AnsweredAssumed Answered

Filemaker Server appears to cache permissions

Question asked by demani on Dec 6, 2011
Latest reply on Feb 20, 2013 by demani

Summary

Filemaker Server appears to cache permissions

Product

FileMaker Server

Version

11.0.4

Operating system version

10.6.8

Description of the issue

Filemaker Server does not reflect changes made to Open Directory membership when a user connects to the database a second time. If a user is in Group A, logs in, logs out and then is moved to Group B, the user continues to have Group A privileges until the server OS is restarted. If I restart the server (the machine, not just FMS) then I am able to use the new permissions, but once I login changes to that users OD membership are not reflected.
Obviously this is a pretty bad situation since restarting the server when testing permissions and moving users between groups is an extremely inelegant solution. I don't think it is caching credentials per se (I can disable a user in OD and not be able to get in, and changing a password in OD does force the user to enter the new one), so I think it is passing the login info correctly, but I think it may be caching the permissions for the user-so changing the groups in OD doesn't show up in the Filemaker Server until the server machine is restarted.

Steps to reproduce the problem

Set up permissions in Filemaker linked to Open Directory groups.
Assign User to Group A.
Log in as User.
Log out.
Change OD group membership, putting User in Group B.
Log in as User.

Expected result

User should have privileges assigned to Group B after second login.

Actual result

User retains privileges assigned to Group A until server OS is restarted.

Configuration information

Groups in Filemaker match OD group names exactly (and this works for initial reading of group membership).

Workaround

Restarting the server OS will enable any changes to be used, but the problem persists.

Outcomes