can i do this with sc (security)

hello guys,

i have simple question, if i have many forms in sc7, and i have few grids to display the data…etc
can i have users management so to give each group/users access to specific forms and girds? like access level for users to see and edit stuff or view only, lock some functions from other groups/users,

is this doable with sc built in functions?

thanks in advanced guys

I was trying to do something similar recently but as far as I know (I’m quite new with scriptcase and could be wrong) I found that scriptcase security operates at the form level when it comes to users/groups/applications. You can lock down Edit/Update/Delete/Print/etc functionality based on a user/group but going deeper to lock out other specific functions or specific fields on your form isn’t built in there.

I use a mix of the following instead and it works really well for me:

  1. Different forms depending on the user. For example, Admin have more detailed forms for editing content while users can only view their own details.

  2. I check the group the currently logged in user is a member of and enable or disable fields and show or hide Blocks depending on what they should be able to view. Check the functions sc_block_display, sc_field_display, sc_field_readonly and sc_field_disabled for examples of doing this.

Hope that helps.

I used a couple of different methods to get this to work for me.

In general I don’t like the solution of hiding blocks depending on user rights. A small hack or flaw could cause the block to be shown, in fact I’m not even sure if the source contains the panel but is hidden by javascript. But to view html and view source will tell.

The security model using groups is very complicated to end-users. Lots and lots of checkboxes to be set. If the application is large (and in our case it useually is) we create different applications for the different roles. That might sound a lot of work, but we do that only for the forms that do matter and need to have different visibility. After all a wrong checkbox is easily set or unset which causes a lot of maintenance trouble to find out what’s wrong. Creating a separate application (on the same _lib) does not have that disadvantage, keeps maintenance of security more easy and will not have a security breach if setting security fails. But that’s my opinion of course.

Brendanboyle and Albert,

really thanks a lot guys, i think it is fine for me to have a form for each role or user, as in my case will be used for a small number of users,

however, i am still in testing mode of sc, didn’t get their confirmation of the serial transfer in order to buy it, and i’m planning to install in my laptop as trial next Sunday because i’m very busy before then and hence will not waste 3-4 days of trial for nothing :slight_smile:

but Albert, as per this forum, i didn’t receive an email when you replied this thread, even i subscribed to, i’ve received them for other threads, will check my settings though, but if you have access to admincp why don’t you make this option as default, to subscribe automatically as instant email, then user can change it if he/she doens’t want to, i guess is better and other forums do this…

thanks again guys, will keep in touch
Mike