Moving users and privilege sets
Is it possible to move the users and the privilege sets from one database to another?
I don't think so. There is no visible "copy". I try it manually, and it just beeps. I use FileMaker Pro Advanced, and it can copy/paste many things, fields, scripts, even script steps (or groups of any of these things). But it cannot copy an Account, in the Security [ nor can it copy/paste a Table Occurrence in the Relationship Graph ]; unfortunately, as one sometimes wishes.
On some databases, with many files (old days), I have scripted the creation of an Account into all the files. But unless you plan to do this often, you'd be spending more time to build such scripts as you would do even quite a few Accounts manually.
It's one of the shortcomings of the current design and a powerful argument for designing systems to only use a one or a very few individual files. But even then, there are issues when you deliver an upgraded copy of your database to a client and have to manually reproduce all the accounts added between the time you delivered the first version and the time you plan to upgrade by importing the data into the new file.
For this reason, some systems emply a table of account names and associated privilege set names so that newly added accounts can be at least set up with a temporary password, but correct account name and privilege script via a script that starts by importing the account records into the new file.
We have several databases, and would like to copy the users, passwords and their privilege sets from one to another (or multiple), then update manually if necessary.
Do you know if there is a script for this? You mentioned "a script that starts by importing the account records"
I also found this link:Import/copy over privilege sets and accounts? where you mention a script.
Do not ever store passwords in a field. This is a security risk.
But if you set up a table with one record for each account name and its associated privilege set. And then set up a table with one record with eac user, you now have data that can be copied from one file to another like any other data.
Once the the data is imported, a script can loop through the table of users to create accounts with a temporary password that the users have to change the first time that they log on. A date field can record when an account was created so your script can find only those new records added since the date of last update.
But it what I am describing is the creation of a complete account management system with global fields for passwords plus scripts in each file that modify accounts. Accounts and passwords would be passed as script parameters.
See why external authentication can make more sense?
Thanks for your help Phil.
Retrieving data ...