Is it possible to pass the value in a dashboard search field to use as a custom permission in a role setting?

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered

We're using the EOTI function for non-users to view reports and records.  I'd like to be able to have a user enter a search query in the dashboard and use that value to enable edit functions on certain fields in the records that match that search.  The user will enter search value known only to them (it's their network ID in our organization) so I'm not concerned about EOTI being able to retrieve and edit a record.  I can't (for obvious reasons) enable editing on the table without a custom permission--the problem is I need to set the permission to a unique variable and I need that value to be able to be passed to the custom permission.  If this isn't possible, any ideas on a work-around?

Photo of Mark

Mark

  • 10 Points

Posted 3 years ago

  • 0
  • 1
Photo of QuickBaseCoach App Dev./Training

QuickBaseCoach App Dev./Training, Champion

  • 65,280 Points 50k badge 2x thumb
I had a similar situation where an app had payroll data and I wanted to have an extra layer of security.

My solution was to have a table of users where the Key field was Userid.  Users would come to the Dashboard and see a "report" of only their own record (ie where userid = current user).


They enter a portion of their Social Security Number (Up here in Canada it is a 9 digit Social Insurance Number, so they enter the last three characters.)  If it matches,  a form rule on save updates a time stamp to start a 30 minute countdown timer. My Custom Rule allows access while the timer still has time left.  That way if a manager is in a conference room and forgets to sign off, their timer will have likely run out if a regular employee happens to use that meeting room computer.


The value in that countdown timer is passed to any child table by simply making a field on the child table(s) called [Current User] with a formula of User(), this passing the custom permission information to the child table.

The "Magic" is that a lookup to a Parent can be the formula field of User(), meaning that each concurrent User has a different Parent to draw their Custom permission from.