FM17: Full-access scripts fail with script folders visible

Discussion created by Dillik on Feb 8, 2019
Latest reply on Feb 26, 2019 by TSGal

This is a really weird bug, but bear with me: Under specific conditions listed below, a script which has been elevated to full-access privileges will perform as if full-access weren't enabled (producing the typical insufficient privileges messages the user would see if the script weren't full-access).


To reproduce:

  • Must be in FileMaker 17. I experienced the bug in both 17.0.2 and 17.0.4 but not 16. (Testing was done entirely in Mac OS, but on both High Sierra and Mojave. No Windows results to report yet.)
  • The full-access script must perform a script step which generates a dialog the user can interact with. Delete Record, Insert File, etc., as long as the dialog is enabled. (Performing without dialog prevents the bug from occurring.) To clarify, this dialog script step must be an operation the user shouldn't be able to perform with their normal privileges (so you can't use Show Custom Dialog as a test, because that isn't permission-locked). Delete Records with dialog works well.
  • The Scripts menu must have a visible folder. It doesn't matter whether the full-access script is within a folder or not, but the bug relies on having a folder visible in the Scripts menu. In fact, if the full-access script is within a folder and the folder is hidden but the script itself is visible in the Scripts menu, the bug doesn't occur. Just have one or more folders showing up in Scripts.
  • Perform the full-access script while logged in as a user who shouldn't be able to do the operation the script is performing. If all the above criteria are met, the script will fail (after the user interacts with the dialog) as though it lacks full-access privileges. Change any of the above criteria (hide all script folders, or suppress the dialog), and the bug goes away.


I have some users who strongly dislike the workaround of having to hide their beautiful folder structures, but hiding folders seems to be a better workaround for now than avoiding all use of dialogs in full-access scripts. Also, it would be fair to suggest using custom dialogs instead of the default confirmation dialogs, but while that's fine for Delete Record, there are plenty of other script steps (such as Insert File) whose functionality can't be replicated with a custom dialog.