The FileMaker 17 help has the following text about protecting files:
I think the help description is insufficient, as there appears to be a way to work around this. I believe the help should link directly to other security steps as well.
Also, I think there is a bug relating to plug-ins, described below.
Imagine you have a file open that is secured with a variety of accounts AND you have the "Require Full access..." setting checked in File Access:
1: open any file where you can write a script or open a data viewer.
2: install a plugin that can execute scripts (very common as the execute script code is in the sample plugin code). BaseElements plugin is used here.
3: ensure this file is the front file and the file requiring full access privileges is in the background.
Create a script that executes the following code or simply add it to the data viewer
BE_ExecuteScript ( “script name" ; “file name” )
where "script name" is the name of one of the scripts in your secured file and "file name" is the name of the secured file.
If you don't know the names of the scripts, you could probably run ScriptNames(fileName) to find out a list, though depending upon other security settings, you many not see this list.
The bug appears to be that scripts in the "require full access..." file can be triggered by a plug-in from a non-authorised file regardless of the File Access setting.