A necessary prerequisite to the implementation of any security within a project is the creation of a login page to authenticate users.
To create a security login page:
To setup security for a project:
By default, session variables are created for the User ID Variable, User Login Variable and Group ID Variable only. If other session variables are to be used you need to write custom code for them. Please see the Create Custom Session Variables example.
By default, session variables are created for the User ID Variable, User Login Variable and Group ID Variable only. If other session variables are to be used you need to write custom code for them. Please see the Create Custom Session Variables example.
If the site users are categorized into different groups, you can use the Security Groups section to setup group ID's and names. The Group ID values should correspond to the database field that specifies the group to which each user belongs.
The group ID's are setup in a hierarchical manner such that users with a higher group ID have more security clearance than users with a lower ID. If this is the case, you can check the Higher Level Inclusive of Lower Levels checkbox so that users with a higher group ID can access all the pages that are accessible by users with a lower group ID.
You can uncheck the Higher Level Inclusive of Lower Levels checkbox if you want each group ID to be strictly allowed to access pages designated for that group only. In this case, a user with a group ID such as 3 will not be able to access a page designated for any other group ID.
You can specify the users who are allowed to access a page by using the Restricted property of the page in the page Properties window. When the Restricted property is set to No, all users can access the page without having to login.
Apart from setting security at the page level, you can also set form level security. This is done using the Restricted property of the form.
When setting security at the form or the page level, note that giving access to all groups is not the same as not setting any security at all. If all groups have access, each member of any of the groups is still required to login. This means that people who are not registered in the database will not be able to access the form or page.