I am looking to make an application that will allow member organisations to log in and amend their own member data.

I have used Data Assist and Digital file pro before however you are able to amend all data that is uploaded.

How can I make it so that you can only see data that has been added by yourself?

Thanks in advance

When the member logs in to their "area" you would assign a session variable which would be their unique ID in the "members" database table.

When you save the record of the file you upload you can store this session variable in the table, so the database knows that it was uploaded by this member.

Then when you pull the records back you filter the recordset only to show records that have a memberid of the session variable set at login.

If you want you can also create a directory on the web server named as the unique ID so that all member uploads are stored under their own directory.

This sounds exactly the sort of thing that I need to do. Do you know of any tutorials that cover this as I have never done it before.

Do any of the webassist extensions deal with this?

WebAssist SecurityAssist is the extension that handles it. There is a functional example in the User Registration Solution pack, which has a member section where they can only update their own profile. It could easily be extended and has most of the work done including database design and implementation of all the WebAssist extensions like securityassist, dataassist, validation toolkit, and even dynamic web charts.

I have created a login system using security assist that I'm sure has an ability to update your details, but I don't remember there being anything about session variables....

On the login page, the security assist authenticate user server behavior.... that is the primary purpose of that server behavior.

It looks up a record in a database (generally using username and password) and will store one or more session variables associated with the record found.

So could I use the authenticate user server behaviour to achieve this?

And then filter data using the username?

I guess that if I could, when data was submitted it would also need to submit an email address, but then what would happen if the user changed their username....?

You would store the userID and not the email so that it wouldn't change with updates by the user.

OK, I am following you so far...

...I am presuming then that the Session Variable containing the UserID needs to be inputed into the database using data assist for each entry...

...I have found the session variable part of the data assist wizard, the column that is selected is id, but in the database is an incremental number as the record id as opposed to the user id.

So I guess I need to create another column in the database, UserID, so what do I put in the Store as: field? its currently set to WADA_Insert_xx

yes, any dagabase record you want only editable by a certain user, you would have to create a field in that database to contain that userID. If you force them to log in, you can set it from the session variable and filter by the session variable to allow inserting and editing.