2 Replies Latest reply on Jan 14, 2016 6:13 AM by ByteTheBullet

    "Service Accounts" For External Data Sources?

    ByteTheBullet

      I'm wondering if there's a way to assign a specific set of credentials to be used when accessing a remote FileMaker data source, much like how a system DSN can store a set of credentials to use when accessing an ODBC data source.

       

      We're working a number of solutions that are modular in nature, and I was hoping to be able to use one, low-permission account to read and/or write data from a given remote data source, instead of using the current user's credentials to access that remote data source. While I'm pretty sure I accomplish more-or-less the same thing via duplicating all of the Active Directory groups that are current used, and just changing what permissions they have from file to file (and probably adding a few more groups to differentiate users that should have more access in one file than another), I'd much prefer to set up a FileMaker native account that only has the exact permissions I need it to have.

       

      Does anyone one have any suggestions or advice on how something like this could be set up?

       

      Thanks!

        • 1. Re: "Service Accounts" For External Data Sources?
          wimdecorte

          Not entirely sure I follow you, but it seems like you are over-thinking this.

           

          You can definitely assign different privileges to the same "role" (= AD group) in different files.  So one AD group can have "read/write/delete" rights in one file an d only have "read" rights in another file.

           

          From your description: it is not the Account that decides what a user can do, it is the priv set assigned to that account.  So while the same account can exist in multiple files, it does not mean it has to have the same priv set (=rights) in each file.

          • 2. Re: "Service Accounts" For External Data Sources?
            ByteTheBullet

            Yes, I know that different AD groups can be assigned to different privilege sets in different solutions.

             

            What I specifically would like to do, though it appears that there is not a way to do this, is have one solution where a variety of users log in using their own AD credentials, have that solution use a different solution as an external datasource, and use a FileMaker-native account for solution 1 to access solution 2.

             

            As I mentioned, it's essentially mirroring how we use ESS data sources, where access credentials can be included in the system DSN.

             

            It seems that the only way to do this is to use ODBC, which I don't want to do for a FileMaker external data source.