2 Replies Latest reply on Oct 7, 2010 8:30 AM by etripoli

    Copy accounts between databases?

    TimJohnston

      Title

      Copy accounts between databases?

      Post

      I've set up user accounts the way I'd like in one of our databases. Is there any way to copy those security settings to our 15 other databases?

      Or, is there a central way in FMP to have one set of accounts to access all databases?

      Thanks in advance!

      -Tim

        • 1. Re: Copy accounts between databases?
          FentonJones

          Yes, you can "copy Accounts", but it requires scripting. There is a New Account script step; you must provide a unique name for the Account and a Password. 

          You cannot "read" the current Accounts. You have no script or functional access to read existing Accounts.* Which is often a PITA, but necessary for security (I suppose). So you would need a table with that information; a "users" table.

          I don't know specifically what "security settings" means to you. It is too general a term. There are Privilege Sets, which determine what the group of Accounts with that Privilege Set assigned can do. There are many settings, and many of them are specific to that file, to those tables and fields, layouts, scripts and value lists. So there is no way to "copy" from one file to another; they must be created manually for each file (unless you have some kind of "robot" application to do that).

          What you can do is to create the few necessary consistent Privilege Sets, modified to fit that file's objects. Then create Accounts by script in each file, assigning each a consistent Privilege Set in each file. You can have fewer Privilege sets in small specialized files (such as "Manager" and "User"). In other words, by "consistent" I mean consistent in level of restrictions for the general group of people.

          * The only scripted way I know of to see whether an Accounts exists in a file is to use the Relogin step (which also requires the password). If it succeeds, then that Account and PW are active in that file. If not, you can create it. The Delete Account step requires only the name of the Account. These scripts must [x] Run with Full Access (or the subscript that uses "account" script steps).

          This is an example file I created (a long time ago, FileMaker 5 I think).

          Account_PW_creation.zip

          There is an alternate more secure method, where you do not store the passwords in the file, but just use a generic one, then use the option [x] "User must change password on next login." Only the user knows their password. If they forget it, then Delete & Create their Account again, in all files. Does not take long.

          I would still store their Account Name (except in very secure environments). Because the function Get (AccountName) is very useful, and it needs something to compare it to. It can be used to control View and Edit access to table records, via users' Privilege Set record access settings.

          • 2. Re: Copy accounts between databases?
            etripoli

            There are 3rd party programs Security Administrator, or you can use External Authentication, with something like LDAP for authentication.