2. PHPRunner General questions
  3. [SOLVED]  Row Level Security
This topic is locked
[SOLVED]

 Row Level Security

 		1/10/2014 2:48:12 PM
PHPRunner General questions
S
 SkyForum author

I have been researching this for days now. I see where I can create specific permissions based on groups but how do I restrict user access to specific rows within a table?
I think I can do it this way with a many to many table UserTable ----> Property_RoleTable <----- PropertyTable and a where clause WHERE: property.id = property_role.property_id & user.id = property_role.user.id but it seems clunky and not all that secure.
I have several other tables linked below the property table with one to many relationships as well (Units, Unit_Occupants, Vehicles, Permits, etc) that also need to be restricted by their property.id association.
I'm pretty sure I can get this to work but I was hoping for an easier and more elegant solution from within phprunners builtin security functions.
I am a newbie and I have a lot of trouble understanding security. Is there a simple way to do this?
Sergey Kornilov admin 1/10/2014

To the best of my knowledge this was resolved with the help of 'Users can see and edit their own data only' security option.
S
 		SkyForum author 1/11/2014



To the best of my knowledge this was resolved with the help of 'Users can see and edit their own data only' security option.


Please explain in layman's terms. I do not understand it. Maybe an example....? If I have 300 properites in the Property table, how do I allow a user access to 3 or 4 different ones? Do I create a new group for each property? That seems excessive....
Sergey Kornilov admin 1/11/2014

http://xlinesoft.com/phprunner/docs/advanced_security_settings.htm

Second screenshot shows how this needs to be setup.
You need a field in properties table (UserID or DepartmentID or CompanyID etc). Users that have a field in login table matching the value of any specific record in properties table will be able to edit those records.
S
 		SkyForum author 1/11/2014



http://xlinesoft.com...ty_settings.htm

Second screenshot shows how this needs to be setup.
You need a field in properties table (UserID or DepartmentID or CompanyID etc). Users that have a field in login table matching the value of any specific record in properties table will be able to edit those records.


I don't think you understand what I need to do. I see where I can add a single user to a record, that's easy. What I need to do is add many people to a single record. Also, that same person may be attached to many records. If I put the user id in the field, then only that user will have access. How do I add more than 1 user to a record? I have done it before building a many to many relationship with a role table like I explained above. I don't see how I can do that using your security setup here.... (maybe I'm just geek blind...)
There needs to be a role table between the user table and the property table, right?
Sergey Kornilov admin 1/13/2014

I guess field names like DepartmentID or CompanyID didn't ring the bell. You can assign ownership of any single record to the whole department, group, company, city etc. It doesn't need to be just one owner per record. Make DepartmentID you OwnerID field and all people in this department will be able to see/edit the record in question.
S
 		SkyForum author 1/14/2014



I guess field names like DepartmentID or CompanyID didn't ring the bell. You can assign ownership of any single record to the whole department, group, company, city etc. It doesn't need to be just one owner per record. Make DepartmentID you OwnerID field and all people in this department will be able to see/edit the record in question.


I think I got it. I also think I found my issue understanding you. Your instructions are very clear and concise, they are also very logical. Thinking logically is a learned skill and comes from working with code and development of applications. I do not have that skill. That's why I come to you. There are a couple steps in the instructions that you assume I get and step over. One example is the part where we make the three tables. I kept trying to create a relationship between the employee table and the office_employee table. Only later did I figure out this was done with a sql query and a join.
Anyways, I'll get it with time. Please be patient with me. I'm an old dog trying to learn a lot of new tricks....
Thank you....