There seems to be something missing -- either from the DbmanSQL manual or from my brain. Hopefully, somebody here can show me that a brain defect is the only reason why I can't set a reasonable authentication method.
This is what we need to do ...
1. No authentication for ordinary users, who may view all records
2. Authentication for anyone who wants to add a record. These registered users should be able to login to view all records, add new records, edit and delete their own records.
3. Normal entry to the database should be a home page with options including search, not a login page.
4. There should be a 'login to edit' button in the footer of each page.
In other words, we must not require authentication for default users, but we must have authentication for registered users who have database modification permissions.
Sounds easy and obvious ... but this is what actually happens with these settings ...
auth_allow_default = View
auth_signup = Yes
auth_signup_permissions = View, Add, Delete, Modify
auth_modify_own = Yes
auth_view_own = No
a) We set auth_no_authentication = Yes (because default users should not be authenticated).
Now everybody can view the records, but logged-in registered users get exactly the same page as default users -- they can't add, modify or delete, even after they have logged in. Inserting explicit parameters to the URL, eg: db=ourDB&do=add_form&uid=arthur (where 'arthur' is a registered user with 1,1,1,10 permissions) results only in a message saying You don't have permission to add
b) We set auth_no_authentication = No
Now registered users can do what they expect to do, but ordinary users have to sign up before they can see the database ... which is 100% unacceptable, for us and for them.
GT: Even though these things are not explained in the manual, the balance of probablity is that we can do it -- we just haven't figured it out. Nevertheless, we would like some reassurance that we have not bought the wrong program.