Realistic Security Model for PHPRunner Aps

This topic is locked

Realistic Security Model for PHPRunner Aps	11/10/2012 9:23:12 PM
PHPRunner General questions
K kenlyle author I am looking to develop a "real" security model for a company which has distributors, and under them, resellers, and finally, customers. The company wants to see all the data, and have the distributors, resellers, and customers able to see only the data under them. I don't understand how one ownerid field can solve this. Further, each organization likely has multiple employees... So, I am thinking...maybe multiple users can be "aliased" to one ownerid after they login? And how do the users from the top level company get "view all" access, and the distributors get (reseller/customer) access, and the resellers only customer access, and the customers only access to their own records? Anyway, has anyone implemented realistic record security involving possibly location, department, function, project teams, and the other complexities that exist in the real world? I'd appreciate any tips. Thanks, Ken

Mark as Solved Mark as not solved

2 replies


F	fantasmino 11/11/2012
	Hi I'm interesting too if there is a easy way. Actualy I create various field in users table "category" "subcategory" ecc... and the relative fields in all tables then add custom views tables and connect them in "advanced sicurity option". But I don't think this is the best way


	Sergey Kornilov admin 11/11/2012
	Here is the article that covers this scenario: http://xlinesoft.com/articles/alumni.htm In short - you can create several views of the same data using different OwnerID field for each view (CompanyID, DeparmentID, LocationID, UserID etc). Once created restrict access to those views via User Group Permissions. For instance, Department users will only have access to 'Department view' that uses DepartmentID field to restrict access to departments data. You will need as many views as the number of roles in your application.

2 replies

Mark as Solved Reply