2. PHPRunner General questions
  3. Field level permissions
This topic is locked

Field level permissions

 		4/10/2007 8:54:54 AM
PHPRunner General questions
J
 jacekq author

Hi there,
I've got 2 questions:

  1. A system should have users from different companies and should be secured by login page. Users from different companies shouldn't see other companies data: orders, users etc. Is it possible that after login, List View will present data for a given company? Of course the same time admin should see all the data...

    I suppose that it should be done by some $_SESSION variables.
  2. Is it possible that admin could see all fields from a given table but ordinary user only selected fields? For ex. user has permission to change his phone number and password but can't change his login and address. Sometimes its also neccesary to hide certain data from user...
    Best Regards,
    Jacek
Admin 4/10/2007

Jacek,

  1. Use Advanced Security mode "Users can see and edit their own data only"
  2. To implement field level permissions create two custom views on the same table and display different set of fields on each view.

    Use user group permissions to provide different user groups access to either first or second view.
J
 		jacekq author 4/10/2007
  1. To be more precise: there are 2 or free kind of user from the same company - for ex. chief, secretary, sales person. All of them should see all the data for that company but not for the other companies (where the scructore of users can be similar). Secretary can add some records that should be visible for a chief or sales person but not necesary vice versa. Admin should see all the data from all companies.

    I think your answer to that question is for the situation wher you have one kind of user for a company. The first problem, after login, is to detect user's company and limit List View query to depend on user's company. How? By $_SESSION variable and events?

    Advanced Security mode "Users can see and edit their own data only" is not the case because 'chief' should see and edit sales person records and, of course, his own records.
  2. How to create custom views on the same table?
    Regards,

    Jacek
Admin 4/10/2007

Jacek,

  1. I'm afraid you misundertood me.

    "Users can see and edit their own data only" security option works perfect in your situation. Just make sure you choose CompanyID field as OwnerID field.
  2. Custom Views can be created on Datasource tables screen.
J
 		jacekq author 4/12/2007

Hi,

  1. According to your remarks, I've managed to get separation at the level of companies. But I still have problem with separation at the level of users. Lets say, I have 3 types of users in a given company: chief, secretary, sales person. I want to display list of users for the company, for every logged user from that company, and enable them to edit some data, for ex address info (phone, email) I've created a custom view for sales person group and modified SELECT command to show data for sales persons group only. OK. It works fine.

    But problem starts when I define a few sales persons. All users from that group can edit data for other members of the group!

    So, it should a way to separate companies, users of different types and, at last, users in the same group.

    Any suggestions?
  2. OK. It works.
    PS.

    PHPRunner is great!