Is there a way to bypass role permissions when updating a record using a url button?

  • 0
  • 1
  • Question
  • Updated 4 years ago
  • Answered

Our database is set up so that users in certain roles are prevented from editing records when those records meet a certain criteria (i.e., IS_LOCKED = True). This locks every field in the record, which is fine for the most part, except that there are times when we want to allow the user to still make some changes but only to certain fields.

For instance, even though a record is locked, it may still need to be approved for processing by another department. The approval process is automated through the use of an "Approve" button which edits the record and adds the approver's name and the current date.

When the record is locked as indicated above, however, the button throws an "Insufficient permissions" error.

So the question is, Is there a way to bypass the role permissions to allow the "Approve" button to work even when the record is locked?

Thanks in advance.

Photo of Juan

Juan

  • 20 Points

Posted 4 years ago

  • 0
  • 1
Photo of QuickBaseCoach App Dev./Training

QuickBaseCoach App Dev./Training, Champion

  • 69,724 Points 50k badge 2x thumb
One think that is super solid in QuickBase are Role Permissions. Form rules may have loopholes or break on you and maybe one day your don't receive a Subscription email, but man, Role Permission are rock solid at the very heart of QuickBase.

One idea might be to move the approve "field" down to a child table which is not subject to that same locking. Then users who click approve would be adding a record to a child table. Then you could do a reverse lookup to get the most recent approval log record and see if it was an Approve or a Decline.
Photo of Juan

Juan

  • 20 Points
Thanks Mark, I was hoping to avoid the use of additional child records, but I understand what you mean about the role permissions.
Photo of Juan

Juan

  • 20 Points
As a follow up question, is there a way to display a more user-friendly message as to the reason why they can't edit a record?  When users click on my "Approve" button on a record that is locked, they get this nasty message:

<qdbapi>
<action>API_EditRecord</action>
<errcode>3</errcode>
<errtext>Insufficient permissions</errtext>
<errdetail>
Oops. You don't have permission to access that page
</errdetail>
</qdbapi>

Thank you.
Photo of QuickBaseCoach App Dev./Training

QuickBaseCoach App Dev./Training, Champion

  • 69,724 Points 50k badge 2x thumb
If the record is locked, the use a form rule to hide the button or use an IF statement in the URL button to make the result null, so there is no button to click!!
Photo of Juan

Juan

  • 20 Points
Yeah, that's what I had done already.  Just wondered if there was a way to display a custom message when they clicked the button letting them know of the reason they could not edit the record.  

But I just displayed this message where the button would be instead, directly on the form.

Thanks again.