6 Replies Latest reply on Sep 24, 2013 2:28 PM by philmodjunk

    Security: Hosted vs Standalone



      Security: Hosted vs Standalone


           Is security for standalone different than hosted? Test File - FileMaker 12

           In the attached file there are two users: Admin, User. Neither have a password.

           If you login as 'user' and from a portfolio click the GTRR button it properly navigates you to the correct records. And when performing a find (perform a find on severity with a value of 3) it still only finds records related to the original portfolio. This is the desired result.

           Now if you host the file on a server or on your machine you will notice that when you click the GTRR button you get a 101 error. When hosted is the security treated differently? Ho can I achieve the same result when hosted?


        • 1. Re: Security: Hosted vs Standalone

               Security should be the same, though with server as the host, you gain additional options such as server based external authentication.

               101 means "record is missing".

               While I would define the Portfolio field to be a field of type number in both tables and as an auto-entered serial number in Portfolio, I can see no reason why hosting the file should produce a change in behavior.

          • 2. Re: Security: Hosted vs Standalone

                 Thanks Phil. In my testing I changed the type and had intended to switch it back to number.

                 Any ideas why the privilege set would act differently in the two environments? Is this possibly a bug?

            • 3. Re: Security: Hosted vs Standalone

                   However, under the user account, I am seeing inconsistent results without even hosting the file.

              • 4. Re: Security: Hosted vs Standalone

                     I'm getting an issue without even hosting the file. The record that is current when the file opens, when the file is opened with the limited access "user" account, cannot access the related records given the record level access security settings. I tried a number of different "fixes"--including manually running the script that sets the global variable and found that the following script, performed "onFIrstWindowOpen" would fix the problem, but it really shouldn't be necessary:

                     Set Field [Portfolio::Portfolio ; Portfolio::Portfolio ]
                     Commit Records []
                     Perform Script ["port variable"]

                     I was then able to reproduce this behavior in a brand new "created from scratch" test file so it does not appear to be any kind of issue with the specific file or a field index.

                     PS. I hit on this solution first by putting a portal to SR on the portfolio layout so that I could see what records were accessible without using the GTRR button. I then discovered that if I manually deleted one digit from Portfolio, typed it back in and clicked the layout background to commit the change, the records then appeared and GTRR worked.

                     I'm now going to report this over in Report an Issue as this seems to be an easily reproducible bug.

                • 5. Re: Security: Hosted vs Standalone

                       Great! At least I'm not crazy! thanks for taking the time to help me look at this.

                  • 6. Re: Security: Hosted vs Standalone

                         The issue report that I filed can be seen here: Record Level Access incorrectly blocks access on initial parent record