14 Replies Latest reply on Aug 16, 2016 11:05 PM by DanielSmith

    Authentication Error/Incorrect Permissions with Perform Script on Server

    jgill@occu-med.com

      Summary

      Authentication Error/Incorrect Permissions with Perform Script on Server

      Product

      FileMaker Server

      Version

      13

      Operating system version

      Windows Server 2008 R2

      Description of the issue

      After calling Perform Script on Server script step, the script either, a) runs successfully but with the incorrect permissions, or b) displays an error in the Server Event log that states authentication failed to the database in question

      Steps to reproduce the problem

      This requires two hosted files, with File A referencing a Table from File B.

      1) In file A, create script that calls a 'Perform Script on Server' script step
      2) Within PSoS script, create script steps that 'Go to Layout' of a layout with a TO from File B and then an 'Exit Script' that returns: Get ( AccountPrivilegeSetName), Get ( AccountExtendedPrivileges ), Get ( AccountName ), Get ( CurrentPrivilegeSetName )
      3) Set a 'Show Custom Dialog' Script Step with the first script that displays the result of the PSoS Get ( ScriptResult ) script step.
      5) In File B, create an Privilege Set called 'CustomPrivilegeSet'
      6) Create an account called 'FilemakerCustomPrivileges' and give it the 'CustomPrivilegeSet' Privilege Set
      7) Disable all other Privilege Sets & make sure the 'fmapp' Extended Privilege is enabled
      5) In your AD server, create an AD Group with name 'FilemakerCustomPrvileges'
      6) Add a user account to above group
      7) Login 'testuser' to first hosted DB
      8) Run above script

      Expected result

      Get ( AccountPrivilegeSetName ) = 'FilemakerCustomPrivileges'
      Get ( AccountExtendedPrivileges ) = 'fmapp'
      Get ( AccountName ) = 'testuser'
      Get ( CurrentPrivilegeSetName ) = 'CustomPrivilegeSet'

      Actual result

      Get ( AccountPrivilegeSetName ) = '[Read-Only Access]'
      Get ( AccountExtendedPrivileges ) = 'fmapp'
      Get ( AccountName ) = 'testuser'
      Get ( CurrentPrivilegeSetName ) = '[Read-Only Access]'

      Exact text of any error message(s) that appear

      "Client " - () [127.0.0.1]" authentication failed on database "recordAccessLog.fmp12" using " [fmapp]".

      "Client "PSoS • Lock/Unlock Record (checkType;LayoutTableName;RecordID;UserName;transactionID) - jgill 3370 (SANTACLARA) [127.0.0.1]" authentication failed on database "recordAccessLog.fmp12" using "jgill [fmapp]".

      Configuration information

      I found a very similar issue that is described as 'Resolved'

      http://forums.filemaker.com/posts/29d7118497?page=1

      Obviously this is a multi-file solution using External Authentication via Active Directory.  Hosted using Filemaker Server 13 Advanced on Windows Server 2008 R2.  I have disabled ALL Privilege Sets in File B except for [Full Access] and even tried adding the Full Access user as 'automatically login as this user' and this does not resolve the issue.

      The odd part is that some of my users ARE able to get the correct access to the file, but the majority of them cannot access it.

      Workaround

      Open the file directly via 'Open Remote' dialog and the correct permissions are assigned.

      PSoS_Scripts.png