Restrict Editing Records to Record Owners

In this article we'll look at how to restrict a page to only be editable by the owner of the record. 

 

Objective: 

We have a Projects table that is seen by many of our logged in users. We want to enable only the user who created the record to be able to edit this record. 

This scenario assumes that multiple users can see the same records. If the only records shown are the records that belong to the logged in user, this approach is not necessary. 

 

Structure

We have a customers table with several fields, one of which is a connection to the users table and have added an edit link which opens a new page where we can edit the record. 

As you can see the Created By field is the connection field to the logged in user. Each time a record is added, we set this to the value of the logged in using record rules. 

 

 

Since this table is visible to many users we want to ensure that when someone clicks on the Edit link and it opens the Edit page, it should only be editable by the user who created this. 

 

Implementation

To achieve this goal, we'll ensure the Edit page is secure then simply set the second parameter to the logged in user. 

  1. Open the edit page
  2. Click on Settings
  3. Secure the page to only logged in users or users of a particular role
  4. restrict page based on logged in user field. 

 

If you set the edit link in the table to open in a modal window, this feature will not work.