+ Start a Discussion
DSIDSI 

record level access

Does anyone know how to set up read access to objects so someone can only see their records?  e.g. a salesperson would only see information for their customers.  I don't really care about update, since this will be primarily a reporting system, but I need to control access so people can't see records that don't belong to them.

 

Thanks,

Gloria Lee

BulentBulent

you would need to authenticate users for this. They need to be identified as a known portal user in order to access information specific to them. seems like your flow is Partner portal flow.

 

Site provides anonymous access, you can control what can be seen publicly but it'll be the same for everyone accessing to your site publicly 

DSIDSI

Not really sure I understand your response.  How do I authenticate users? 

 

Here's the actual scenario I'm shooting for:

 

I am an ISV building a Force.com custom app to provide data warehousing for K12 (education).  In other words, it will be a read-only system.  All the objects are custom objects.  There will be some built-in reports for Teachers who have been assigned a profile/role called Teacher.  The school I am working with would like Teachers to only perform analysis against their own students for their classes.  A (teacher, section) combination would identify the qualifying students.  Since it is read-only, the teachers are not creating the data, so I can't assign security based on who created the specific record.

 

If you can address my specific scenario, maybe it will help me understand  your advice a bit better.

 

Thanks,

Gloria Lee

BulentBulent

you can think public site as only one user (public or guest user). Every one accessing your site will use the same access control and will have access to the same information.

 

If you need to show them personalized data that just visible for specific users then you would need to create a user for each visitors and after login they would access to the data that they will be allowed to.  Fro that you need customer portal licenses and you can leverage force.com sites - portal integration.

 

Alternatively you can build a search page and display results based on the search parameters (like show the students based on a given teacher name). However, anyone will be able to performa search and see results.

 

hope this helps. 

DSIDSI

I didn't know about custom portals.  I will have to study them more to determine what they are and how to use them.  Seems like a lot of work for what should be a simple security access problem.  I'm assuming that data can be shared between custom portals?  For instance, the teacher might have a restricted student view, but the principal and counselor would want to be able to see all students.

 

Thanks for your help.  I'll come back to the discussion board if I can't figure things out.

DSIDSI

Actually I don't think this is solved.  I took a look at custom portals and I don't think that is what I'm looking for, in addition to the fact that it makes the whole application considerably more involved.  As I understand it, custom portals would be useful for CRM customers that only need to look at their own data.  It is a way to slice off a portion of the data to be private to one organization.

 

In my situation, where you have teachers that need to access only their student's information, students have many classes and a different teacher in each class.  So a student will be "owned" by more than one teacher in a given semester.  Next year, it will be possibly different students.

 

Is there an object that is accessible, where I can actually get the username of the person currently logged into the site?  If so, I can add a criteria in my filter criteria to achieve what I want.  It won't be perfect, and knowlegable users are free to change the criteria, but I think it will be an acceptable solution.

 

Please let me know if my understanding of custom portals is incorrect.

 

Thanks,

Gloria Lee

BulentBulent

Gloria,

 

there is no logged in user when you access to your public site. It's anonymous access.

if you are okay to expose the data publicly (anyone can see the data) then you can create a page where people search for students then drill down to the details

 

but if your data is private and you only want students to see their own data then you will need to authenticate them where the portal integration is needed. 

DSIDSI
Sorry to hear that.  I am fiarly sure custom portals won't solve my problem.  The application is not students accessing their own data.  It is teachers accessing data for students.  There is no one teacher that owns that student.
RyanGuestRyanGuest

Gloria,

 

I wouldn't let the "Customer Portal" terminology discourage you. Although the generic use case is for business to consumer, customer portals have a manager -> user functionality where you can configured through either profiles or roles what manager can see what users.

 

If you think of "managers" as "teachers" and "users" as "students" I think you could accomplish what you're trying to do. 

DSIDSI
I spoke to someone at SF and am back to trying to figure out how to use customer portals to achieve what I want now.  There is another advantage to using customer portals in that the licensing cost is much lower than the platform license, so it will be key to making the product affordable to teachers.  I think I'm going to have to set up one more level of indirection... a student roster with the unique identifier being (student, teacher, section).  Then, each teacher can own individual roster records, instead of the student itself.  That might work, but I'll have to find some time to try it out.