This is a feature, not a bug.
To make these changes in Security, you must authenticate with an internal FileMaker account with Full Access privileges.
Please see the following description of why.
On May 18, 2016, at 13:53, emurphy94108 <email@example.com> wrote
Can't edit privilege sets with externally-authenticated account with full permissions
created by emurphy94108 in Discussions - View the full discussion
External authentication via Active Directory is turned on for our databases. If I want to manage security, I can authenticate as an external account with full access privileges. However, as soon as I click on the "Edit" button to edit a privilege set, I can no longer save my changes or exit from the "Manage security" dialog by authenticating via an external account. This means I must have at least one internally-authenticated account with full access privileges, or I'll be unable to edit privilege sets. Is this expected behavior?
I suppose. Although since an EA account can view accounts and privileges (and hence discover the names of AD groups otherwise not exposed in the FM interface, which results in a security risk if someone copies the file to another system running AD and simply duplicates the name of the security group without having to know the password associated with that group, it seems that if you're going to prevent an EA account from changing privilege sets or adding accounts anyway, then logically only internally-authenticated accounts should be able to manage security in the first place.