thornburg

Add FMNET access to built-in Privilege Set doesn't prompt for password

Discussion created by thornburg on Jan 13, 2016
Latest reply on Apr 12, 2016 by TSGal

Product and version

FMPA 13 & FMPA 14 with FMS13 and FMS14


OS and version Mac

OS X 10.10 (client), Windows Server 2012 R2 (Server)


Description

Generally, when making changing to anything in the Security dialog, one must enter a valid admin (Full Access) credential in order to exit the dialog & save changes.

 

If you add or remove "Access via FileMaker Network (fmapp)" to/from one of the built-in privilege sets (such as "[Read-Only Access]", you can exit the dialog and save the change without being prompted for a password.

 

Perhaps not a huge deal, since you need Full Access in order to enter the dialog in the first place, but it still seems like a bug.

 

How to replicate

Open a file, open the "Manage Security" dialog.

Add or remove "Access via FileMaker Network" from [Read-Only Access] on the Privilege Sets tab.

Close the dialog.

You will not be prompted to enter the Full Access credentials.

 

I only tested this with hosted files, because I don't really use local files.  I suspect it would work there as well.  Likewise I only tested with FileMaker Pro Advanced, because I don't use the regular Pro client.

 

 

If this is intended behavior, please explain why it does this--it seems like a security vulnerability (albeit an extremely minor one).

Outcomes