5 Replies Latest reply on Nov 26, 2015 4:23 AM by beverly

    Security - User access groups/accounts


      Hi all.


      Am not pleased with my solution so far when it comes to my user access groups.

      What I have today is:

      • Admin - full access
      • Edit - full access
      • Look - read access only
      • Guest - disabled



      We are only using the filemaker 14 clients. 15 users. Some are admins, some are editors and most of them are viewers (Look account).

      The reason the Edit account is a full access account is because that user need to be able to do everything except admin edit. The normal  "Data Entry Only" access group in some cases doesn't allow the user to do all that she needs, so I needed to change it to "full access".


      This solution isn't the best. And safe. so I don't like it.. :/

      Am trying to understand all the options under the sets. but I must emit some I have no clue what they even is used for.


      So my question is, do anyone know a best practice / good guide for me to learn this ? or simply have a good suggestion on how I should solve it ? =)

        • 1. Re: Security - User access groups/accounts

          clearly define what you mean by "do everything except admin edit". Do you mean that you don't want "Edit" to change/delete Admin password (or all passwords)? What else?


          Remember that "[Full Access]" means that everything can be deleted (scripts, layouts, tables/fields, and data).


          Perhaps you need to reconsider.


          A good tutorial on Security is the FTS (FileMaker Training Series - Adanced), Module 7



          You can also search for videos and other tutorials on setting up FM Security.



          • 2. Re: Security - User access groups/accounts

            It looks like you're trying to fit your user roles into the pre-defined Privilege Sets that automatically install in every database. You will usually need to define additional Privilege Sets in the solution beyond those. I rarely use the defaults, except for [Full Access].


            To define additional priv sets, you have to use the Detailed Setup option in the security dialog:


            Screen Shot 2015-11-25 at 8.06.28 AM.png


            Then click the Privilege Sets tab and click "New":


            Screen Shot 2015-11-25 at 8.07.35 AM.png


            Keep in mind the separation: Accounts define who can get into the database. Privilege Sets define what they can do once they're in.


            And do follow Beverly's advice: Read through the Security module in the FTS.





            • 3. Re: Security - User access groups/accounts

              If you need to give someone the authority to create or remove a user, which requires 'full access privileges' you can set up a script to run with full access privileges even though the user may be granted a lesser authority.


              If you right click on the name of a script in the script editor you can set that script to run with full access privileges. It only works for the user in the script, doesn't change their privileges.

              • 4. Re: Security - User access groups/accounts

                Thanks for your reply..

                Sorry for that bad sentence =D.. was going to say "need to be able to do everything except edit the layout."

                • 5. Re: Security - User access groups/accounts

                  Ok! follow the links I'd posted to get more information on how to disable layout editing. I recommend that you create a new "dummy" database to play around in the Security settings. That way you can just throw it away if something goes wrong! Use one of the Starter Solutions if you wish to test the Security.