I’m currently jumping all over the user manuals looking for the answers I need. I’m getting fragments but not a complete answer. I wonder if you can help me.
Problem:
To create a log-on routine such that the solution, on opening will switch to a particular form and then ask the user to identify themselves with name and password. The user name and password need to be checked against an existing database.
From this point on all records created or modified need to by identified by the user’s ID.
I can find disconnected pieces of the above but I’m having the devil of a time bringing it all together into an integrated whole.
I’ve succeeded in creating user names and passwords in the security area, but haven’t figured out how to get user IDs tied into this. I’m not sure whether I need the security area tied to an existing database or not. I haven’t figured out how to get the security dialogue to open on startup for the user to identify themselves.
Admittedly, part of my problem is I’m extremely green with Servoy.
In the Security area in Servoy, per solution you can flag the “solution logon required” checkbox. If this is flagged for a specific solution, when the solution is loaded, the user has to identify himself with UserName and Password.
The link between UserName and UserID is made by Servoy in the Background and is not accessible in a table though Servoy directly. There is the Security-node in the Servoy editor, which gives you all the features you need to work with Security features, like retrieving the UserID for a name and vise versa.
So, in conclusion: To create a logon procedure, the only thing you need to do is create users and flag the “solution logon required” flag in the Security area of Servoy.
Make sure you create an admin account first thing, or else you will not be able to get into your security anymore!!!
I want to tie the current user to a table of individuals where I can include further particulars (address, phone, etc.). I’m assuming a relationship from repository_server to my_solution such that user_name = full_name will provide that linkage.
However that will only work if ALL of the following conditions apply:
The administrator first creates the individual in the solution.
The person’s name never changes.
Both of the above are unreliable conditions.
Can a new user be tested for its presence in the internal individuals list? Can the user_name = full_name relationship be tested on log in?
In many ways I’d rather provide the user with a scripted dialogue for setting up new users and not provide them with direct access to the Security area. Possible?
You could make a method that runs when the user starts an application (after the user has logged in (Servoy application login)).
In that method you get the UserId and then look of that UserId in your own table, to see if it exists. If not, you present the user with a dialog where he/she fills out all info you want. else you just let him or her continue.
If you want to have users created by an admin user, not using the Servoy Security Screens in Developer, you can create your own “Create User” dialog, using the features presented to you under the security node in Servoy Editor to add users. In that proces you could also have your own table filled with additional info…
Basically, all you need in functions is there, just a matter of how you want to use them…
Paul
If I want additional information about a log-in user it seems that I can store them in a user table. In this case do I need servoy security username/password? Can’t I just store the username, password & other info in the user table?? and when the user enter his login details in a special login dialog ( in showFormInDialog) I can check them against the user table?
What is the advantage of using the servoy security username/password over username/password stored in the custom user table?
faheemhameed:
If I want additional information about a log-in user it seems that I can store them in a user table. In this case do I need servoy security username/password? Can’t I just store the username, password & other info in the user table?? and when the user enter his login details in a special login dialog ( in showFormInDialog) I can check them against the user table?
What is the advantage of using the servoy security username/password over username/password stored in the custom user table?
Thanks
Hameed
Until late yesterday I was thinking along your lines, chiefly because that’s the way I did it in FileMaker Pro. I found FMP’s security system difficult and not particularly end user or developer friendly. So I ignored it and rolled my own, with a major help from the Troi Dialogue plug-in.
But on further reflection, Servoy has a built-in log-in system which you can take advantage of (or ignore and do it from scratch). My first script this morning is a method which will pole Servoy’s built-in (but hidden) database of user names, group name assignments and and user IDs. This method (which I’ll share) ports this data into an accessible “User” table. Currently I’m in the midst of writing further scripts which will let end user administrators create new users, change user names, delete users, create and re-assign groups, etc.
The “User” table, pulled from Servoy’s hidden array, will be useful for preparing administrator reports and other purposes. But definitely I’m more comfortable knowing I can gain access to that data.
I don’t have to manage log-ins validations because Servoy does that. Very wisely Servoy doesn’t provide access to existing passwords, only access to overwrite them.
I’m becoming comfortable with this.
One of the big problems with Servoy is thinking outside of the conditioned box of coding strategies and assumptions that have been built up over many years working with that very excellent product, FMP. However customer needs have now evolved well beyond FMP6 and I’ve chosen Servoy over FMP7. It’s very humbling to be stumbling around like a computer newbie trying to figure out radically different syntaxes. It’s slow, but progress is being made. This forum is an excellent resource for solutions to the dumbest questions.
One of the reasons for using Servoy’s built in security is that it’s there and it’s performing well.
Offcourse you can built it all yourself, nothing wrong with that, but to me it seems like extra work.
Main advantage to the Servoy way is the profiles that are there, with the option to enable/disable forms, access to tables, elements etc. Servoy does all the evaluation for you, which, in my mind, saves you tremendous time and effort compared to coding it all yourself.
pbakker:
One of the reasons for using Servoy’s built in security is that it’s there and it’s performing well.
Offcourse you can built it all yourself, nothing wrong with that, but to me it seems like extra work.
Main advantage to the Servoy way is the profiles that are there, with the option to enable/disable forms, access to tables, elements etc. Servoy does all the evaluation for you, which, in my mind, saves you tremendous time and effort compared to coding it all yourself.
Paul
Profiles? Not sure I’m aware of what you’re talking about here. Do you have references to the documentation?
have u found a way to restrict records that each different user can see? can this be done at a global level or does it need to be done in each form the users can access?
rfleming:
have u found a way to restrict records that each different user can see? can this be done at a global level or does it need to be done in each form the users can access?
I’m populating a Users table by polling the security area of Servoy. I’m planning on allowing limited access to this table only to members of the “Administrators” group.
The main activities (possibly the only ones) they will have there is to add users, change user names, delete users and only via scripted buttons.
If you want to put a filter on a specific table, so a user can only see certain records, you could use the addfilterparam function.
This function you run once (per table) for example when the user logs in. With the function you put a filter on the entire table.
For example if you want to let a specific user only access customers from the custoemrtable where the companytype = 1 (FOR EXAMPLE…), you add a filter on the customer table for companytype = 1
As soon as that is done, the user will not be able in any way to select/view/edit a record where the companytype <> 1
For example if you want to let a specific user only access customers from the custoemrtable where the companytype = 1 (FOR EXAMPLE…), you add a filter on the customer table for companytype = 1
As soon as that is done, the user will not be able in any way to select/view/edit a record where the companytype <> 1
that sounds good!!! have you tried this? it would be nice to know that it is water tight. we need to be 100% that users would not accidently be able to access data that they should not. im thinking of doubling with 2 methods of restriction just in case one fails… have you tried that or have you been confident with the one method.
I’m populating a Users table by polling the security area of Servoy. I’m planning on allowing limited access to this table only to members of the “Administrators” group.
The main activities (possibly the only ones) they will have there is to add users, change user names, delete users and only via scripted buttons.
did you figure this out successfully?
cany chance you could you share your method? we would like to do the same thing so that when we add users to our sql table they are also added to the hidden servoy_users table..
do you know what servoy tables are updated when adding a servoy user/
We are using the function “getDataSetByQuery” to select records based on our own criteria and doing a “controler.loadRecord” on the dataset… we are doing this as an onload form method. i think this is similar to the filter method described earlier. Im not sure which is better, Roger our sql guy came up with this one, not me… but im sharing in case it helps.
