Check out this configurable approach. https://docs.bmc.com/docs/ars91/en/specifying-an-actor-based-form-view-609071116.html
It's not permissions, based and as mentioned on thread, you would want to control permissions at the field level. But I think this approach would accomplish what you want without the active link approach.. On Fri, Nov 17, 2017 at 8:47 AM, LJ LongWing <[email protected]> wrote: > ** > as long as your permission model is secure then letting them into that > view won't give them access to something they shouldn't have access > to....then it shouldn't be an issue for them to be there....but, the method > outlined before will prevent it nonetheless if that's your wish :) > > On Fri, Nov 17, 2017 at 9:17 AM, Thomas Miskiewicz <[email protected]> > wrote: > >> ** >> Well they don’t bave access to the things they shouldn’t have to but I >> don’t want them to event get to those thing they don’t have access to... >> >> On Fri 17. Nov 2017 at 17:15, LJ LongWing <[email protected]> wrote: >> >>> ** >>> No, it's more of a factor of 'what is in the admin view what they >>> shouldn't have access to'...and should you change permissions to those >>> elements so that even if they make it into the Admin view, that they don't >>> have access to the things they shouldn't have access to :) >>> >>> On Fri, Nov 17, 2017 at 8:57 AM, Thomas Miskiewicz <[email protected]> >>> wrote: >>> >>>> ** >>>> You mean separating the admin and user views into two different forms? >>>> >>>> On Fri 17. Nov 2017 at 16:55, LJ LongWing <[email protected]> >>>> wrote: >>>> >>>>> ** >>>>> Thomas, >>>>> This is my favorite topic of 'security through obscurity'.....if the >>>>> method that things are secured is by simply not 'showing them' to the >>>>> user...or, putting them behind a curtain....then it's not truly security. >>>>> I believe what Misi is saying is that by creating an AL that prevents the >>>>> user from getting to this particular view, you are trying to secure it by >>>>> putting it behind a curtain.....if there are elements on the view that you >>>>> don't want the users to have access to, then they shouldn't have >>>>> permissions to them....this would prevent them from wreaking any havoc >>>>> because even if they had access to the view, they wouldn't be able to do >>>>> anything they didn't have permission to do anyway... >>>>> >>>>> On Fri, Nov 17, 2017 at 8:47 AM, Thomas Miskiewicz <[email protected] >>>>> > wrote: >>>>> >>>>>> ** >>>>> >>>>> Oh yea? Please elaborate. >>>>>> >>>>>> On Fri 17. Nov 2017 at 16:46, Misi Mladoniczky <[email protected]> wrote: >>>>>> >>>>>>> If you have to rely on GUI functionality to do this, one could argue >>>>>>> that your permission strategy is faulty to start with... >>>>>>> /Misi >>>>>>> >>>>>>> Thomas Miskiewicz <[email protected]> skrev: (17 november 2017 >>>>>>> 14:42:20 CET) >>>>>>>> >>>>>>>> ** Hello there, >>>>>>> >>>>>>> >>>>>>>> I have *Form A* with *User View* and *Admin View*. How can I >>>>>>>> prevent unauthorised access to the Admin View? >>>>>>>> >>>>>>>> If there is no configurable state of the art way maybe you have an >>>>>>>> elegant idea how to achieve it? >>>>>>>> >>>>>>>> >>>>>>>> Thank you >>>>>>>> >>>>>>>> Thomas >>>>>>>> >>>>>>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> sent from my Android-unit with K-9 Mail. >>>>>>> >>>>>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >>>>>> >>>>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >>>>> >>>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >>>> >>> >>> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> >> _ARSlist: "Where the Answers Are" and have been for 20 years_ >> > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
