1 2 Previous Next 28 Replies Latest reply on Jun 24, 2013 3:17 PM by disabled_jackrodgers

    add user to running database?

    tunghua

      I am new to filemaker and this developer community, still have a lot of stupid questions, please help.

       

      Today I found that I can create different user to use database, and give them different privilege, this is very helpful for my case, but there is one thing I can not understand. It looks like I can only change this security setting at the time I design the database. But say if I have a database up and running on filemaker server already, the whole company is using it alrdady, and one day there is a new employee, I have to add a new user to the database, how can I do that, do I have to ask everyone to close file, then I can download that running database, then add a user, then upload that database to the server again? I believe there should be a better way but I just can not find out.

       

      Thanks a lot for your answer.

       

       

      Tunghua Tai, from Taiwan, Aisa.

        • 1. Re: add user to running database?
          AlanStirling

          Hi Tunghua

           

          If I remember correctly, this was the case with very early versions of FileMaker, but not with the more recent versions. Which version are you using?

           

          Bet wishes - Alan Stirling, London UK.

          • 2. Re: add user to running database?

            The simplest method to discover how is to try it...

             

            If you a [Full Access] user, then open File: Security and proceed to add a new account. It works even while the server is serving the file.

             

            What you do NOT want to do is to modify privileges on an open database since that might cause a  lot of confusion.

             

            You can add, delete and modify accounts while the server is serving. Is it a good idea?

             

            You can script the changing of the account in your open Pro file, or even revisions to accounts. Again, try not to make such changes to an account that is active and working with your file.

             

            Because you can do this doesn't mean that you should. It's always best to modify a file when you are the only one with the file open.

            • 3. Re: add user to running database?
              tunghua

              Hi Alan,

               

              Thanks for your answer, I just purchased version 12, I think I understand now, I was thinking the worng way.

               

              Very happy to talk to people from London, I was living in London for 2 years, I miss there so much.

               

               

              Tunghua

              • 4. Re: add user to running database?
                tunghua

                Hi jackrodgers:

                 

                Thanks for your answer, I think I understand now, I thought I can only manage data wiile running, didn't realise I can do the setting while running.

                 

                 

                Tunghua

                • 5. Re: add user to running database?
                  tunghua

                  Hi jackordgers:

                   

                  Can I ask another question, you mentioned that it's best to modify a file when I am the only one with the file open, but if I am developing a file these weeks, that means users can not use the file for weeks. for this problem my friend suggest I should seperate "UI" and "Data", while users are using UI1 to connect to Data1, I can make a UI2 to connect to the same Data1, this sounds logical, but I search the web I can not see any turorial suggest the same method, is this the right method to do? Or is there other way I can develop the system users are using the file? Because I have to let them use my system then they will respons to me where is not perfect so that I can change it.

                   

                  Thanks.

                   

                   

                  Tunghua

                  • 6. Re: add user to running database?

                    accounts can change most anything while the network is

                    running. However, this may not be wise and can lead to problems.

                     

                    For instance, I once many years ago changed a script used to update a

                    record while the bookkeeping department was doing a batch update that

                    involved that script...  Half of the records were updated old style and

                    half new style.

                    • 7. Re: add user to running database?

                      The two file method is quite practical albeit involving an extra step if

                      you want to add a field.

                       

                      And it let's you create separate interface files for each type of user

                      showing them only layouts they are entitled to see.

                       

                      It's easy to provide them with the latest updated GUI file or to swap in

                      the new one at night.

                       

                      Data File: only tables and a few scripts for managment.

                      GUI File: use TOs for the Data File and our scripts and layouts.

                      GUI File 2: same file but being revised.

                       

                      Close GUI 1, delete it, rename GUI 2 to GUI 1 and open it...

                       

                      Clone the new GUI 1 file and rename it to GUI 3

                      • 8. Re: add user to running database?
                        wimdecorte

                        Not touched on yet in this thread: account management can be kept entirely outside of FMS by using External Authentication, one of the more powerful features of FMS.  It lets you add / create / modify accounts used for access to the FM solution without ever touching the FM file.

                        Those accounts can live in Windows AD, OSX OD or locally on the FMS machine.

                        • 9. Re: add user to running database?

                          ...and we all know how secure Windows is...

                           

                          No expert but I wonder how easy it is to spoof an account and gain access?

                           

                          I've been working on an internal firewall in Filemaker that will stop a spoofer who can bypass windows security. and one who has gained knowledge of someone else's account and password.

                           

                          The easy path is not always the best path.

                          • 10. Re: add user to running database?
                            tunghua

                            Hi Jack:

                             

                            Thanks, I think I will use the 2 file method.

                             

                             

                            Tunghua

                            • 11. Re: add user to running database?
                              wimdecorte

                              jackrodgers wrote:

                               

                              ...and we all know how secure Windows is...

                               

                              No expert but I wonder how easy it is to spoof an account and gain access?

                               

                               

                               

                              You probably missed the point that EA is not Windows-only.  I did mention OSX AD and local accounts on the FMS box which can be both Windows or OSX.

                               

                              Security is a multi-factor approach that includes restricing physical access to the network, the server box and wherever the backups are kept.

                              • 12. Re: add user to running database?

                                Fortunately I don't have to deal with that but I am dealing with the problem of someone who gains access to the Filemaker database using an account name and password. My internal firewall is designed to be a last ditch effort of defense. Say Joe Badguy gets a hold of a good account name and password. I suppose all the stuff you describe are intended to stop him before he gets to the .fmp12 file. But that depends upon data that can be spoofed. Now my firewall comes into play.

                                 

                                ...and suppose someone gets a backup copy. Now my firewall will keep them out.

                                 

                                Which brings me to a current topic: finding a hippa compliant filemaker host for a Filemaker 12 file.

                                • 13. Re: add user to running database?

                                  OK, there are a few issues and tricks. Let me know if I can help.

                                  • 14. Re: add user to running database?
                                    debi

                                    Tunghua,

                                     

                                    The multi-file solution you are considering is commonly called "the Data Separation Model" in the FileMaker community. It has it pros and cons. For more information, I recommend you search things such as "DSM," "Data Separation," "Data Separation Model" and/or "Date Separation Method" (along with "FileMaker" if you're searching outside the FMI site).

                                     

                                    HTH,

                                     

                                    Debi Rubel
                                    FullCity Consulting

                                    1 2 Previous Next