AnsweredAssumed Answered

Potential password reset security issue

Question asked by CharlesEngels on Sep 20, 2011
Latest reply on Sep 21, 2011 by philmodjunk

Summary

Potential password reset security issue

Product

FileMaker Pro

Version

11.0v3

Operating system version

Windows XP

Description of the issue

Cannot delegate account administration authority without creating potential security risk.

I want to reserve [Full Access] privileges for the database creator and delegate account management to an administration or coordinator account that has less than full access rights.  Setting up a script to use contact information contained in database records and scripts to create/enable/disable accounts and reset passwords requires allowing administrator account to execute script with full access rights.  Built in error checking prevents disabling the [Full Access] privilege account, but does not prevent resetting the full access account password.  I cannot find a way for the script to check the privilege set (of other user account) prior to resetting the password.  The administrator can therefore reset the full access account password and then log in using that account.

Outcomes