hi :-)


i have a table of cards where each card is corresponding to one member
(person)
one field is corresponding to the login of the member
beside this, in the security manager (?), i have set a group for the
members, set that they are allowed to connect via the web, and what
tables and fields they are allowed to read or to modify
and i have made a login/password belonging to this group, for each member

but, at the point where i am,
if a member can access a kind of data for him, he can access the same
data for all other members
do you understand the problem ?
i would have each member which can acces to his data but not to those of
the other members

i think that it ould be done if we could set the permission for a card
not only to "yes" or "no", but as
"if (login of the visitor = login field of the card) then yes, else no"
but it seems to be not possible to do that :-(
is it possible ?

--
Mon CV : http://tDeContes.hd.free.fr/divers/emploi/
http://palestine-hn.org/
http://www.aapel.org/bdp/BLpas_concerne.html

"don't put your PC out of the window, put windows out of your PC"
"petit Free qui devient grand, gêne les requins blancs"

well, i'm probably not very clear,

i'll say it in french,
if someone can translate it correctly (or correct me) it would be very
nice :-)


In article (Dans l'article)
<fantome.forums.tDeContes-03F69D.20252603102006 (AT) news-2 (DOT) proxad.net>,
Thomas <fantome.forums.tDeContes (AT) free (DOT) fr.invalid> wrote (écrivait)*:

je souhaite mettre une base de données en ligne, accessible aux
adherents de la société

j'ai une table dans laquelle j'ai une fiche par adherent, avec un champ
correspondant au login (choisi plus bas) de cet adherent
parallelement, là où on gere les droits des utilisateurs (untel a le
droit de lire / modifier telle table / tel champ, etc, vous voyez de
quoi je parle ?),
j'ai fait un groupe pour les adherents, j'ai fait les reglages pour les
autoriser à acceder à la base par le web et pour dire ce que je veux
qu'un adherent puisse lire/modifier ou pas, etc ...
j'ai fait un compte (login/mdp) par adherent, appartenant au groupe
adherent


j'ai veillé à ce que, pour chaque adherent, le login du "compte"
(login/mdp) corresponde au champ login de la fiche de l'adherent

mais au point où je suis arrivé,
si un adherent a le droit d'acceder à un type de données (par exemple sa
fiche adherent), il a le droit d'acceder à toutes les données de ce type
(par exemple les fiches de tous les adherents)

vous voyez le probleme ?
j'aimerais, par exemple, qu'un adherent puisse acceder à sa fiche
adherent mais pas à celle des autres ...

.... mais j'ai pas trouvé comment relier le login du "compte" au champ
login de la fiche de l'adherent, pour definir les droits d'acces
quelqu'un a une idée ?


sorry for the french language, i feelt that it was very bad english, but
i didn't succed in do better (maybe because it wasn't very clear in my
head)
i hope i follow at least the rules with writing in both langages in the
same msg :-)

--
Mon CV : http://tDeContes.hd.free.fr/divers/emploi/
http://palestine-hn.org/
http://www.aapel.org/bdp/BLpas_concerne.html

"don't put your PC out of the window, put windows out of your PC"
"petit Free qui devient grand, gêne les requins blancs"

In article (Dans l'article)
<fantome.forums.tDeContes-34BDA8.16141906102006 (AT) news-2 (DOT) proxad.net>,
Thomas <fantome.forums.tDeContes (AT) free (DOT) fr.invalid> wrote (écrivait)*:


why nobody answer me ? :-(

is it not possible to do what i want ?
or nobody has understood what i asked, despite both languages ?

--
Mon CV : http://tDeContes.hd.free.fr/divers/emploi/
http://palestine-hn.org/
http://www.aapel.org/bdp/BLpas_concerne.html

"don't put your PC out of the window, put windows out of your PC"
"petit Free qui devient grand, gêne les requins blancs"

Thomas,
I don't know why nobody answered. Could it be because you didn't put any of
the nice terms like, 'Hello', 'please', 'I would be grateful if ...' ?
Anyhow, I think you take a wrong approach. The goal is that a given member
could only see his own record, isn't it ? I don't think it is in the
'login', 'password' etc. section - what if you had 10 000 members ? would
create as much different passwords ? - that you should do that : you have to
do that by yourself with the appropriate set of layouts (who are you ?)
scripts (is he a member ?), other script (show him his own record on a
proper layout, while everything else would not be accessible). Don't forget
to add a way out though, for the guy not being stuck there. Etc.
Remi-Noel

"Thomas" <fantome.forums.tDeContes (AT) free (DOT) fr.invalid> a écrit dans le message
de news: fantome.forums.tDeContes-03F69D.2025...OT) proxad.net...

In article (Dans l'article) <452fb8e0$0$11848$426a74cc (AT) news (DOT) free.fr>,
"Remi-Noel Menegaux" <rnmenegaux (AT) free (DOT) fr> wrote (écrivait)*:

i said "hi"

you're right, i could say sth like "could someone help me please ?"

i don't know the expression

(in fact imho it is linked with the uneasiness to pose the problem)


you're right,
even in french, i didn't know exactly how to pose the problem,
and it is common knowledge that if we succeed in pose the problem
correctly, we have a part of the solution :-)
(and in a such case, we need sb else to ask the good questions to get
arround the problem of pose the problem correctly :-) )


exactly


i don't know
(but right now, there is arround 50 members, and then they will be added
one per one)

anyway, i don't understand the usefulness of setting 2 users in the same
group, if it's not possible to set any difference between the 2 users
(in this case we can give the same password to the 2 human users, from
the point of view of filemaker pro it's exactly the same)


well, you mean all (layouts, scripts, ...) in filemaker pro ?
would you have a sample to show me, please ?

would it use the authentification system of the http protocol,
or is it just an entry which isn't known to be a password neither by
filemaker pro nor by the browser ?

thank you very much for trying to help me :-)


--
Mon CV : http://tDeContes.hd.free.fr/divers/emploi/
http://palestine-hn.org/
http://www.aapel.org/bdp/BLpas_concerne.html

"don't put your PC out of the window, put windows out of your PC"
"petit Free qui devient grand, gêne les requins blancs"

"Thomas" <fantome.forums.tDeContes (AT) free (DOT) fr.invalid> a écrit ...
simple common sense on what you want to have to get the guy identified and
what to do if yes and if not.


when new, ie creating his 'record' - actually a text that will be considered
by your script as a password - put it with his ID and the rest in a hidden
file (table) to which you will refer when he will idenfy himself when coming
back to uour site. Then what if yes and what if not good.
That what I mean by 'managing yourself the identification of the user and
the rights he has', all in FileMaker.
(I do that all the time, for example to allow only the cashier to do the
validation of the money in for a store every day, and for the manager every
month. Nothing fancy just plain FMP development.)

Hope it helps.
Remi-Noel

In article (Dans l'article) <45315bf1$0$3625$426a34cc (AT) news (DOT) free.fr>,
"Remi-Noel Menegaux" <rnmenegaux (AT) free (DOT) fr> wrote (écrivait)*:

well, i imagine,
and i thought about it, but it is not very secure
(i can make mistakes, and make an enormous security fail which can allow
a member to access data of an other member,
and not see it, if it does't prevent anybody to access his data),
and since an authentification system is build-in filemaker pro, it would
be better to use it, don't you think ?


well, is there someone familiar enough with the Web part of FMP on this
forum, please ?

ok
well, my coworker has beginned sth,

but there is a problem (an example of security problem, if we didn't see
it) :
in the status frame, there is buttons which allow users to go where they
want (notably a book-like button which allow to see all cards of a table
i think)
i can hide it, it appears hidden in the browser, but there is a little
arrow on the side which allow users to show it

do you know how to avoid users to use it, to be forced to use only the
buttons that i put in the layouts, please ?
(do you want screen images ?)


thank you for your answer :-)

--
Mon CV : http://tDeContes.hd.free.fr/divers/emploi/
http://palestine-hn.org/
http://www.aapel.org/bdp/BLpas_concerne.html

"don't put your PC out of the window, put windows out of your PC"
"petit Free qui devient grand, gêne les requins blancs"

As long as you script the user access, you may put some control lines in the
script, such as :
'Allow user abort (No)' // at the beginning of the script
'Enter Browse Mode'
'Go To Layout (Nominative)
'Commit Record / Request'
'Show/Hide Status Area (Lock; Hide)'
'Pause'Resume Script (Indefinitely)'
Just try those and look to the Help Menu to know what they do.
Remi-Noel


"Thomas" <fantome.forums.tDeContes (AT) free (DOT) fr.invalid> a écrit dans le message
de news:

In article (Dans l'article)
<fantome.forums.tDeContes-03F69D.20252603102006 (AT) news-2 (DOT) proxad.net>,
Thomas <fantome.forums.tDeContes (AT) free (DOT) fr.invalid> wrote (écrivait)*:

the login of the visitor is given by Get(AccountName) :-)

thanks to remi-noel

--
Mon CV : http://tDeContes.hd.free.fr/divers/emploi/
http://palestine-hn.org/
http://www.aapel.org/bdp/BLpas_concerne.html

"don't put your PC out of the window, put windows out of your PC"
"petit Free qui devient grand, gêne les requins blancs"