Control security/visibility using User Profile fields

Question

Currently, I don't think there's a way to restrict rows or button visibility in a "grouped" manner, based on the active login. The only available option is %username%

For rows, you can at least set security per-user, e.g:
%username% IN('john','jane','susan','steve')
But this can get tedious and hard to manage.

Button visibility doesn't appear to even have %username% as a Compare Field option.

It would be nice if other fields in the designated User Profile table were available to use for this. That way, you could for example add a "Department" column to the User Profile table and set security/visibility in bulk, instead of by individual username.

I see there's an open feature request for controlling visibility via AD groups, which would be great. But I thought this could be an alternative, potentially easier-to-implement approach.

Answer 1

Button and Layout Visibility

As of dbFront 1.1.2.1304, you can use Profile fields directly in Button and Layout visibility expressions.

Row Security

For Row Security, you can use sub-queries in the security expressions to check profile attributes or group membership. For example:

To check the attribute [IsAdmin] on the table [UserProfile]:

(select u.IsAdmin from UserProfile u where u.UserName=%UserName%) = 'Y'

Check if a user is a member of the 'HR' group as found in the table [UserGroups]:

(select count(1) from UserGroups where UserName=%UserName% and GroupName='HR') > 0

For more details see: User-Level-Security.