10 Replies Latest reply on Sep 28, 2016 12:50 PM by smith7180

    FMCloud: "List only the databases each user is authorized to access"

    smith7180

      On FMS15 in the database server security settings we can enable the following option:

       

      List only the databases each user is authorized to access to display only the databases for which the user has access privileges.

       

      I'm not seeing this option on the FileMaker Cloud console, but I'm really hoping this functionality has been carried over.  Any ideas?

       

      Thanks.

        • 1. Re: FMCloud: "List only the databases each user is authorized to access"
          TSPigeon

          smith7180:

           

          Thank you for your post!

           

          Hiding files in the Open Remote Dialog / Launch Center is not supported with FileMaker Cloud at this time. I was unable to find documentation on this, but I will look into it.

           

          TSPigeon

          FileMaker, Inc.

          • 2. Re: FMCloud: "List only the databases each user is authorized to access"
            smith7180

            I've been fooling around with it for a bit now, and indeed it appears this option is gone.  All users can see all databases.

             

            I LOVE everything about FM Cloud and their corresponding linux m4 instances (1/3 the price of windows), but this single issue will prevent us from deploying on FM Cloud I'm sorry to say.  Otherwise I'd be sorely tempted to brave early adoption hazards and move everything over to cloud.

             

            That gorgeous console.

            • 3. Re: FMCloud: "List only the databases each user is authorized to access"
              DavidJondreau

              A couple things....

               

              One is that with FMS 15, you're not supposed to be hosting different clients. One client per server. If you've got one client with different users and you don't want them see other files, that's ok.

               

              The second is you can set a file to not be visible in the "Open remote..." dialog. It can still be chosen if the user knows the name, it can still be favorited, opened with a opener file, etc. It just won't show in the Open Remote... I personally, think this is way safer than leaving it visible and either requiring authentication to view files  or not.

               

              Having the files visible and requiring authentication actually makes certain types of attacks easier. Primarily because a) if you guess a user/pass combo right, then you know all the files that user/pass will authenticate b) there is no logging of failed attempts (though you've got click on the host again after 5 failed attempts).

               

              Something to think about...

              • 4. Re: FMCloud: "List only the databases each user is authorized to access"
                dtcgnet

                David Jondreau wrote:

                 

                b) there is no logging of failed attempts (though you've got click on the host again after 5 failed attempts).

                 

                 

                On FMS, I see events of types of "Warning" and Events listed as 661 and the user's IP when authentication fails. A rogue user could keep trying forever, as you point out.

                 

                It IS important that companies with multiple hosted solutions be allowed to properly filter out what users see. If Cloud doesn't have that ability yet, I hope it gets added quickly. FileMaker Cloud is going to be an incredible offering.

                 

                Thanks for the teaser about the console! I'm anxious to give it a go with the Trial.

                • 5. Re: FMCloud: "List only the databases each user is authorized to access"
                  smith7180

                  dtcgnet wrote:

                  I'm anxious to give it a go with the Trial.

                  It's awesome.  The console is just the appetizer.  The notifications, monitoring, and updates are great.  Though, of course, the killer feature is the 1/3 price m4.x_ Linux instances.  An M4.xlarge is $65/month with a 3-year reservation.  Set up was quick and easy. 

                   

                  I don't really blame them for not including something like "List only..."  That feature probably doesn't see as much use since the changes to FileMaker's hosting policy.  For those of us who do use it, it is simply a requirement.  It's a shame cause I have to go ahead and pull the trigger on some 3 year instances for FMS.  Those won't, to my knowledge, transfer to FM cloud since they're Windows instances.

                   

                  Regardless, FMI is killing it.  FLT + FMCloud is giant leap from the FileMaker 14 platform imo.  And my FMPA client self updating itself today? So nice.

                   

                   

                  • 6. Re: FMCloud: "List only the databases each user is authorized to access"
                    philmodjunk

                    I would think that you could get around this limitation fairly easily.

                     

                    Make exactly one file visible and use it as a "Doorkeeper" or "Master Menu" that lists the files for which the current user is permitted access with buttons to select to open the desired file. That doesn't sound like a terribly hard thing to do.

                    1 of 1 people found this helpful
                    • 7. Re: FMCloud: "List only the databases each user is authorized to access"
                      dtcgnet

                      Before you pull any triggers on licensing, there is a BYOL (Bring Your Own License) option. Look into it, but to me it looks like you could transfer those Windows licenses to Cloud licenses.

                       

                      Sent from my iPhone

                      • 8. Re: FMCloud: "List only the databases each user is authorized to access"
                        DavidJondreau

                        "On FMS, I see events of types of "Warning" and Events listed as 661 and the user's IP when authentication fails. A rogue user could keep trying forever, as you point out."

                         

                        You get that error when someone fails to authenticate when logging into a database. There is no error when someone fails to authenticate to view the database list.

                        • 9. Re: FMCloud: "List only the databases each user is authorized to access"
                          dtcgnet

                          David Jondreau wrote:

                           

                          "On FMS, I see events of types of "Warning" and Events listed as 661 and the user's IP when authentication fails. A rogue user could keep trying forever, as you point out."

                           

                          You get that error when someone fails to authenticate when logging into a database. There is no error when someone fails to authenticate to view the database list.

                          Very true and good point.

                          • 10. Re: FMCloud: "List only the databases each user is authorized to access"
                            smith7180

                            Would this be a workaround of sorts?

                             

                            1. Check "Don't display in launch center" for the file.
                            2. Distribute database to users with an FMP// link
                            3. Remove "Share with FileMaker Clients..." from the file's menu set so that they cannot unclick "don't display in launch center." 

                             

                            Thanks.