Not sure exactly what you mean by "manage security" but I suspect it's not what an experienced develper would mean. To manage security is to make user accounts.
FMP alllows you to restrict access to tables and records: the abilty to view the record, the ability to edit the record, the ability to create new records in a table, the abilty to delete a record in a table.
Work out user ROLES and assign them access for view, edit, create and delete for each and every table. Each role becomes a privilege set.
Resist the temptation to create a lot of roles: the fewer the better.
Do LOTS of testing with the privilege sets especially if view privileges are restricted. You might, for instance, want one set of users to be unable to view sales data for dealers, yet want them to see overall sales figures. However, the calculations for the overall sales figures will require the dealer sales data, unless the sales data is somehow processed into another table or something. (Not that I recommend this approach: it mght be that the idea to show overall sales data is misguided.)
Thank you for your reply, an answer I'm sure by an experts...
However being that I'm not an expert, at best a rookie your experts explaination is useless to me, because I can't understand it.
Maybe I did not explain myself enough or correctly? In any case, thank you for your reply.
A full access account is set at the FILE level, not the TABLE level. So the only way to give a user full access to only one table, is to move it to a different file.
If you only need to give the user access to extended privileges, you can create a new account with that privilege.
Maybe you don't really need to give him full access - you just want him to be able to manage user accounts? You can do this through other means, but it will be challenging for a newbie.
First, you could use record level access privileges to restrict access to the dealer table. You can read about this in the FileMaker Help files, then post questions here - it is too much to provide full details in the forum. But the idea is that users can only access records in the dealer table if they meet some criteria - you will likely need a users table so you can set a field that allows access on and off. Then you could give alex permission to edit that field for different users.
These are just some ideas to get you started. It might be helpful if you could describe exactly what you want alex to be able to do. Do you want him to be able to add fields to the dealer database? To make changes to your relationship graph? Because full access will allow him to do that.
I am concerned about how many people you have already given full access to. I think you maybe don't understand totally what full access can mean. You are putting your database structure at risk if people who are not trained have that privilege level.
Hope that helps.
Thank you for your help....
I know I have a lot of testing and playing around with permission, just want to get this project done and that's the last part that I need to finish.
Here is exaclty what I want to be able to do.
The Total Consulting Group table ( I may be using hthe wrong wording, sorry ) Alex can write to any field, but can't delete or delete in the notes field.
I have tested and that works correctly.
What is confusing me is that I see that it's say ( Manage Security for Total Consulting Group ) so due to my lack of know how I wanted to know how I can change it so that it said Dealers, but now if I understand you correclty, that is not the case.
The access is in the pervilage group ( corect)?
Again thank you fo ryour explanation, it helped a lot.
I see - Total Consulting Group is the name of the file (database) and it is also the name of one of the tables in the file - that may be why you are confused.. You can change the name of any table ( in the tables list ) or table occurrence (in the relationship graph).
Yes - access can be defined in the Manage Privileges screen - Edit settings for the privilege set. You can restrict or create access for any user by which tables, records, fields, layouts, scripts, etc. they can access. But the access for all members of one privilege set is the same. What Vaughn was referring to by ROLES, is usually we set privileges by a group, such as Managers, Sales, Data Entry, etc. so that we can decide what access is needed for an entire group. We don't want to have a different security setting for each person, because it is hard to manage, and also if a new person is added or deleted, or their role changes, it is much easier to move "Joe" from Sales to Manager than to create a new privilege set for him.
I see what you mean, I do the same when I setup a Server, I careate a and UO ( organizational unit ) then I created a GP ( group policy ) and then I create the users. Then I add the users to the Group and give permission to that group.
I understand it much better now...
Thank you for your help.....