13 Replies Latest reply on Mar 17, 2017 12:04 PM by philmodjunk

    Opening Multiple Files without entering password three times

    dataWolf

      I read the chunky reasons NOT to auto-login. Here is my scenario.

      I have file #1. I also have two other files. The reason they are separate is because they are different conceptual "objects", I thought it nicely compartementalized the data, and 100 layouts and scripts for mostly unrelated data would be overwhelming.

      Some users only need to view table 1, though their layouts do use fields from 2 and 3. This means for it to work I have to create accounts for them in three different files, which I consider neanderthal and clumsy. Users come and go so this would not be a one time account creation.

       

      Anyone got suggestions on how to let people log in to one file and get access to other without creating multiple accounts for many people where they have to enter their password three times. Can I trap their password and transfer it? I mean I guess I could if I had them enter it into a text but I don't want to know their password. I want to transfer their password/account without me knowing it. Otherwise I was starting to build an autologin with minimal access that then prompts them to login to only one file, but now I'm afraid I'll get yelled at

        • 1. Re: Opening Multiple Files without entering password three times
          pfroelicher

          Hi Wolf,

          you could make a startup file, which, in a script opens the other involved files.

          When the user logs into your startup file the name/passwort is automatically passed onto the to files to be opened. Pierre

          • 2. Re: Opening Multiple Files without entering password three times
            davidhead

            If one file is open with the user credentials tries to open another file, then FileMaker Pro will initially try the current user credentials to open that file. If they exist, the file will open without prompting the user. If they are different (say the same account name but different password), the user will be prompted to authenticate.

             

            So the answer is that each account must be set up and maintained in all three files. It is possible to script the processes such that the admin creates the account and the user maintains their account through one master file. All account creation and modification is propagated to the other files automatically.

             

            I set this up once many years ago for a 65 file solution -- if the user changed their password, it was updated in the other 64 files! Pretty cool when I got it working.

            • 3. Re: Opening Multiple Files without entering password three times
              philmodjunk

              Unfortunately, the scripted replication of credentials across multiple files has some rather unfortunate limits:

               

              It doesn't work for externally authenticated accounts.

               

              It doesn't work for full access accounts--I can see some logic here, that might be seen as too big of a security risk, but it's a real pain in multi-file solutions (try over 100 files in ours) when you want to grant a contract developer their own temporary account to use while working on their assigned project.

              • 4. Re: Opening Multiple Files without entering password three times
                wimdecorte

                philmodjunk wrote:

                 

                Unfortunately, the scripted replication of credentials across multiple files has some rather unfortunate limits:

                 

                It doesn't work for externally authenticated accounts.

                 

                It doesn't work for full access accounts--I can see some logic here, that might be seen as too big of a security risk, but it's a real pain in multi-file solutions (try over 100 files in ours) when you want to grant a contract developer their own temporary account to use while working on their assigned project.

                 

                That would be a classic case of using EA... once you've added the group you don't need to touch the FM files again.  The chance of groups changing is far less than the chance of individual accounts changing.

                • 5. Re: Opening Multiple Files without entering password three times
                  philmodjunk

                  Perhaps you missed my comment that it doesn't work for EA. Yes, it helps greatly to reduce the number of accounts, but you still have manually create them.

                  • 6. Re: Opening Multiple Files without entering password three times
                    wimdecorte

                    I don't think I missed anything.  I was reacting to this:

                     

                    philmodjunk wrote:

                    but it's a real pain in multi-file solutions (try over 100 files in ours) when you want to grant a contract developer their own temporary account to use while working on their assigned project.

                     

                    If you have a dev EA group in each file then adding/removing a contract developer is a snap.  Depending on your directory service of choice you can even limit the hours in a day they can connect and all the other good things that come with leveraging the directory service.

                    1 of 1 people found this helpful
                    • 7. Re: Opening Multiple Files without entering password three times
                      philmodjunk

                      That's interesting, but will have to check. It was my impression that "full access" was not an option for an AD account either.

                      • 8. Re: Opening Multiple Files without entering password three times
                        peterdurant

                        I am having the same problem I think.  I have posted on it previously but still have yet to figure it out.

                         

                        In my solution, I have external FM data sources on the same server (FM Cloud) that are only needed occasionally, but for some reason when a report is pulled (even if it is unrelated to the external data source) UN and PW's are required for the external files.

                         

                        It didn't start for me until I upgraded to FMP15 and put it on FM Cloud.  Don't know if one of those events are the problem.

                        • 9. Re: Opening Multiple Files without entering password three times
                          wimdecorte

                          philmodjunk wrote:

                           

                          That's interesting, but will have to check. It was my impression that "full access" was not an option for an AD account either.

                           

                          It works. But it has to be considered carefully from a security point of view and relies on a good level of defense on the actual physical files and their backups.

                           

                          Using an EA full access group is vulnerable to 'domain spoofing'.  If I can guess your AD/OD dev group name AND I can get a copy of your file then I can recreate that same group name in my AD/OD and will have automatic full access to your file.  FMS does not do a domain name check, just a group name check.

                          1 of 1 people found this helpful
                          • 10. Re: Opening Multiple Files without entering password three times
                            jormond

                            A [Full Access] AD group does work. We use it all the time. Guessing our group name would be...well...very challenging.   In addition our network and server are highly secured. So secure, that even sometimes we can't even get in!!! LOL

                            • 11. Re: Opening Multiple Files without entering password three times
                              ByteTheBullet

                              A full access account can absolutely be handled via external authentication- we use it in just about every Filemaker solution at my work (FileMaker Pro and Server 13, 14, and 15).

                               

                              The biggest issue we've run into is when our Active Directory system has hickups, so we also have a full access native Filemaker account in all of our solutions so that at least some one can get access if AD is behaving badly.

                              • 12. Re: Opening Multiple Files without entering password three times
                                dataWolf

                                davidhead and others imply there is some way to indeed create new accounts with password in bulk across multiple files but don't indicate how. How to create accounts with password across multiple files? I figured out how to do this by having them enter a password into a text field but I don't consider that secure so I don't want to do that.

                                • 13. Re: Opening Multiple Files without entering password three times
                                  philmodjunk

                                  Have them enter the password into a global text field--on a server, that value will disappear when the file is closed. This also makes the value easier to access by scripts. You can set up the same basic script in each secondary file and use perform script to both call that script and to pass the account name, password and any privilege set info as a script parameter to that sub script in the secondary file.