I have developed a FM12 solutions that another FileMaker dataabse needs to access.Done plenty of multi-file solutions in the past but the issue here is that the second file has been developed by an inexperienced user and the security of it is not under my control - for example all current accounts in this second file have been given full access privileges!
After some investigation I had hoped there may be away to allow this - essentially creating the same account names in my solution but with restricted access through privilege sets (which works fine when the user opens my file to access a related record) - but I'm now having my doubts. I followed the steps suggested in the FileMaker Training Series - but I find while they identify the security issue (p8-7)
A user who has access to the data in your file through an external file reference will still be bound by the restrictions of their privilege set (thus unable to view or edit data that is outside of their privilege set), but they could create a layout in the external file showing the raw data of your FileMaker Pro file.
Enabling the "Require full access privileges to create references to this file." under File Access on my file does not behave as suggested:
You have now locked access to your file. Only someone with full access privileges in both an external file and this file can create external table occurrences from this file in other files. Users with lower privileges will not be able to create references to this file, but will be able to use any table occurrences based on references to that file that already exist.
Presumably becuse my file has authorised access from the second file the above does not hold true - ie a test user account with full access to second file and restricted access to mine can still "create a layout in the external file showing the raw data" from my database.
If I deauthorise this file's access then I find the statement that they "will be able to use any table occurrences based on references to that file that already exist" does not hold true (instead they are prompted to enter full admin login to my file).
I'm not sure if I'm missing something here or if this area of security is problematic (seems possible from browsing a few other posts here).
I guess I have the option of locking down security at the field level and running scripts with full access privileges but it's not my preferred solution.
Any other ideas or feedback?