Target Group and "Only Group's Records"
Hello! I have permissions in my app set up in such a way that it will only show records that belong to the "Target Group" of a user. There is relatively little documentation on this feature, and I...
Forum Discussion
Now I have created a record where the user that created the record only existed in 1 group. (I removed him from every group but one). I also set their target group to that specific group that I had them in. Once the record was created I tested as a user that was also added to that group with the same group permissions to see if I could see it. Worked fine.
I then tested as a user who wasn't in our group. They could see the record that I had created that was associated with that one group! This user had no association at all to the that group and yet they can see the record I created in that group, using a user with the group role permissions applied.
Am I doing something wrong? Does Modify also need to be set to the user group records and not set to "All Records?" In order for this to work? I figured restricting vision would be enough to set a record up and associate it with the group.
Further testing: I have now removed the user from the group who originally created the record and added him to a different group. By removing the user from the group they were in I have now lost all vision of the record from every single account but the admin accounts.
I can't seem to wrap my head around what is going on/how the group record permissions role works.
------------------------------
Rosson Long
------------------------------
I then tested as a user who wasn't in our group. They could see the record that I had created that was associated with that one group! This user had no association at all to the that group and yet they can see the record I created in that group, using a user with the group role permissions applied.
Am I doing something wrong? Does Modify also need to be set to the user group records and not set to "All Records?" In order for this to work? I figured restricting vision would be enough to set a record up and associate it with the group.
Further testing: I have now removed the user from the group who originally created the record and added him to a different group. By removing the user from the group they were in I have now lost all vision of the record from every single account but the admin accounts.
I can't seem to wrap my head around what is going on/how the group record permissions role works.
------------------------------
Rosson Long
------------------------------
MarkShnier__You
Qrew Legend
Qrew LegendMaybe we should get back to your business purpose and just find a better way to do this. I have been using Quick Base since 2002 and i have never found a need to use "groups" like that for permissions. Why don't you state your business objectives and we will be able to suggest a different solution which is more transparent and predictable in its behavior.
mark
------------------------------
Mark Shnier (YQC)
Quick Base Solution Provider
Your Quick Base Coach
http://QuickBaseCoach.com
mark.shnier@gmail.com
------------------------------
mark
------------------------------
Mark Shnier (YQC)
Quick Base Solution Provider
Your Quick Base Coach
http://QuickBaseCoach.com
mark.shnier@gmail.com
------------------------------