This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Security expression across three tables

Posted on 01-24-2020 07:01 AM
CorpIT
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

I have an app where users can submit test courses to be reviewed. The tests have their own form along with a form for adding test questions.

There is a Users table with fields:
User (key), Email
ex: John Smith , johnsmith@aol.com

A RequestForm table with fields:
RequestFormID (key), Requestor (a ref to Users)
ex: ABC123, John Smith

A RequestQuestions table with fields:
QuestionID, RequestFormID
ex: JHN567, ABC123

So a User creates a RequestForm and appends its RequestQuestions. How can I setup the behavior of the edit button (on the RequestQuestions table) so that only Requestors can edit the Questions they made via their USEREMAIL()?
Iโ€™ve got it working with at the RequestForm level with this formula, but I canโ€™t get it working at the question level:
IN( [Requestor], SELECT(Users[User],([Email] = USEREMAIL())))

Solved Solved
0 3 314
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Steve
Platinum 4
Platinum 4
In response to CorpIT
Reply posted on --/--/---- --:-- AM

Alright. In that case, the expression I gave you for the RequestQuestions table above should also work as the Only if this condition is true expression for the Edit action of the RequestQuestions table to offer the edit option only to the submitter of the question.

IN(
  [RequestFormID].[Requestor],
  FILTER("Users", (USEREMAIL() = [Email]))
)

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
Steve
Platinum 4
Platinum 4
Reply posted on --/--/---- --:-- AM

The best approach might be to use security filters, if you donโ€™t want users looking at each otherโ€™s data.

So that the Users table only includes the current user:

(USEREMAIL() = [Email])

So that the RequestForm table only includes the current userโ€™s forms:

(USEREMAIL() = [Requestor].[Email])

So that the RequestQuestions table only includes the current userโ€™s questions:

IN(
  [RequestFormID].[Requestor],
  FILTER("Users", (USEREMAIL() = [Email]))
)
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
CorpIT
Bronze 4
Bronze 4
In response to Steve
Reply posted on --/--/---- --:-- AM

So using this approach they can only see their own data? In this case I need everyone to be able to see all the data, but only be able to edit their own entries.

Jump to Solution

Posted on --/--/---- --:-- AM
Steve
Platinum 4
Platinum 4
In response to CorpIT
Reply posted on --/--/---- --:-- AM

Alright. In that case, the expression I gave you for the RequestQuestions table above should also work as the Only if this condition is true expression for the Edit action of the RequestQuestions table to offer the edit option only to the submitter of the question.

IN(
  [RequestFormID].[Requestor],
  FILTER("Users", (USEREMAIL() = [Email]))
)
Jump to Solution
0 Likes
Top Labels in this Space