Sign in to follow this  
Followers 0
Luis C. Urbina G

Manage User Accounts without give Administrator Rights

4 posts in this topic

Hi Everyone

 

I develop a FM-close-solution and I like that a selected user in the company, maybe The Manager or wherever can manage the user accounts, Adding, Deleting or modifing user in the FM-Solution like like me ("Admin"), but without Full-Access rights can do. I want that this user can not modify layouts, see scripts and see all my work.

 

In this moment they need call me when they need do it, but in the future I want give to them the possibility of manage the users without me. Is Possible using FM Manage Security or I need develop something that do it?

 

Thanks.

Share this post


Link to post
Share on other sites

If your solution is hosted on a FileMaker Server you should look into External Authentication.  It's there specifically for this.  The account management happens completely outside of the solution.

Share this post


Link to post
Share on other sites

You should look at scripting this feature. Then you can set the script to "Run with full access privileges" which will allow all the account management script steps to run as though the user was full admin.

Share this post


Link to post
Share on other sites

Does the scripting of security work in a Runtime?  I am not sure if I am doing it wrong or it does not work.  

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • AD account identification
      By aguest
      Hi,
      My FM database is using AD to determine whether a user has access to the db or not. Once logged in, I've used a set of tables & relationships to identify whether the user sees particular layouts, records within tables etc. This has been fine for the small number of teaching staff that have been accessing it to date.
      However, I'm now looking at expanding the db so that students are able to access it too. However, I really don't want to maintain a table with student accountnames (1500 students) in order to identify them as a student instead of a member of staff (default home page is different)
      Is there a simple way of doing this once they've logged in. Can FM pull AD credential such as the AD group name they belong to that will allow me to check if they are a student etc.
      Or is there something I'm missing and a way easier way of doing this?
      TIA
    • Multiple organisations contributing to same database - how to segregate data?
      By mike_eddie
      I've currently developed a database using the data separation model whereby I have an interface file, and a database file. The interface file is held locally on each computer using the database, and the database file is held on a server.
      There are going to be 3 - 5 different organisations all contributing data to the main database, but ordinary users should only have access to the data created by their organisation. Some "super-users" will have access to the combined data from all organisations. I currently have lots of reports which cycle through the database, analysing specific parts of the data and returning found sets. What is the best way to segregate out my data on an organisation by organisation level?
      Im trying to avoid having separate database files so that I don't have to make the changes to each file every time the database is updated?
      I thought about setting up access privileges, and storing the organisation name in every record of the database, then limiting the view, edit, delete privileges based on this field. However, upon reading through the various FMforums it looks like this would give me multiple records showing <No Access>. 
      Im basically trying to achieve:-
      User 1 from Organisation A logs on - database behaves as if specific to Organisation A
      Same for User 2 from Organisation B
      Super User logs on and can run reports on data from Organisation A & B combined
      Can anyone suggest an elegant solution?
      BW,
      Mike
    • Granular Approach To Specific Script Access
      By GisMo
      I'm trying to take a different approach to Roles and Script Access in a solution that a bit more flexible to change and create roles via the UI, not FMs native security. While "Hide Object When" is very useful, it's not always practical especially when there are multiple roles and it's not easily maintained across a system.
      Conceptually what I'm thinking is:
      Every button is attached to a script the script attached to the button is used for navigation, to perform a task, or combination of both these script are ONLY attached to a button and never called from within another script. They can simply be wrappers if needed the current script being executed is known using get(ScriptName) These button script names are human readable and prefixed with same identifier .e.g "Button." In Every button script, we run another script which takes a parameter of the current script being executed. This script will query/check if the current user and/or role has permission to run this script.  Result: We return a friendly message box saying "no access to this feature" and HALT OR we continue and run the script  Create the Role records  Somehow we dynamically create a list of scripts with the "Button." prefix <- this this possible? A plugin even? Can you dynamically query the scripts in a FM file?(this is a hard thing to google) Add each script to the role via permission table.  Functionality could be enhanced by using multiple prefixes for the scripts as groups, so you could add an entire group of scripts to a role based on the prefix...Lots of ideas based on this.
      Has this been done before? Can we query a FM database for it's scripts without using database design report?
    • Running script with full access privileges:"Check found set"
      By Stickybeak
      I am running a script with full access privileges the last line of which is intended to check a found set.
      When the script gets to that step it says I dont have the access privileges to correct a spelling error in a record.
      My research to date told me that a script running with full access would override the security setting in the privilege set.
      Is this an exception or is there more to it?
      Putting "exit script" on the end solved the issue, as at presently advised
    • FMGo Asks for password from webclip with login credentials
      By GisMo
      I have created a webclip for iOS with a FMP Url with the format FMP://username:password@myserver.com/mydatabase.fmp12
      I have the extended privilege set to:  fmreauthenticate0 to make testing easy
      upon first launch, it works correctly. When I press the home button on the device.. I wait 10 seconds and then I launch from the URL/Webclip I am prompted for login credentials(This shouldnt be because I am passing the credentials in via the URL. If I press cancel as the login screen, it seems to work just continue as it should with the login credentials. I am getting some complaints and confusion from the users about it. 
      How do I fix this?