We will illustrate a case study to demonstrate how to restrict users with limited access from editing a record once it is created.
The client that manages their business processes via a set of FileMaker files, has different access levels for different users based on their specific assigned roles. The client has a demand to restrict access for specific users, to lock a record immediately after they create it. Once the record is committed and accepted, it cannot be modified. Here is an approach that explains how this was achieved for designated users.
FileMaker has built-in security feature to manage uncompromised access. To assign access to users with only create access and no modification access, a new privilege set is created under ‘Create Record Privileges’, with ‘View’ and ‘Create’ set to ‘yes’, and ‘Edit’ and ‘Delete’ set to blank as shown in the image. Field Access privileges is set as per requirement, in this instance, ‘Field Access’ is set to ‘all’.
In ‘Edit Privilege Set’, ‘Layouts’ level privilege is set to ‘All modifiable’, while ‘Value Lists’ are set to ‘All view only’ and Scripts set to ‘All executable only’. The ‘Available menu commands:’ is set to ‘All’.
By following this approach, users with Limited access can create records and edit records that are created during the current active user session. Any other records created in earlier sessions, users do not have access to edit.
However, the catch is that this approach makes new records created during the active user sessions editable, which was not the specified requirement.
To be in par with client expectations, security settings were tweaked, restricting access to edit new records immediately after creation. The limited value under the Edit option was selected, with a condition so that only users with a specific privilege set can edit the records, in line with the client requirement.
However, we discovered that this setting can vary as per the client requirements, and this approach may not always work. Consider a scenario where a user mistakenly commits a record. In this case, they won’t be able to edit the record again. Here is a probable solution.
The Global Fields
Global fields can be used to collect data temporarily through a separate Form. Data is saved using a script that is executed through a button. A confirmation can be obtained to save data along with a warning, indicating a record that cannot be edited once it is created. This way, users can decide when to save data.
FileMaker security settings, along with the Global fields give the expected results. For more information, feel free to contact our FileMaker experts.