Menu
▾
▴
Re: [Openinteract-help] Per-field permissions in SPOPS?
|
From: Chris W. <ch...@cw...> - 2003-11-07 06:22:13
|
* Vsevolod (Simon) Ilyushchenko (si...@cs...) [031106 16:22]: > Has anyone tried to implement in SPOPS giving different users different > write permissions on different fields. Say, if we have a table of > employees, a) the owner of each record is allowed to update his phone > number, b) people in HR are allowed to update most other fields, but c) > no one is allowed to update the employee number as it's autogenerated. I've actually actively campaigned *against* this. I had a bad experience with this about five years ago and (possibly) never recovered. IME if you're doing field-level security it's probably better to split off certain fields into separate objects. Part of this is because it's a HUGE PITA for non=devlopers to maintain the necessary security to make this happen. Another part is just pragmatic -- it's a PITA to track this stuff. One separate thing to think about -- model groups of fields in the same DB record as separate objects. You can do this by specifying the 'field' elements for only certain parts of the object in each class. Hope this makes sense, Chris -- Chris Winters (ch...@cw...) Building enterprise-capable snack solutions since 1988 |
