Editing record access privileges
Privilege sets can limit access to records in a file. For a file, you can set:
 •
Privileges for all tables: you can limit whether a privilege set allows creating, editing, and deleting records in all the tables in a file.
 •
Custom privileges for individual tables: you can set individual record access limits for each table. For example, the privilege set can limit the ability to:
 •
 •
View, edit, and delete certain records within each table. The privileges are limited by means of calculation that returns a Boolean result for each record. When the calculation evaluates to True, access is allowed for that specific activity (such as viewing the record). When the calculation evaluates to False, access to that activity is prohibited.
 •
Access or modify certain fields within each table. When access to one or more fields is restricted in a table that is otherwise visible, the user will see <No Access> instead of the field data.
You can only set record access privileges for tables defined in the current file. If the file contains relationships to tables in other files that you want to protect, you need to create accounts and privilege sets in the other files to protect those tables. See About protecting databases.
To edit record access privileges for all tables:
1.
See Creating and editing privilege sets.
2.
 
3.
Click OK, then click OK in the Manage Security dialog box.
Or, to assign the privilege set to one or more accounts, see Creating and editing accounts.
To edit record access privileges for individual tables:
1.
See Creating and editing privilege sets.
2.
In the Data Access and Design area, for Records, choose Custom privileges.
3.
 •
 •
 •
 •
4.
 
Limited (available when only a single table is selected)
Note  Avoid creating inconsistent combinations of view, edit, create, and delete privileges. For example, you most likely do not want to permit users to delete records that they cannot view.
5.
6.
7.
In the Custom Field Privileges dialog box, select each field for which you want to limit access (or select Any New Field to set custom privileges for any field created later). Then choose one of the following options:
 
Note  When access to one or more fields is prohibited in a table that is otherwise visible, the user will see <No Access> instead of the field data.
8.
Click OK twice.
You see the Edit Privilege Set dialog box.
9.
Click OK, then click OK in the Manage Security dialog box.
Or, to assign the privilege set to one or more accounts, see Creating and editing accounts.
Notes
 •
 •
 •
 •
 
Lookups and Relookups
 •
At a minimum, the match fields used in the relationship must have view privileges. Also, no lookup will occur for any records that are not viewable in both the source and destination tables because a match cannot occur under these circumstances. This includes the first related matching record, as well as any records used to copy the next higher or lower value.
At a minimum, both matching fields in a relationship must have view privileges in order for the relationship to work. Any related fields you want to display based on the matching fields must also have view privileges at a minimum.
The found set is always filtered to display only those records that have view privileges at a minimum. The results of the Get(FoundCount) function are also affected if access is limited.
Entering a formula for limiting access on a record-by-record basis
To allow or prohibit record viewing, editing, and deleting privileges to certain records within a table, you need to specify a Boolean calculation that determines whether the privilege is permitted. For each record in the database, access is allowed when the calculation evaluates to True or to a non-zero result, and access is prohibited when the calculation evaluates to False or zero. Here are two examples:
 •
To limit access to only those records created by the current account: Define a text field named Record_Created_By, and set the auto-enter option for the field to automatically enter the account name when the record is created. (See Defining automatic data entry.) Then use the following calculation when defining custom record access privileges:
Record_Created_By = Get(AccountName)
The user will only have Browse access to records for which the above calculation evaluates as True.
 •
To limit access to only those records created on the current date: Define a date field named Record_creation_date, and set the auto-enter option for the field to automatically enter the creation date when the record is created. (See Defining automatic data entry.) Then use the following calculation when defining custom record access privileges:
Record_creation_date = Get(CurrentDate)
The user will only have Browse access to records for which the above calculation evaluates as True.
Tip  If you specify a calculation to prohibit viewing of certain records within a table, in most cases you should use the same calculation to prohibit editing and deleting of the same types of records. Otherwise, you may inadvertently allow users to edit or delete records that they cannot view.
Notes
 •
Also, if the file is shared and the Boolean calculation that determines record access privileges contains one or more global fields, you may be able to improve network performance by moving some global fields into a separate table. See the Notes section in Defining global fields (fields with global storage).
 •