5 Replies Latest reply on Jul 27, 2016 5:14 PM by gaynor

    Moving users and privilege sets

    dbwdev

      Title

      Moving users and privilege sets

      Post

      Hi all,

      Is it possible to move the users and the privilege sets from one database to another?

      Thank you,

      J

        • 1. Re: Moving users and privilege sets
          FentonJones

          I don't think so. There is no visible "copy". I try it manually, and it just beeps. I use FileMaker Pro Advanced, and it can copy/paste many things, fields, scripts, even script steps (or groups of any of these things). But it cannot copy an Account, in the Security [ nor can it copy/paste a Table Occurrence in the Relationship Graph ]; unfortunately, as one sometimes wishes. 

          On some databases, with many files (old days), I have scripted the creation of an Account into all the files. But unless you plan to do this often, you'd be spending more time to build such scripts as you would do even quite a few Accounts manually. 

          • 2. Re: Moving users and privilege sets
            philmodjunk

            It's one of the shortcomings of the current design and a powerful argument for designing systems to only use a one or a very few individual files. But even then, there are issues when you deliver an upgraded copy of your database to a client and have to manually reproduce all the accounts added between the time you delivered the first version and the time you plan to upgrade by importing the data into the new file.

            For this reason, some systems emply a table of account names and associated privilege set names so that newly added accounts can be at least set up with a temporary password, but correct account name and privilege script via a script that starts by importing the account records into the new file.

            • 3. Re: Moving users and privilege sets
              gaynor

              Hi Phil.

               

              We have several databases, and would like to copy the users, passwords and their privilege sets from one to another (or multiple), then update manually if necessary.

              Do you know if there is a script for this? You mentioned "a script that starts by importing the account records"

               

              I also found this link:Import/copy over privilege sets and accounts? where you mention a script.

               

              Kind regards,
              Gaynor

              • 4. Re: Moving users and privilege sets
                philmodjunk

                Do not ever store passwords in a field. This is a security risk.

                 

                But if you set up a table with one record for each account name and its associated privilege set. And then set up a table with one record with eac user, you now have data that can be copied from one file to another like any other data.

                 

                Once the the data is imported, a script can loop through the table of users to create accounts with a temporary password that the users have to change the first time that they log on.  A date field can record when an account was created so your script can find only those new records added since the date of last update.

                 

                But it what I am describing is the creation of a complete account management system with global fields for passwords plus scripts in each file that modify accounts. Accounts and passwords would be passed as script parameters.

                 

                See why external authentication can make more sense?

                • 5. Re: Moving users and privilege sets
                  gaynor

                  Thanks for your help Phil.