If you create a grid where you want the data shown to belong to a certain employ you save the employee id in a global variable at logon and in the grid you supply the criteria to the SQL statement like:
select field… where emplid=[glob_emplid]
suppose you have a table with events for each emplid with key eventid
Now if I want to show the correct data is set the glob_emplid the grid will show all events belonging to the employee.
BUT…
If I have a detail checkbox on then a magnifierglass is shown Under the magnifier glass is a link containing the eventid. If I copy the link and put it in the url line of a browser I can read EVERY record of ANY employee. The fact that the SQL has where emplid=[glob_emplid] is totally ignored.
This is a major security leak and should be fixed asap.
The only solution for this is to remove the detail. Add a column with an image and apply a link to a new application showing the current data where all buttons are removed from the toolbar (read-only) and the correct sql applied. If you want you can create this link as a modal form. This will take only a few minutes of work so pretty easy to work-around.