Issue Using user table user roles and User ID security

dfrost · Post by **dfrost** » Wed Feb 15, 2017 7:16 am

After setting up a decent order system where each order had a Budget Manager, Program Manager. I set up attributes in the "user" table so that I could use the "filter" feature of lookup tables. This worked very well where a number of user fields pick lists would be only a subset of the entire list of users.

This all worked very well until I enabled "User ID" security. Then all the user fields that had "filters" based on "user" attributes no longer worked. I am guessing that when you turn on User ID security, the current user can no longer view the attributes of other users (kind of makes sense). So, I suppose I could create a separate table of user_attributes but then I would need to add Full Name etc. from the user table etc.

Has anyone had issue with setting up pick lists that filter based on "user" roles but then had an issue with turning on "User ID" security? Any ideas how to set up user groups/roles for sub-filtering user pick lists that works with "User ID" security.

arbei · Post by **arbei** » Wed Feb 15, 2017 11:24 am

Note that User ID Security is to control the user from reading other user's records in the table.

If you want to allow some user to read other user's records, you can set up the "Parent User ID Field".

You can also use the function AddUserID() to allow some user to read records of other users.

Read the example in help file topic: "Server Events and Client Scripts" -> "UserID_Loaded" for more information.

mobhar · Post by **mobhar** » Wed Feb 15, 2017 2:09 pm

If you select "User ID Field" column that related to the certain table(s) from "Advanced Security - User ID" dialog window, then this will have the limitation.

In other words, you cannot override dynamically by using "Recordset_Selecting" server event. Therefore, even you have already enabled "User ID Field" next to "Parent User ID Field" directive, then you should not select "User ID Field" for the certain table(s) in that dialod window.

You may simply use "Recordset_Selecting" server event to implement User ID Security dynamically. Please read "Server Events and Client Scripts" topic from PHPMaker Help menu for more information and example.

dfrost · Post by **dfrost** » Thu Feb 16, 2017 4:51 am

Thanks for the ideas. I may try using a "view" of the user table since I can make that "view" readable by all (because its not the user table). I already have a working model where I just use a seperate user_detail table but I had to repeat the "full username" field. But using a view could eliminate the need for a separate table. I will update this post if that works.

I don't think introducing a parent hierarchy would help because every use needs to view these per-user flags.

dfrost · Post by **dfrost** » Fri Feb 24, 2017 5:28 am

I was able to create a "view" of the user flags (and fullname) I needed from the "user" table and use that view instead of using the "user" table directly. This fixed the issue where "User ID" security would block the view of users fields for lookup filters.