Filter by flag on user seems to operate in reverse

  • 1
  • Question
  • Updated 5 years ago
I followed the example for filtering client records so that a user who has a flag set on their user record sees only clients that have a matching flag set....
It does filter the clients... but it seems to operate in reverse

if i set the filter to NOT match then i see the right records



if i set the 2 flags to be equal to each other... then i see only the clients who DONT have the flag set
Photo of ktyler

ktyler

  • 9,244 Points 5k badge 2x thumb

Posted 5 years ago

  • 1
Photo of Anna Wiersema

Anna Wiersema

  • 10,890 Points 10k badge 2x thumb
Hey Ken, I have a couple questions and a suggestion.

First question, on the User Record, View Private Practice is also a checkbox, right?

So in theory when for the user "view private practice" is true, then the records returned should only be ones where "private practice" is true. And conversely, for the user where "view private practice" is false, then the records returned should only be ones where "private practice" is false.

Second question: did you verify whether "view private practice" was true or not for your own user account? This could cause some confusion.

I would suggest that in the future you actually handle these types of issues in the standard Salesforce security controls and sharing settings. Skuid is made to respect your security model, not to provide that security. Salesforce has great and very granular security controls specifically created for these types of scenarios where users should only be given access to certain records/types of data. You should definitely address all security/viewing permissions concerns there first.
Photo of Anna Wiersema

Anna Wiersema

  • 10,890 Points 10k badge 2x thumb
Sorry, Ken, I didn't realize that this was part of a longer discussion. Zach probably has better insights than me, in this case (and usually :)
Photo of Zach McElrath

Zach McElrath, Employee

  • 49,014 Points 20k badge 2x thumb
Ken, first off, very strange that the filter is operating "in reverse", but does it still getting the job done, even though it's "in reverse"?

Anna's suggestion about using native Salesforce Security/Viewing permissions is an excellent one --- Ken, you could alternatively use a Criteria-based Sharing Rule here, assuming that the Sharing Model for your Client object has been set to Private. This would be more secure, as the Client records with "Is Private Practice" checked would literally be completely inaccessible to users who shouldn't see them.

The way to implement this is pretty simple:

1. Create Public Groups corresponding to users who should / should not see "Private Practice" Clients.
(a) Go to Setup > Manage Users > Public Groups to create these Public Groups.
(b) Create 2 Public Groups, one called "Can See Private Practice" and the other "Cannot See Private Practice", or something like that that makes sense.

2. Make sure that the Sharing Model for your Client object is "Private"
- Go to Setup > Sharing Settings to do this.

3. Once your Sharing Model is Private, create two Sharing Rules on your Client object.
(a) For "Rule Type", select "Based on Criteria".
(b) Rule 1
For Rule 1, criteria should be: "Is Private Practice" equals "True"
For Rule 1, Share with Public Groups "Can See Private Practice"
(b) Rule 2
For Rule 2, criteria should be: "Is Private Practice" equals "False"
For Rule 2, Share with Public Groups "Cannot See Private Practice"

With these things done, you won't even need to use the field on the User object anymore, or to have Conditions on your Model in your Skuid Page. All you have to do is to add / remove users from the appropriate Public Groups, and this should take care of it. This also gives you the flexibility to grant certain users the ability to see both kinds of Clients.

Since you're a System Admin, you'll see all Clients, so to test this, you'll need to Login as one of your other users.
Photo of ktyler

ktyler

  • 9,244 Points 5k badge 2x thumb
Anna,
You can see in my screenshot that view_private_practice is checked for the current user (the bottom table is linked to the current user model, which is filtered by the logged in user)
so that check box is true

and if i set the filter to "equal" the check box in the client records... i get only client records where the "is_practice" checkbox is NOT checked

it works, but in reverse

don't step back because zack is involved... you also give great help... and i need all the help i can get