Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi,
Is it possible to define a default user in Section access?
What I'm trying to accomplish is that a number of named users (NTNAME) should see a sheet that is hidden for everyone else without having to specify it for every NTNAME. So if a user isn't named in Section access he or she should get a default access level.
Thanks
🙂 Fredrik
Fredrik,
If I understand you correctly, then everyone has access to the document and you just want to use section access to control exactly what they see?
I believe section access searches for a match 'top down' in terms of how the rows are presented to it and the first positive match terminates the search. I think by having a column, called for example 'SeeHidden' then those people you want to see it are defined with their true NTNAME and a value of 'Y' for the column. Anyone you dont want to see the hidden column you use '*' in every column (NTNAME for example) and a value of 'N' for 'SeeHidden'. Its important this row follows any specifically named users. The '*' does of course mean 'all' and needs to be declared in the script with
Star is *;
Hope this helps,
Gordon
Fredrik,
If I understand you correctly, then everyone has access to the document and you just want to use section access to control exactly what they see?
I believe section access searches for a match 'top down' in terms of how the rows are presented to it and the first positive match terminates the search. I think by having a column, called for example 'SeeHidden' then those people you want to see it are defined with their true NTNAME and a value of 'Y' for the column. Anyone you dont want to see the hidden column you use '*' in every column (NTNAME for example) and a value of 'N' for 'SeeHidden'. Its important this row follows any specifically named users. The '*' does of course mean 'all' and needs to be declared in the script with
Star is *;
Hope this helps,
Gordon
Hello Gordon,
Thanks for your reply. I tried your solution but the '*' users sees everything.
Cheers
Fredrik
Fredrik,
Dont forget that 'section access' is used to automatically reduce the data the user can see, so we need to make the value in the column available in 'section application'. We can do this like so:
star is *;
SECTION Access;
[Access Control]:
LOAD NTNAME,
NTDOMAINSID,
SEEHIDDEN
FROM ...
SECTION Application;
[User detail]:
// Make user attributes visible
LOAD SEEHIDDEN
RESIDENT [Access Control];
Now you can use the SEEHIDDEN column to condition the 'show sheet' with
SEEHIDDEN = 'Y'
Regards,
Gordon
Hello Gordon,
Does this work for you? I tried it and I get the same result as before.
Cheers
Fredrik
is 'section access' turned on in the document properties> open?
I use this technique quite frequently.
Gordon
Hello Gordon,
Yes, 'section access' is turned on. The '*' user is prompted for username and pwd. The '*' user should be able to open the document as there were no section access.
Cheers
Fredrik
Hi again,
I tried it again and found a typo in the access table.. Now it works 🙂
Thanks for your help!
Fredrik
"If it doesn't work, try again!"
Hi,
I'm picking up this thread. I'm trying to achieve same thing as Fredrik, i.e. to give a default user more access than a named user by access rights defined in the section access. From what I can conclude from testing a bunch of cases, this is how it works:
1 - (If named user and default user (*) both are defined as ADMIN or both defined as USER: The user will gain the broadest access possible from the combination of the two access definitions.
2 - (If named user is defined as USER and default user (*) is defined as ADMIN: the user will gain the rights defined to default, i.e. the ADMIN rights overwite the USER rights.
Given that the named user is a USER, this basically means that if the default user in NOT ADMIN and if the default user is given access to a smaller data set, everything will work fine. However, if the default user is ADMIN or if the defined access is wider than for the named user (what I´m trying to achieve), it will not work. Does anyone have a good work-around to solve this problem?
Thanks,
David
Hi David,
As I mentioned before, I think the access rights are granted on a top down approach which terminates the search so if what you are seeing contradicts this then I am surprised.
I'm not quite sure what you are trying to achieve but I think its a bad idea for a default user to have ADMIN access. I would ensure that any access to an ADMIN enabled profile always had a definite authentication.
Regards,
Gordon