New to Servoy and trying to think through the overall structure of a solution which will be used by multiple seperate clients.
Each client has access only to their information. A single client may have many users with different levels of permissions. Some users will not have access to certain accounts. And what they can do in the accounts they have access to will be controlled by the Users permissions.
At this point I am envisioning a two step log in process. First the Account Name and Password with the assumption that the Account Name (or associated AccountID) is the key. Then a screen displaying the classes or projects which the client has created. Click on a class and enter UserName (UserName or UserID the key) and Password.
Does this make sense or is there a cleaner way to do it?
Best. K
Hi Kurt,
First of all welcome to Servoy ![:)]( "Smile")
I assume you are making your own security and are not using Servoy’s built in security.
I am developing an Open Source user management module that is ‘multi-company’.
My approach was that each company can have the same account names as the others. So then you had to take the company name into account as well while logging in.
But I had doubts of this approach since then the user had to type in the company name or choose it from a list. Too much work for the user and/or you don’t want the user to see the other company names.
So now I use the unique-username approach for all users.
In the user management module I define ‘modules’, lets say logical sections of my solution which are not necessarily physical Servoy modules , and assign per user what privileges they have per ‘module’
When accessing those ‘modules’ the solution will check what privileges the user has and acts accordingly.
Looking at your approach you let the user login twice ? Why ?
I do somethinng similar. I associate a login (User) with a group, so their ID is stored in a global. I use the global to filter data sets.
I see what you mean. So, backing up a step, a unique company account would be set up first and then different unique users with their respective group permissions would be created.
The userid would have to be unique across the whole database. So when a user logs in they would arrive in their own company accounts and no others.
Thanks for the help. Best. K
you can also use this option :
Function: addFoundSetFilterParam
Description:
Adds a permanent filter parameter per session to limit a foundset of records; for example, to view only sales of one department ; to view products for local storage only; or to view only your records. Syntaxcontroller.addFoundSetFilterParam(String column_dataproviderid, String operator, Object value) ParametersString column_dataproviderid - a specified dataprovider column name.String operator - =, <, >, >=, <=, !=, LIKE, or IN.Object value - the specified filter value.NOTE: After adding one or more filters to your method, you need to add controller.loadAllRecords() to filter your foundset; exiting Servoy or closing a solution removes the specified permanent filter parameter.
Example:
var success = controller.addFoundSetFilterParam(‘department’,‘=’‘sales’);controller.loadRecords();
Or you can use the built in security to apply permissions to forms, fields, groups etc…
Thanks everyone and thanks ebrandt. That looks like exactly what is needed.
Best. K