Do you mean you want to limit which fields will be visible to users when they register and edit their profile?
You need to use a custom auth_user table and set writable=False for those fields they cannot edit, and readable=False for those that should not be visible. For example: db.define_table('auth_user', Field('first_name', length=512,default=''), Field('last_name', length=512,default=''), Field('username',length=32,default='', requires=(IS_NOT_EMPTY(),IS_NOT_IN_DB(db,'auth_user.username'))), Field('email', length=512,default='', requires=(IS_EMAIL(),IS_NOT_IN_DB(db,'auth_user.email'))), Field('password', 'password', readable=False, label='Password', requires=[CRYPT(auth.settings.hmac_key)]), Field('is_admin','boolean',default=True,readable=False,writable=False), Field('registration_key', length=512,writable=False, readable=False,default=''), Field('reset_password_key', length=512,writable=False, readable=False, default='', label=auth.messages.label_reset_password_key), ) As you can see is_admin is not readable and writable. auth.define_tables() # creates all needed tables On May 10, 12:39 pm, greenpoise <danel.sega...@gmail.com> wrote: > Whenever I use authentication on its basic form: > > 1. Any user can register something I do not want. > 2. Any user can see all the data > > I want to be more specific and have control of the registration > process as to where I create the users and group they pertain to and > hence look at their specific data only. Where is this defined? within > the Authentication/Groups or do I have to add another specifying > field?? I read the Authentication part of the book but I simply dont > know how to tackle this problem. > > Also while at it, is it a good practice to use the same database for > different clients? > > Thanks