AnsweredAssumed Answered

Authentication Error/Incorrect Permissions with Perform Script on Server

Question asked by jgill@occu-med.com on Sep 4, 2014
Latest reply on Aug 16, 2016 by DanielSmith

Summary

Authentication Error/Incorrect Permissions with Perform Script on Server

Product

FileMaker Server

Version

13

Operating system version

Windows Server 2008 R2

Description of the issue

After calling Perform Script on Server script step, the script either, a) runs successfully but with the incorrect permissions, or b) displays an error in the Server Event log that states authentication failed to the database in question

Steps to reproduce the problem

This requires two hosted files, with File A referencing a Table from File B.

1) In file A, create script that calls a 'Perform Script on Server' script step
2) Within PSoS script, create script steps that 'Go to Layout' of a layout with a TO from File B and then an 'Exit Script' that returns: Get ( AccountPrivilegeSetName), Get ( AccountExtendedPrivileges ), Get ( AccountName ), Get ( CurrentPrivilegeSetName )
3) Set a 'Show Custom Dialog' Script Step with the first script that displays the result of the PSoS Get ( ScriptResult ) script step.
5) In File B, create an Privilege Set called 'CustomPrivilegeSet'
6) Create an account called 'FilemakerCustomPrivileges' and give it the 'CustomPrivilegeSet' Privilege Set
7) Disable all other Privilege Sets & make sure the 'fmapp' Extended Privilege is enabled
5) In your AD server, create an AD Group with name 'FilemakerCustomPrvileges'
6) Add a user account to above group
7) Login 'testuser' to first hosted DB
8) Run above script

Expected result

Get ( AccountPrivilegeSetName ) = 'FilemakerCustomPrivileges'
Get ( AccountExtendedPrivileges ) = 'fmapp'
Get ( AccountName ) = 'testuser'
Get ( CurrentPrivilegeSetName ) = 'CustomPrivilegeSet'

Actual result

Get ( AccountPrivilegeSetName ) = '[Read-Only Access]'
Get ( AccountExtendedPrivileges ) = 'fmapp'
Get ( AccountName ) = 'testuser'
Get ( CurrentPrivilegeSetName ) = '[Read-Only Access]'

Exact text of any error message(s) that appear

"Client " - () [127.0.0.1]" authentication failed on database "recordAccessLog.fmp12" using " [fmapp]".

"Client "PSoS • Lock/Unlock Record (checkType;LayoutTableName;RecordID;UserName;transactionID) - jgill 3370 (SANTACLARA) [127.0.0.1]" authentication failed on database "recordAccessLog.fmp12" using "jgill [fmapp]".

Configuration information

I found a very similar issue that is described as 'Resolved'

http://forums.filemaker.com/posts/29d7118497?page=1

Obviously this is a multi-file solution using External Authentication via Active Directory.  Hosted using Filemaker Server 13 Advanced on Windows Server 2008 R2.  I have disabled ALL Privilege Sets in File B except for [Full Access] and even tried adding the Full Access user as 'automatically login as this user' and this does not resolve the issue.

The odd part is that some of my users ARE able to get the correct access to the file, but the majority of them cannot access it.

Workaround

Open the file directly via 'Open Remote' dialog and the correct permissions are assigned.

PSoS_Scripts.png

Outcomes