4 Replies Latest reply on Jan 31, 2012 9:35 AM by RickKline

    How do I control who has privileges to read and write in a specific table?

    ahutler

      Title

      How do I control who has privileges to read and write in a specific table?

      Post

      Hi,

      This is in response to a post by Ninja that I will copy below. How do I control this? I was originally trying to have only 1 user account(person) have access to read and write in a certain field, but only this field and no others.Ninja's response:  (What I need help with is in blue)

      Howdy ebethram,

      What you are looking for is Field Level Access Privileges.  Unfortunately, they don't exist...directly ;)

      Assuming your record has a uniqueID (it should), create another table called "OnePerson" with an ID field and the field you are trying to protect.  The Field might be "OnePerson::Protected".  Now link this table to your main table via UniqueID.  Make sure that new records can be created in the OnePerson table via the relationship.

      On your layout based on your main table, put the OnePerson::Protected field on the layout.

      Now control who has privileges to read and write to the "OnePerson" table...essentially you've created field level privilege by using table level privilege.

      Note, though, that "FullAccess" means FULL Access.  You can't lock them out of this field.  You can make it more difficult as Phil describes above, but you can't make it impossible...they have Full Access. 

        • 1. Re: How do I control who has privileges to read and write in a specific table?
          philmodjunk

          You can set this up in Manage | Security...

          Look up "Editing record access privileges" in FileMaker help, paying close attention to the section titled: "Entering a formula for limiting access on a record-by-record basis".

          • 2. Re: How do I control who has privileges to read and write in a specific table?
            ninja

            Oh,

            So here's where this thread ended up...I kept looking for a reply in the original thread.

            Phil's right on top of it as usual...Thanks Phil!

            • 3. Re: How do I control who has privileges to read and write in a specific table?
              RickKline

              In response to ebethram's reply:

              Assuming your record has a uniqueID (it should), create another table called "OnePerson" with an ID field and the field you are trying to protect.  The Field might be "OnePerson::Protected".  Now link this table to your main table via UniqueID.  Make sure that new records can be created in the OnePerson table via the relationship.

              On your layout based on your main table, put the OnePerson::Protected field on the layout.

              Now control who has privileges to read and write to the "OnePerson" table...essentially you've created field level privilege by using table level privilege.

              Note, though, that "FullAccess" means FULL Access.  You can't lock them out of this field.  You can make it more difficult as Phil describes above, but you can't make it impossible...they have Full Access. 

               

              I'm actually looking for something similar.  I have a field that is written to by clicking on field label buttons, to display the definition of the field.  It works fine in full access mode, but in guest mode (read-only), the user has insufficient privileges to write to the description field.

              What I'd like to be able to do is give any read-only guest user write access to that one field.  I realise there are "hazards" involved, but have made a "clear" button, which writes nothing to the description field when clicked.

              Using FileMaker Pro 11.0v4 on a Mac Pro running Mac OS 10.6.8.

              In FileMaker Pro help, under "Protecting Databases", appears the following:

              Protecting databases

              You can restrict what users can see and do in a database file by defining accounts and privilege sets. For example, you can:

               •

              Password-protect a file

               •

              Allow data entry only

               •

              Allow browsing but prohibit database changes

               •

              Restrict access to specific tables, records, fields, and layouts

               

              I'm particularly interested in the fourth bullet: "Restrict acess to specific tables, records, fields, and layouts.

              But there's no easy, direct access to instructions on HOW to restrict (or in my case, permit) access to a specific field. 

              My database does not have unique IDs per record, but it's simple enough to create a key field and populate it with serial numbers.

               

              Basically, I'm checking to see if what I have to do is replace the exisiting field with a write-access field from a new table.  That'll involve changing the button definiton for each of approximately 53 fields.

              I'm attaching a screen shot of the database. I've since moved the instructions and right hand column farther to the right, so the data section is not so crowded.

              Thanks.

              Rick

               

              • 4. Re: How do I control who has privileges to read and write in a specific table?
                RickKline

                Found the answer I was looking for in "The Missing Manual" for FileMaker Pro 11:

                File/Manage/Security

                Edit [Guest] account

                Privilege Set: New Privilege Set

                Under "Data Access and Design":

                  Records: Custom Privileges

                  Layouts: View only

                  Value lists: View Only

                  Scripts: All executable only

                Editing Records: Custom privileges: selected main table, where Field_Description field occurs:

                View: Yes   Edit: No  Create: No  Delete: No  Field Access: limited

                Editing Limited Field Access:

                Clicked on Field_Description, changed to "Modify"

                All other fields are set to "view only"

                 

                That seems to do it.  Field level access is built-in, you just have to dig to find it.