Is it possible to have custom record privileges for an external FileMaker Data source?
I want to configure viewing restrictions through the Security tab on records from an external FileMaker data source.
You need to create matching privilege sets in the other filemaker file you are referencing, then control the record settings there.
Record level privilege settings are calculated inside of whatever file the root base table lives in, you can't control privilege settings on table occurrences or shadow tables.
If for some reason you don't have access to the other file at all (or it's something like ESS/ODBC), then it is possible to create "virtual privileges" based on layout and field level script triggers instead of under the manage security preferences dialog. It's a lot more work, but it *is* possible.
Is it possible to create Custom privileges to view/create/delete records that meet a criteria. F.e. ID = $$ID but that the global variable resides in the filemaker file that has the external FileMaker data source in the relational graph? This would result in only showing the records that meet the value in $$ID in the FileMaker File that has the external FileMaker data source in the relational graph.
For reliability, you would have to pass the global variable context to the external file as well. Which shouldn't be a problem since you'd have to open the external file anyways to access the data in it (FM will automatically do it if you don't, but you can proactively do it in an "eager loading" style).
Be aware that there are a variety of ways a user could view and manipulate the value of a global variable especially prior to 17.
A field would be safer because you can control access. I would not give the user edit privileges for this field, which means it would have to be edited by a script with full access privileges granted, and this script must be in the source file. That script would be called as a subscript from your main file. It would have to have some validation logic to prevent a malicious user from executing that script and passing any value they wish. There are a number of ways things can go wrong so if security is important to you I would recommend consulting with an expert on this implementation.
Retrieving data ...