danuchart
asked on
How to set a security in a form to allow each user has a right to edit/modify for his information only?
Dear all,
My requirement is to created a one form that divided 3 part. First for requestor fill an information, second for manager to approved, and the last for Help Desk.
How to set a security in a form to allow each user has a right to edit/modify for his information only?
Example requestor unable to edit/modify in a manager or Help Desk part.
My requirement is to created a one form that divided 3 part. First for requestor fill an information, second for manager to approved, and the last for Help Desk.
How to set a security in a form to allow each user has a right to edit/modify for his information only?
Example requestor unable to edit/modify in a manager or Help Desk part.
martijnmulder
you can create 3 controlled access sections and assign roles to those sections. Only the people with the appropriate roles will be able to edit the fields in the sections....
Hi danuchart,
First, you have to adjust the ACL of the database. Go to database -> Acces Control.
Add three roles in the roles part: Requestor, Manager, HelpDesk.
Now you can assign the roles to the persons which have requestor, manager en the helpdesk acces, in the basics part.
Now, go to your form. Select the part for the requestor, click text properties, In the 4th tab, enter the following formula in the hide paragraph if formula is true part:
!@IsMember ("[Requestor]"; @UserRoles)
Now this part is only visible for the requestor.
In the manager part to the same, with the following formula:
!@IsMember ("[Manager]"; @UserRoles)
and for the Helpdesk:
!@IsMember ("[HelpDesk]"; @UserRoles)
Succes!
First, you have to adjust the ACL of the database. Go to database -> Acces Control.
Add three roles in the roles part: Requestor, Manager, HelpDesk.
Now you can assign the roles to the persons which have requestor, manager en the helpdesk acces, in the basics part.
Now, go to your form. Select the part for the requestor, click text properties, In the 4th tab, enter the following formula in the hide paragraph if formula is true part:
!@IsMember ("[Requestor]"; @UserRoles)
Now this part is only visible for the requestor.
In the manager part to the same, with the following formula:
!@IsMember ("[Manager]"; @UserRoles)
and for the Helpdesk:
!@IsMember ("[HelpDesk]"; @UserRoles)
Succes!
ASKER
Hi mkrann and Martijnmulder
Your solution may not working because of in fact anyone can request and then send to his manager to approved. I mean that a one people can be a requestor and be a manager for each document.
Your solution may not working because of in fact anyone can request and then send to his manager to approved. I mean that a one people can be a requestor and be a manager for each document.
That depends on the acl. If you give a person both manager and requester roles, then they can display the manager and requester part. You don't want that so you give the person or manager or requestor role. Maybe you should give them only editor acces, so they can't adjust the acl.
danuchart,
You can also use 3 forms. When the requestor "submits" his question you simply change the formname. This you can also do for the manager.
This way you can use a fairly simple authorisation scheme.
Good luck
You can also use 3 forms. When the requestor "submits" his question you simply change the formname. This you can also do for the manager.
This way you can use a fairly simple authorisation scheme.
Good luck
you can put the name of the approver in a field and use this field as the access control for the section...
Danuchart,
For looking who's the manager you use probably a dblookup or something.
Requester : The first part is for everybody with author access or more, I believe
Manager : The manager name is looked up using a dblookup function or something like that.
So, if you have a FIELD APPROVED, where the manager must apply Yes or No, you set in the Hide when formula, @Name([CN];@Username) != Manager)
Manager is the name of your field.
!!! Look out, that the field Manager is also in the CN version, else you must change your formula in the hide when
HelpDesk : This is a fixed part, so you can use a Role for this one, or if you have a group called Helpdesk, you can look up, if the user is in the group Helpdesk
I hope this is all a little bit clear to you.
For looking who's the manager you use probably a dblookup or something.
Requester : The first part is for everybody with author access or more, I believe
Manager : The manager name is looked up using a dblookup function or something like that.
So, if you have a FIELD APPROVED, where the manager must apply Yes or No, you set in the Hide when formula, @Name([CN];@Username) != Manager)
Manager is the name of your field.
!!! Look out, that the field Manager is also in the CN version, else you must change your formula in the hide when
HelpDesk : This is a fixed part, so you can use a Role for this one, or if you have a group called Helpdesk, you can look up, if the user is in the group Helpdesk
I hope this is all a little bit clear to you.
Tiny little addition, "enforce a consistent access control" needs to be set to on for the roles to fire while composing and testing locally.
Marilyng
Marilyng
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello danuchart,
what shall we do with this points :-)
what shall we do with this points :-)
danuchart,
No comment has been added lately (492 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:
RECOMMENDATION: Award points to zvonko http:#6453150
Please leave any comments here within 4 days.
-- Please DO NOT accept this comment as an answer ! --
Thanks,
Zvonko
EE Cleanup Volunteer
No comment has been added lately (492 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:
RECOMMENDATION: Award points to zvonko http:#6453150
Please leave any comments here within 4 days.
-- Please DO NOT accept this comment as an answer ! --
Thanks,
Zvonko
EE Cleanup Volunteer