move the security one level up, instead of hammering on Filemaker, track who is allowed to create new privileges and users.
Compliance ? Compliance Team ? Of course, if you guys are that paranoiac, you will have the last 200 backups of the databases. Use them.
But I still need the information from the Database Design Report... who belongs to what privilege set and what are the Internal FileMaker users/Active Directory groups that have the roles.
I can log on and run the report manually once a week, but that's stupid when I should be able to set it up to email it to me instead automatically. [Assuming that's possible]
"[Assuming that's possible]"
It is not.
And presumably a security risk to email this kind of information?
Like, +27 ...
Well that's possible, but not with server itself, but with a Mac OS X Filemaker Client
I did it with a mac fm bot + applescript GUI scripting (just the did the ddr part, but mailing would be straight forward)
And you can mail securly if you zip the DDR with a strong password before sending
maybe you could even parse out the accounts / membership with some command line
So you suggest leaving around an unattended computer with FMPA, logged into the solution with Admin account ?
In my case the bot was on the server itself, which means you need to have physical access to the server itself (if thats' the case that's already pretty bad).
But obviously your concern is valid and it amphezise the need that server should be able to create the dir itself automatically.
But since it's automated, you can do whatever you want.
You're not bound to work on live files either.
Friday night the server could send a backup (zipped with crypto) to a remote machine (perhaps the dev home machine), and then still in the night that other mac could do the dir.
anyway, my post was just meant to give the gentleman options
Thank you all for your comments. I think Vincent wins the Correct Answer award from me, though I wish FileMaker Server could just pump one out itself... I don't have it running on OSX so AppleScript is not an option but maybe I can think of some Windows way to do it.