5 Replies Latest reply on Jun 27, 2013 3:50 PM by haucke

    Permissions issue

    haucke

      While resolving an issue with protecting records once they reach a certain stage within their life cycle (i.e. an archive flag set to 2). It was recommended that I leverage the security model to do this so I did but I am now running into a weird scenario...

      I set the permission at the record level and it is inspecting the arc flag for a 2. Everything appears to be functioning properly; the user gets yelled at appropriately ;-). The issue now comes from the container fields within the same layouts/tables. Since I have created the rule the container fields will not allow edits regardless of flag unless you are not in that special permission group. The special permission group does not get any message just no prompting for the insert (signature in this case). If I take a user out of that group and into admin group it works fine. Is there some sort of behind the scene process that is going on for container fields that I am not aware of?

        • 1. Re: Permissions issue
          haucke

          Ok, just found the answer my self, so those of you that may find yourself in the same boat...

           

          In the "Edit Privilege Set" screen there is an "Available menu commands:" setting.  Apparently that also affects the popup menu for container fields as well, so when I set to minimum it killed the popup menu for the container field.  Seems like that should be handled differently but it is what it is...

          • 2. Re: Permissions issue
            Malcolm

            In the "Edit Privilege Set" screen there is an "Available menu commands:" setting.  Apparently that also affects the popup menu for container fields as well, so when I set to minimum it killed the popup menu for the container field.  Seems like that should be handled differently but it is what it is...

             

            Well done. I haven't seen that issue myself but I have been caught out by similar issues when using a restricted menu set.

             

            The solution that I've found to be most complete also involves the most work. Create a custom menu set for the privilege set.

             

            malcolm

            • 3. Re: Permissions issue
              debi

              This is one of those things - much like the default number-type result in the calculation engine - that developers need to remember to change as necessary, preferably at the outset of creating a new privilege set - or a new formula. This particular defaut was new with v11 (http://help.filemaker.com/app/answers/detail/a_id/7574/~/miscellaneous-behavior-changes-in-filemaker-pro-11) and makes sense because it is safer for security.

               

              Also, custom menus (while wonderful) do not necessarily circumvent these settings. If your custom menu commands are mapped to existing FileMaker commands, privilege set settings (such as not being able to delete records for a given table) are still enforced.

               

              Debi Rubel

              FullCity Consulting

              • 4. Re: Permissions issue
                debi

                Hey, haucke,

                 

                Hope that didn't sound chastising - I realize you're getting started with privileges. One other piece of advice when setting up a new privilege set: turning on things such as Access via FileMaker Network under Extended Privileges, if the file is to be hosted. These are just two of the easy-to-miss "gotchas" related to security that I try to turn into habits to save time down the road.

                 

                debi~

                • 5. Re: Permissions issue
                  haucke

                  I did not take it that way...

                  With regards to security, coming from the Microsoft world I start by removing all permissions I can and then only open as needed.  I still do not see the connection between a "Menu" and a popup, but there is in this environment,  The people at FileMaker warned me about the difficulties I would have coming from a windows world...  This is just another bump in the road, not a road block.