4 Replies Latest reply on Oct 13, 2015 1:16 AM by m.swanston

    Restricted & Read-Only Access via Find



      OK, so whilst this is already partly working as is, it's come to light that some users can find and access records which they were not meant to. The department who owns the tool have now asked to see if this can be changed to allow all users to search for records across the entire dataset, but if outside of the records to which they have access, the records should be opened as read-only.

      Currently, the system has three types of user:

      • User - can only see/edit records to which they are a member (records are assigned to teams, so users have to be in the team to see the record);
      • Office_Admin - can only see/edit records in their office location (team members have office location stored and the location of the team lead is recorded);
      • Sys_Admin - can see/edit everything.

      In a recent training course for new users, it came to light that office admins can use the search facility (the tool has a search field provided) and this will find them records which are not in their location and low them access. This does not occur with the 'Users'.

      I'll explain how this is set up, so hopefully it will be clear what is going on:

      We have an Active Directory group set up for each level of user. In FileMaker Security, there are three External Server accounts, one for each user type and each account is assigned to the appropriate AD group. For each account, there is also an associated Privilege set assigned to it, and for each privilege set, there is an associated Extended Privilege set:


      When a user access the layout which displays the records they can see, this is the script that runs (which works without issue):


      At the top of the layout is a Find field, and currently Office Admins can find records outside of their allowed set, whilst Users cannot. They would like it that both Office Admins and Users can find records outside of their allowed sets, but these records will be accessible on a read-only basis. As I've mentioned before in my other posts, I did not write this, but support it for the business. I am learning on the job, and whilst I may need to get the external developers back to resolve, always try and find a solution myself before resorting to arranging that. SoIf anything is not clear, or if I can provide any further information, please do not hesitate to ask.



        • 1. Re: Restricted & Read-Only Access via Find

          Hello, Martin.


          I would suggest to you that this security model needs to be reworked, for a couple of reasons:


          1) Access to records should be controlled directly through Privilege Sets, not Extended Privileges and scripting.

          2) Global variables should not be used for security settings, because any user with a copy of FileMaker Advanced can alter their values in his current session and blow up the entire configuration.


          If I had inherited such a system, the first thing I would do is modify the record access privileges for each privilege set to match the desired access. I would then do away with the scripting and merely find records. FileMaker will automatically restrict the users based on their privileges.


          Homegrown systems like this are a chief source of security vulnerability. My recommendation is to go back and use the provided FileMaker security setup as it was designed.





          • 2. Re: Restricted & Read-Only Access via Find

            Hi Mike

            Thanks for your reply.

            Regarding point 2, this won't be an issue as there is only one copy of FMPA in the company on a VM, and all the user's PC's are locked down to installing non-standard software.

            But I take your other points on-board. My issue is understanding how to restrict access to records using Privilege sets to match the requirements, as I can't get my head around how to implement such a big change in the security model.

            It's not home-grown in that it was written by an external firm of FM developers but think this was added as a work-around to a late change in specification.

            I'm going to have to get some help as this isn't a small piece of work, and the user's wanted to know if the change was possible - especially as my very limited knowledge of Privilege sets doesn't seem to fit with the structure of the system.

            Thanks again


            • 3. Re: Restricted & Read-Only Access via Find

              Martin -


              In the Privileges dialog, set the record access to Custom. Then, you'll be able to create a calculation that has a Boolean result (true or false) that should be "true" if the user should have access to a given record.


              For example:


              Case ( table::teamLead = currentUserTeamLead ; 1 ; "" )


              will result in a "1" if the current record's teamLead value is equal to the user's. (Using your own field names, of course.) If you put that calculation under the appropriate areas in the Privileges dialog, it'll allow the appropriate access.


              I'm not near a computer at the moment (working off my iPad), so I can't give you more precise instructions. However, you should be able to poke about in the dialogs to find the right spot.





              • 4. Re: Restricted & Read-Only Access via Find

                Thanks Mike, that's useful.

                I'm in discussions with management about how we go forward but your comments have given us food for thought.

                Thanks again