Is there any way to get information of current user in a different realm if they click application link of another realm where user has no access

  • 0
  • 1
  • Question
  • Updated 6 years ago
  • Answered

We have an application where we keep all our data including Customer requests. Customer request table is open to everyone on internet to add records (internet role). We have many customer applications (separate realms) where we have added link to add record in our support request table. When they add we capture their email id and write it to our record. In internet role, I used a custom permission to view only if current user’s email is matching with email address I captured while creating record. I have added a report link (report in our app) in customers’ applications to view a report in our application. But they can’t see any records as my app is not getting current user info since users are from different realm and not in our realm. How can I get information of a user from different realm who is not a user in our realm? (Assume that user has logged in to their QuickBase and opened our application link using a different tab)


I know that I can give access to everyone and make filter report using email id to show only a users’ records. But it is a security issue as anyone can view records

Photo of qbadmirer

qbadmirer

  • 20 Points

Posted 6 years ago

  • 0
  • 1
You cannot have any real security with Anonymous users.  Ie "Everyone on the Internet".

One idea might be to default their landing page to an <ask the user> report which asks for their email address. Then run a report based on their response.  Of course, nothing prevents them from guessing into someone else's email address.
Photo of qbadmirer

qbadmirer

  • 20 Points
Thanks Mark for your response. I can get the email address from their application itself and show a filtered report. For achieving this I have to open view to Everyone on internet which I don't want to do. I am planning to give custom access if possible.
Right, I understand that you want to give custom access. But you cannot do that when all users are the same - they are all anonymous users.