AnsweredAssumed Answered

Users without [Full Access] privileges can modify scripts that have been granted Full Access rights.

Question asked by dtcgnet on Feb 14, 2019
Latest reply on Feb 21, 2019 by dtcgnet

Product and version (e.g. FileMaker Pro 14.0.3): FileMaker Pro Advanced 16, FileMaker Pro Advanced 17.

OS and version: Mac OS 10.13.4; 10.13.6

 

Description: It is possible for a user with a non [Full Access] privilege set to modify a script set to run with Full Access privileges, even though it should not be possible. The documentation says, "A script that is set to run with full access can only be modified by a user with full access."

 

How to replicate: Open a file, logging in with an account whose privilege set allows the user to modify at least one script. Open the Script Workspace. You will not be able to see script steps for scripts to which you have Execute Only rights. You cannot see script steps in scripts to which Run with Full Access privileges have been assigned.

 

Bug #1: Open the Script Debugger. The script debugger window will show "Your privileges do not allow debugging: Click the lock to authenticate." Click the lock and provide credentials for a Full Access account. Click on a script which your privilege set should not allow you to view or modify: You will be able to SEE and MODIFY all of the script steps in that script. Click on a script which runs with Full Access privileges: You will be able to SEE and MODIFY the script, even though your account does not have Full Access privileges.

 

Bug #2: Open the Data Viewer. The behavior will be the same as with #1: You will be able to see and to modify scripts which you should not be able to see or modify. The reason I call this Bug #2 is that the Data Viewer window, prior to entering the Full Access credentials, will say exactly what it says with the debugger, but it should say something like "Your privileges do not allow you to view data with the data viewer" instead of "Your privileges do not allow debugging."

 

Workaround (if any): No workaround. If, while logged in without Full Access privileges, you enter valid Full Access credentials in either the Script Debugger or the Data Viewer, every script becomes modifiable if ANY script is modifiable. After I've entered Full Access credentials in the Debugger or Data Viewer, FileMaker does NOT allow me to duplicate a script which runs with Full Access when I'm logged in with lower credentials, nor will it allow me to delete a script when I'm logged in with lower credentials. But if I provide Full Access credentials to the Debugger or Data Viewer, I can modify any script I want to modify. If I then close the Debugger or Data Viewer, the behavior in the Script Workspace returns to what it should be.

Outcomes