-connection win2012 table-fields color-banding row-style fips system-monitor regular-expression-field rich-text-fields row-security-sql row-security locked-structure relationship-view default-value user-confirm foreign-key network-file local-file multi-select keyboard custom-column main-menu logout custom-sorting application-id client-resolved reviews layout-group edge details-tab cloudflare chrome object-fields boolean
 | Minimalist Answer Theme by Digitizor Media
 |
Powered by Question2Answer
...