Sign in to follow this  
Followers 0
Luis C. Urbina G

Manage User Accounts without give Administrator Rights

4 posts in this topic

Hi Everyone

 

I develop a FM-close-solution and I like that a selected user in the company, maybe The Manager or wherever can manage the user accounts, Adding, Deleting or modifing user in the FM-Solution like like me ("Admin"), but without Full-Access rights can do. I want that this user can not modify layouts, see scripts and see all my work.

 

In this moment they need call me when they need do it, but in the future I want give to them the possibility of manage the users without me. Is Possible using FM Manage Security or I need develop something that do it?

 

Thanks.

Share this post


Link to post
Share on other sites

If your solution is hosted on a FileMaker Server you should look into External Authentication.  It's there specifically for this.  The account management happens completely outside of the solution.

Share this post


Link to post
Share on other sites

You should look at scripting this feature. Then you can set the script to "Run with full access privileges" which will allow all the account management script steps to run as though the user was full admin.

Share this post


Link to post
Share on other sites

Does the scripting of security work in a Runtime?  I am not sure if I am doing it wrong or it does not work.  

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • By drrehak
      greetings all!  A question for the network security gurus: I have Supercontainer running in standalone mode.  My router has port forwarding to the machine (Mac-mini).  My credit card vendor requires security IP address scans and I am failing due to the port forwarding on the router.  what is best practice?  I am using a router flashed with Tomato Shibby.
    • By Scott Pon
      Hi All. 
      I'm trying to understand how this works in my environment.  We have Filemaker 13 Server, with FM Pro and FM Pro Adv clients.  We are in a Windows Server 2012 Domain.  
      So if I get an Ipad and connect it to the network, then download and install FM go, how does it connect to the FM server?  will there be a problem with the Domain? The Ipad doesn't join the domain. Since it isn't joined, it also wouldn't be able to access the fileserver to view PDFs on the fileserver.  is this correct?
      Extra question non-FM.  What concern do you have with the Ipad being hacked?  The Ipad would be on the network (even if it didn't get fileserver access).  It could cause a security issue.  
      thanks, not sure if I'm correct on these things.  so let me know if I'm wrong.
      Scott
    • By mbarrett65
      I currently have a Filemaker 15 solution running on Filemaker Server 15 Advanced. We are currently accessing the solution on Webdirect via VPN connection. I would like to open ports 80/443 so that users could access the solution without connecting to VPN. However, my IT department has flagged security concerns. My question is how real the security concerns are. I know that Filemaker Server 15 Advanced should be encrypting the data. Would that make a non-VPN connection secure? Thanks for any advice.
    • By cbum
      Our university hospital IT is mandating that all Mac servers that contain PHI be encrypted using FileVault. There is a longstanding and strong recommendation by FMI and posts on this board advising against this for FM server, although there are also some dissenting voices.
      The relevant passage on the FM Knowledge base pages (http://help.filemaker.com/app/answers/detail/a_id/9650) reads:
      "FileVault:  FileVault is a feature that performs on the fly encryption and decryption of data on your hard drive..  However, this added level of security requires additional processing power.  Because of this, it is recommended that FileVault not be used in conjunction with FileMaker Server and your FileMaker databases." (Last Updated: Jan 13, 2016 01:47 PM PST)
      2 points to mention: First, no discussion of actual incompatibility or corruption risk, just a requirement for extra processing power, suggesting this is simply a possible performance issue. Some of the comments I heard at Devcon and read here suggest much more serious issues - I would appreciate any information or discussion on the specifics here.
      Second, the way FileVault is described, i.e., "on the fly encryption ... decryption" suggests this entry and general discussions recommending against FV use are based on the old FileVault v1, which was replaced with FileVault2 in Lion (!) quite a few years ago. According to a discussion yesterday with Apple tech support (with escalation) the current FV2 uses encryption at rest, not on the fly, making it similar/equal to FM's own encryption offering, and this has been the case since 2011. (http://www.cnet.com/news/about-filevault-2-in-os-x-10-7-lion/)
      Nevertheless, a discussion with FM tech support yesterday revealed that FM's position on FV is unchanged, and they did not answer my question if this was based on testing with FV2 (with encryption at rest, which should have no performance or other impact on FMserver after the initial boot up) or simply reflects that FM has not revisited this problem since FV2 came out in 2011.
      I would appreciate some clarity on this issue. My IT security people are not satisfied with the explanations I tried to give them describing FM's position and are not willing to substitute their current requirement with a third party solution they know nothing about, unless I can give them a coherent and documented explanation.
    • By Rook183
      I am sure this is one of those simple ones… that has me bamboozled for nearly 2 days now.
      I need to limit access of my users viewing only a limited set of "Company" records after they log in. The companies that they are allowed to see are listed in each respective user's profile.
      My opening script goes to the user's profile and creates a global variable for each company that they are allowed to view.
      When I go to the "Manage Security > Edit Privilege Sets > Records > Custom Privileges > Limited > Script", and use any of those variables (e.g. $$Company01"), the records table returns no records at all (i.e. as if there were no matches). When I test the script and use text for any one (or several) of those companies by name (e.g. "ACME PTY LTD"), the access rules work perfectly.
      To be clear: The global variables themselves are correct. I know this this because they work in other scripts absolutely perfectly, so the variables DO match the names in the field.
      The script looks like this:
      $$Company = Table Manufacturer or 
      $$Company01 = Table Manufacturer or
      $$Company02 = Table Manufacturer or 
      $$Company03 = Table Manufacturer or 
      $$Company04 = Table Manufacturer or 
      $$Company05 = Table Manufacturer
       
      In every respect, the variable matches the actual text, but I can only imaging that there is a problem with my syntax?
       
      Please advise.
       
      Many thanks