Multiple Privilege Sets Per Account

Idea created by alecgregory on Oct 30, 2015
    Active
    Score14

    FileMaker only allows one privilege set per account to define access privileges. A more flexible approach would allow for account access privileges to be made up of a combination of privilege sets.

     

    This could be achieved using an additive or subtractive model. Both models are illustrated below:

     

    Additive

    Privilege sets for User1 on FileA with Tables A, B, C, D, E, F:

    Default Set: No access

    Set 2: Read only all tables

    Set 3: Write to TableA and TableB

    Set 4: Write to TableC

     

    User1 access is:

    Write to TableA, TableB, TableC

    Read-only on TableD, TableE, TableF

     

    Subtractive

    Privilege sets for User1 on FileA with Tables A, B, C, D, E, F:

    Default Set: Full access

    Set 3: Read only TableD and TableE

    Set 4: Read only TableF

     

    User1 access is:

    Write to TableA, TableB, TableC

    Read-only on TableD, TableE, TableF

     

    The additive model makes more sense to me as developer errors are less serious: It's better to erroneously not give someone access to something they should see that to erroneously give them access to something they shouldn't see.

     

    This idea is important for products/solutions built in the FileMaker platform, i.e. systems that will be installed by hundreds or thousands of separate customers. Developers of these solutions often need to offer user configurable security, but providing the required flexibility is difficult in the current security model without splitting data across multiple files.

     

    Example

    To give a simplified example: our product has Invoices and Shipping Forms in two different files. A user may have one of five different levels of access for each table. This currently translates to 10 total privilege sets across two files. Ideally, we would combine these two tables into a single file, but this would increase the total privilege sets required to 25 to cover all possible access level combinations. Additionally, if we needed to add 1 extra level of access to Invoices, we would need to create 5 additional privilege sets; one for each existing level of access to Shipping Forms.

     

    Effect on our product

    As you can see this quickly becomes unmanageable. We have calculated that to combine our 10 files into a single file and maintain our current security flexibility would require 49,152 privilege sets compared to the 35 privilege sets we currently have.

     

    I hope that demonstrates that it would be highly advantageous to allow an account to have a combination of privilege sets in a single file.