Advanced Security and caching

According to Building secure low-code web applications article, you need to make sure that Advanced Security mode like "Users can see and edit their own data only" should be enabled for all relevant tables. For instance, if you have Master-Details relationship between Orders and Order Details tables, you need to enable this security mode for both master and details tables.

Since details table doesn't always carry username/userid field that you can use to setup Advanced Security. In this case, you need to modify SQL query of the details table joining the master table and adding username/userid field to the query.

Below is an example of such a query. In this example, we use CustomerID field as a username field and adding it to the SQL query helps us setup Advanced Security.

Note: sometimes PHPRunner and ASPRunner.NET do not immediately make this new field available on Advanced Security screen. If this happens to you, save, close and re-open the project. That new field added to the SQL query will be now available on Advanced Security screen.