Securing URL links

I'm trying to use SecurityAssist to secure individual user items in a database. Users upload ideas and each idea has a ID. The ideas_detail.php shows the detail after it has been uploaded.

This ID is displayed in the url when a user goed to the detail, delete, update pages. A user may not view another's ideas. One can easily do this by replacing the ID in the string in the url.
How can I use Security Assist to deny access if the logged in user's ID is not valid UserID to view specific IdeaID's. Simplification of my table structure:

UserTable - > UserUserID, UserUsername, UserUserPassword
IdeaTable - > IdeaIdeaID, IdeaUserID, IdeaIdeaDetails

I used SecurityAssist's wizard to create a login page, so I have a Session Variable UserUserID to then compare to the IdeaUserID from a recordset that filters the records by IdeaID used in the url.

When setting up the rule in Security Assist it does not allow access to the pages.

Is there a thread/help file for this somewhere because I believe it's a very general enquiry for securing files from other users.

Thank you in advance

edit the recordset on the detail page.

add another where clause to the recordset to include the IdeaUserID column:


AND IdeaUserID = paramUserID

then create a new parameter:
Name: paramUserID
Type: Number
default value: -1
Runtime Value: $_SESSION['UserUserID']


this way the record will only show if the IdeaUserID has the logged in users id.