Discussions

Expand all | Collapse all

Roles and permissions

  • 1.  Roles and permissions

    Posted 20 days ago
    Folks,

    I have a permissions question. My use case is as follows:

    Organizations have Organizations. The parent organization is a Vendor and the child organization is their customers. Organizations have departments and departments have employees. I want those who are in the HR role to be able to view their Parent organizations (Vendor) and the customer organizations. They should not be able to view other organizations or their customers.

    Each person in the HR role is an employee in their respective "Vendor" organization. (Organization table has a type field: Vendor or Customer) The Employee table has an email address as the primary key and a formula user field based on that email address.

    Now, I have a formula field "This is Me" to be true when the current user is the User field on that employee record. Then I have a summary field "# of Employees Who is Me", on the "department has employees" relationship that is defined as the count of the rows  where "This is Me" is checked. This rolls up to the Organizations table on the Organization has Department relationship as "# of My Departments".

    To control the view of the organizations that are the customers of my vendor organization, I have Orgs has Orgs relationship where the reference field is the Vendor Organization. To be able to decide which Customer organizations an employee can view, I have pulled down the "# of my Departments" as a lookup on this relationship so the Organization table how has "Vendor Organization - # of My Departments"

    Now, to set the permissions of what organizations an HR role person can view, I have set it up as "# of My Departments" > 0 or "Vendor Organization - # of My Departments" > 0.

    The issue is: When I test as one of the Employees of an organization who is in the HR role, I can see my Vendor organization but not its Customers Organizations (which are the child records of the Organizations table)

    What am I doing wrong? Or how else can I accomplish this?

    ------------------------------
    Surya V Avantsa
    ------------------------------


  • 2.  RE: Roles and permissions

    Posted 20 days ago
    Can you post a mockup of your relationships? I'm a bit confused on your setup.

    ------------------------------
    Blake Harrison
    bharrison@datablender.io
    DataBlender - Quick Base Solution Provider
    Atlanta GA
    404.800.1702 / http://datablender.io/
    ------------------------------



  • 3.  RE: Roles and permissions

    Posted 20 days ago



    ------------------------------
    Surya V Avantsa
    ------------------------------



  • 4.  RE: Roles and permissions

    Posted 19 days ago
    Ok, so your employee record will need to have a summary up to the Parent Organization. I would use your current field [This is Me] for this. Then you will need to do a Lookup field from the Vendor Organization to the Customer Organization of the [This is Me] Summary field you just created.
    Your permissions will need to look at both of these fields to determine if the user can access the record, so that would be something like:
    [Vendor - # of Me] >0 OR [Customer - # of Me]>0

    You could also create a Formula Checkbox ([Can View]) on the Organizations table that uses this same formula and then just use the [Can View] checkbox in your custom permissions. ​​

    ------------------------------
    Blake Harrison
    bharrison@datablender.io
    DataBlender - Quick Base Solution Provider
    Atlanta GA
    404.800.1702 / http://datablender.io/
    ------------------------------



  • 5.  RE: Roles and permissions

    Posted 19 days ago
    I have only been paying half attention to this thread but take note that Quick Base does not allow the limiting of access to Parent records based on whether you have access to Children. That kind of permissions is too circular for QuickBase to handle. 

    I'm not sure if this comment applies to your situation because I've been tied up elsewhere but I just wanted to throw that out there.

    ------------------------------
    Mark Shnier (YQC)
    Quick Base Solution Provider
    Your Quick Base Coach
    http://QuickBaseCoach.com
    mark.shnier@gmail.com
    ------------------------------



  • 6.  RE: Roles and permissions

    Posted 20 days ago
    Organizations have Departments
    Departments have Employees

    Lastly, Organizations have Organizations

    With the permission set up done thus far, I am able to successfully hide organizations that a person does not belong to.
    But I need to be able to show them their organization's customers (which are also organizations).

    ------------------------------
    Surya V Avantsa
    ------------------------------



  • 7.  RE: Roles and permissions

    Posted 19 days ago
    Mark, what I want is the other way around. Organizations where OrgType is Vendor are parents to Organizations where OrgType is Customer. I am able to restrict the view to the Parent (Vendor) Organizations correctly. Based on this, I am trying to restrict access to its Child Organizations (Customers). This is the part that is not working.

    ------------------------------
    Surya V Avantsa
    ------------------------------



  • 8.  RE: Roles and permissions

    Posted 19 days ago
    Blake,

    Since Organization is the grandparent of Employee, in the Organization has Employees relationship, Organization would be a lookup field. And QuickBase does not allow you to create summary fields based on a lookup field.

    ------------------------------
    Surya V Avantsa
    ------------------------------



  • 9.  RE: Roles and permissions

    Posted 18 days ago
    I think there is some misunderstanding. Here is what I'm saying:

    App Structure Requirements:

    • Organizations Table
      • Should have a relationship to itself so that an Organization of Type Customer can have a Parent Organization of Type Vendor ( Organizations < Organizations )
    • Employees Table
      • Should have a relationship to Organizations so that an Employee belongs to an Organization (Organization < Employees)
      • Should have a User field ([Quick Base User])
      • Should have a Formula Checkbox field ([Current User]) with the following formula:
        • User() = [Quick Base User]


    Permissions Structure Requirements:

    • Organizations Table
      • Summary field ([# of Current Users])
        • This is created from the Organizations < Employees relationship by creating a Summary using Count where [# of Current Users]>0
      • Lookup Field ([Vendor Org - # of Current Users])
        • This is created from the Organizations < Organizations relationship by pulling down [# of Current Users]


    Permissions Setup:

    • Employee Role
      • Organizations
        • Custom Perms - [# of Current Users]>0 OR [Vendor Org - # of Current Users]>0



    ​​

    ------------------------------
    Blake Harrison
    bharrison@datablender.io
    DataBlender - Quick Base Solution Provider
    Atlanta GA
    404.800.1702 / http://datablender.io/
    ------------------------------



  • 10.  RE: Roles and permissions

    Posted 17 days ago
    Blake, There is no misunderstanding. You are absolutely right with that design. That is exactly what I have too. Still, I have the same issue.

    The other thing I noticed is, these permissions work right after I save the formula or the permissions. Once I am happy that it works, if I just refresh, it stops working. Then if I open the formula and save it and try again, it works. I refresh, and it stops working.

    I think this is a bug.

    ------------------------------
    Surya V Avantsa
    ------------------------------



  • 11.  RE: Roles and permissions

    Posted 17 days ago
    Yes, if you've set it up that way, it does sound like a bug. I would reach out to support and see if they can take a look and help troubleshoot the issue.

    ------------------------------
    Blake Harrison
    bharrison@datablender.io
    DataBlender - Quick Base Solution Provider
    Atlanta GA
    404.800.1702 / http://datablender.io/
    ------------------------------



  • 12.  RE: Roles and permissions

    Posted 17 days ago
    QuickBase support gave up and pointed me to the forum. 

    At one point, the QuickBase support lady said that creating a self join is an error and is not supported by QuickBase.
    --
    Thank you,
    Surya Avantsa





  • 13.  RE: Roles and permissions

    Posted 17 days ago

    A relationship between a table and itself is absolutely a supported function in general for the usual lookup field and to some extent summary fields  I do know however when you get into recursive relationships between a table and it's self and get down to grandchildren and great grandchildren then the summary functions are not supported.


    May have time sometime this afternoon to draw up your relationship and comment further.



    ------------------------------
    Mark Shnier (YQC)
    Quick Base Solution Provider
    Your Quick Base Coach
    http://QuickBaseCoach.com
    mark.shnier@gmail.com
    ------------------------------



  • 14.  RE: Roles and permissions

    Posted 17 days ago
    I know it is supported. I've built an employee table with supervisor info using self joins. It works like a charm. Most people at QuickBase technical support don't know enough about QuickBase. 

    BTW, I solved the issue as follows. I have added a user list field  that starts with the record owner on the organization table. That user and anyone else that is added manually to that field will have access to it and all its child table. This works. 

    This is completely top down and never going going bottom up.

    --
    Thank you,
    Surya Avantsa





  • 15.  RE: Roles and permissions

    Posted 17 days ago
    That is not correct. I would submit another case, honestly.

    ------------------------------
    Blake Harrison
    bharrison@datablender.io
    DataBlender - Quick Base Solution Provider
    Atlanta GA
    404.800.1702 / http://datablender.io/
    ------------------------------