Is it possible to restrict access to records based on department membership? Example, members of the VOLUNTEER DEPARTMENT should be able to view all records entered by members of the VOLUNTEER DEPARTMENT within App71. While members of the STAFF DEPARTMENT should only be able to view records created and edited by other members of the STAFF DEPARTMENT within App71. I realize I could clone App71, however, App71 has related records within other Apps which complicates everything. tloving@ufore.com.
Hello Tony
Yes, this is definitely possible by basic functions of kintone w/o using any API.
This can be simply done by adding permission in the records permissions of your app. The permission setting for records can be found in the Records setting under the Permissions on the App Settings tab for any app.
For example, if you want ONLY the members of the VOLUNTEER DEPARTMENT to view (also, edit and delete) all records created by members of the VOLUNTEER DEPARTMENT within App71, you should set something like the following in App71:
//////////////////////////////////////////////////////////////
Created by|includes any of|VOLUNTEER DEPARTMENT
VOLUNTEER DEPARTMENT|Permissions: [X]View [X]Edit [X]Delete
Everyone|Permissions: []View []Edit []Delete
//////////////////////////////////////////////////////////////
I hope this helps.
Thank-you Yuzo Arai, I will give it a try.
Thank-you Yuzo, i had a chance to test the settings, but it seems to have some general security risks.
Using the settings generally works for new data being created. However, I am able to see data that I am not privileged to see from which was originally created by the Administrator or Unassigned users. I also noticed some of the Apps only show Author as a condition. I don’t see the Create by field within the pick list.
Is this the normal behavior?
Hello Tony
1)“However, I am able to see data that I am not privileged to see from which was originally created by the Administrator or Unassigned users.”
Hmmm, weird. it should be all controlled by the record permissions. I could only suggest you to look into your user and app in detail (are you the administrator? app creator? exist in particular organization? etc.)
2)“I also noticed some of the Apps only show Author as a condition. I don’t see the Create by field within the pick list.”
[All Records],[Record Number],[Updated By],[Updated Datetime],[Created Datetime],[Created By] are all choices that should exist from the beginning in the condition selection. It may be possible that someone have renamed the [Created By] field to [Author] in your app, which in this case you will see [Author] instead of [Created By] in the condition selection list.