Restrict Access to Records by User or Department, etc.
In Search and Report DataPages you can use Record Level Security to restrict access to records based on the current end-user’s profile data. This way you can give your end-user access only to records that they have authored, that have been assigned to them, that pertain to their department, etc.
Steps to restrict access by user or department
1. Set up Web User Authentication and your base table
To restrict record access based on the current logged-in end-user, you will first need to set up Web User Authentication. This way your end-users must identify themselves before accessing the Search and Report DataPage.
The base table of your Search and Report DataPage must include a field that indicates who owns each record. This field can be used to indicate any ownership information that is applicable to your app, but must reference your authentication table data.
Some examples include:
- The person currently in charge of the record (Name or Employee_ID)
- The department to which the record pertains (Department_Name)
- The original author of the record (Name or Employee_ID)
Think of this field as the receiving address, when a user logs on they will only see the records addressed to them. In database terms this data is referred to as a foreign key.
When you are creating new records, it is best to add data to this field from a dropdown with a lookup table or by stamping the record with the current logged-in user data, as opposed to typing it in manually which may lead to typographical errors.
2. Create a new Search and Report
In the Caspio Bridge Explorer window press the New DataPage button. Create a Search and Report DataPage using the table prepared as mentioned in step 1 as the base table. Press Next.
3. Set up Record Level Security
In the second screen under the Record Level Security section choose the key field from the authentication table that matches with the foreign key as mentioned in step 1. In this example, we have been stamping records with an Agent_ID number, so we select the key field (Agent_ID) from the authentication table, and select the foreign key field (Listing_Agent) in the current base table.
4. Format your Search and Report DataPage
After you have enabled Record Level Security you can continue formatting your Search and Report DataPage as normal. The Record Level Security will be applied as an additional filter limiting access to only the table records associated with the current end-user. Be sure to create a user account test that you have implemented Record Level Security correctly.