Security Concepts

Greets, all. Out of the gate, I want to admit complete ignorance as I'm more of a client-side programmer, so please forgive me for that when it comes to this issue...and if I'm posting in the incorrect form. The previous tech in my current position set up FileMaker Pro (Mac, Server v13) in a DMZ, with Lasso v8.x so our faculty, staff, and students can fill-in online forms in our databases. That tech has retired and now I'm faced with programming and maintaining this set-up. I told my (new) supervisor that we should cast away Lasso due to the Mack Truck Possibility* and to have our IT department host users in Windows' Active Directory to simplify things since that's what…

I'm preparing an import routine which is pretty central to the DB solution I've built. It'll be used many times by many people in a FM Server/Client environment. The basis is that a user imports data to what's basically a temporary table, whereupon they can review the data prior to a full import to the main data table. A script fires when the user hits 'Go' and performs the import to the main data table. The final act of the 'Go' script is to delete all records on the temp table, leaving it clear for the next import. I need to ensure that there can be only one set of data on the temp table at any one time and that this is being used by only the user who placed it the…

Hello All, Just a little background info; We have a great application which is used by banking institutions, and we are being asked some due diligence questions based on IT concerns of our client. These are a few of the questions they are asking, and if anyone could provide some insight I would greatly appreciate it. How is communication encrypted between clients and host? It is my understanding that this is using a Secure Socket Layer (SSL) connection in between our FileMaker Server and FileMaker Pro/ADV users. We do have SSL enabled on our FileMaker server database settings. Is this sufficient information to answer this question, should more details be provided (SHA…

Hi all I've been looking at demo CRM solutions for a company I'm working with and was particularly interested in BusinessMan. While looking at their solution I noticed that they have their accounts and privilege sets managed on a layout which alleviated the need for the user to need access the native FileMaker Security module. Is this a plug-in they might be using or perhaps some more complex scripting which updates a "user" table and the security, respectively? I'm wanting to allow managers to add and disable user accounts but prevent them from needing to access the security module since they could potentially alter the state of my administrator account.

New user alert... This is my first FM database and any help would be greatly appreciated. I want a set of user with a certain privilege set to be able to view and edit the records for all members of staff in their department. I thought of doing something like this in a script Find record of user that has logged in Find department code from the logged in user record and set as the value as a variable Set the custom record privilege limited... view when department code = variable Is this a sensible approach? How do I go about scripting the first 2 points? Thanks in advance. Ben

Security update for FileMaker 13 versions. http://thefmkb.com/14358 Be sure to read the instructions first. Important Security Update. Read the instructions first. Steven

My solution has a staff layout. How can I limit each user who happens to be a staff, to his/her own staff page. ie when a staff (user) logs in to the database, he/she is redirected to his own page (staff layout). the essence is just for Staff to have NO access to the records of each other. I have hidden the tool bar so as not to allow ''Go go Next Record'' navigation. I don't really know if my topic rightly suggests my intention for this post, but I am hoping you get my point. Thanks

Hello again! I have few users on my db, being only one the admin that has full access, all the others have access only to specific layouts with an specific privilege set. All fine, everything works. The thing that is causing me problems is I want to have a "portal" layout that says a simple stuff like "Welcome, Admin" or "Welcome, user1" based on the Get(AccountName), then I want to have a button that goes to the layout based on a calculation that is like: Go To Layout [Get(AccountName) & "menu"] and the result is like "Adminmenu" that is the exact name of the main layout for that account. The thing is, all that system works perfectly fine with the main acco…

I have a file that my employees access using 'Open Remote...' One of the employees is not being sent to the login screen. It only happens on her computer. Any ideas?

Hi, I want to be able to display the AccountPrivilegeSetName for my users in the user table. I'm reading that Get(AccountPrivilegeSetName) should be able to do this for me, but the help file makes it looks as if it's going to return MY set until I change the "context" of the calculation. I'm finding little written guidance on how to do that and the test's I've tried are consistently showing MY set. Can you help Many thanks

At the upcoming 20th FileMaker Developer Conference to be held in Las Vegas, Nevada, July 20-23, I am pleased to have the opportunity to present a program entitled “What Would I Find If I Did A Security Audit Of Your FileMaker System?” So far in 2015 we seem well on the way to having a record-breaking year for data breaches. Simply stated, we are now in an era of continuous breaches, some of them very significant in terms of the number of, and the sensitivity of, data records exposed. Organizations must expect they will suffer breaches. The question has now become, “How can losses be held to a minimum?” when a breach occurs. Some observers and information secur…

Hi , Does anyone know of a recommended way of display data specific to one user login. Simple example there's a FM database with 100 records 5 users accounts . Each users can only view 10 records that specific to their login. Anyway to set this up with out have to create 5 different database and get it to work with one FM DB? users no of records A 10 records B 20 records C 5 records D 5 records E 60 records

My file was alerting me to an unknown script error each time I opened the file. I went through some preferences to try to locate the unknown script and delete it. Now, I've hit some button by mistake and my file is asking for an account name and password. I have had neither. Now i can't get into my file. Is there a way to get rid of the password?

I've got two tables. Employees and MBO. The MBO table is related to the Employees table by a simple employee id number. When a new MBO record is created for an employee, it's foreign key is populated with the employee id for which it was created. There is a portal on the Employee records which shows the corresponding MBO records. Each Employee record has a "Reports To" field which specifies the employee id of the person that supervises them. Each MBO record has a calculation field ("Reports To") that evaluates to "Employees:Reports To". View/edit access to both Employee records and MBO records is restricted so that users can only see records if they are their own or i…

Using FM13ADV on Windows. I have quite a number of new accounts to setup in Security. I wrote a script, like I have done before. The password needs to be two lowercase letters followed by a series of number like ag45689. This calculation is producing uppercase letters no matter how I try. No text formatting, add lowercase formatting, remove text formatting. I would rather not enter each one by one. Thanks, Jim

Hey gang, This is either encountered bug or I got lucky today. I was customizing my product this morning and one of the task I had to do was change the Admin account and password to my main file to the clients simply account and password. Account Name = Admin PW = password Well there is either a bug in FMP13 when saving accts/passwords OR I happen to get lucky enough to change and confirm the change with a TYPO. I know there are passware apps on the market, but from what I see, they are only windoze based and I do not have a machine to install such an app. Any MAC versions? Anyone out there that can bail me out on this. I would sure appreciate it, Would hate…

My problem is similar to the one found here.. http://forums.filemaker.com/posts/7389c2f7c1 I've denied all but the Managing Director access to a layout holding the hourly rates of his employees. The problem is that when anyone without permission presses on the navigation button to access that layout... all they are presented with is a rather ugly blank page with the tiny words "No Access".... and no way to navigate back to where they came from without first quitting the database and logging back in again. The above forum link offered the following two options which assume a knowledge I personally do not possess... • You can use get ( PrivilegeSetName ) to chec…

Hi there, Currently I have a FM solution which has a database and an interface file, both with identical user accounts. On login, the license key which is stored in the interface file is checked against the company server to see if it is valid, and in date. It does this by comparing persistent id, a license key which is generated by filemaker using UUID, an organisation name, and expiry date. Ive realised that I may need to update the interface file, database file, or both at various points in the coming months. As I update, how do I keep the current user accounts, and not force the users to reset passwords etc. The client currently does not have any form of exter…

I've got a navigation file made eons ago that I'm trying to replace. There's ~100 buttons, each attached to separate scripts that just do an Open File step for whatever the user is trying to open. I've already written my one script that opens everything via a URL with a parameter passed from the relevant buttons instead. Works almost as I wanted, with one catch: In the original navigator, the user doesn't have to log into any of the files that are opened with those buttons that run the Open File steps. It just uses the same password they used to open the navigator, and ta-da, they're in. In the new navigator with the one parameter-based script, it prompts the user…

I'm hoping simply posting this will let me see my mistake. Data model party->party_role<-project hoping to only allow a certain priv set to party records that are on the same project "team" current calc: FilterValues ( ExecuteSQL ( "SELECT id_project FROM party_role WHERE id_party = ?"; "" ; ""; $$ID_CURRENT_PARTY ); party::mk_projects_c )>0 or party::zz_accountCreated = Get (AccountName) or $$VIEW_CONTACTS_ALLOWED =1 party::mk_projects_c is a multi key. Other complication, if it matters, is that this is a separated solution. I am defining the RLA in the data file. $$ID_CURRENT_PARTY is set in the open_file_open, and right now I have i…

Hi, I have made this simple inventory system for internal use, however there are different users who needs to see different layouts. Is it possible in any way to send the users to different layouts when they log in? So that user1 => LayoutA & user2 => LayoutB Have been googling for some time now, but with no help so far.. Thanks, Mike

I need a way to make the user write into a field and the lock the fiel, that the user is not allowed to modify it what he just wrote. How can I do that? Thank you

Our in-house solution is growing and adding end users left and right, and I think it's time for an opener file that can be shared with new end users. I've hit a roadblock with this simple idea, and either its pointing to my lack of understanding of FM security, or perhaps what I want to do is not possible. The FileMaker Support article on this issue indicates that an opener file is for guest access. I would like to use an opener file for all end users, and allow them to enter name and password once they reach the server hosted file. But - every way I try to set this system up results in a 661 error message. My logic (internal - certainly could be flawed!) tells …

Iam certainly not a professional filemaker developer but try to work around problems (problems for me not for the pros) but this easy thing here drives me nuts. I am trying to hide the toolbar for all layouts (about 80) based on privilege set. I have placed an opening script in the File Options but what it does, it only hides the toolbar for the first/opeing layout not for the rest. Any tipps here are most welcome. Merry x- mas for all Opening script Allow User Abort [Off] Set Error Capture [On] Perform Script [“hide toolbar test”] -script supposed to hide tool bars for all layouts (If [Get ( AccountPrivilegeSetName ) ="Operations"Show/Hide Toolbars [Lock; Hide] E…

Hello all, I'm having a problem with users being unable to copy/paste text into or out of my FileMaker solution that has me puzzled. The solution is built in FMP12 / FMS 12, and the machines are Win7. When I am logged in with full access privileges, I can copy and paste anywhere with no trouble. When logged in as a different user, with a different privilege set, I can not. Instead of pasting the copied text into the field, it pastes what appears to be some kind of control character. Both privilege sets have "Available Menu Commands" set to ALL. What am I missing? Any help is appreciated. Thanks, John Apologies if this in …

Hello Gurus, I'm trying to make a data base for our lab personnel in order to track their working time in each project we have. Im trying to set up the account and privileges, when Im trying to log in with the account and privilege that I setup its not working. I spent 2 hours of playing with the file still didn't work for me. I have also attached the file that Im working. the Users are Admin, thong and pogi all accounts has no password. Hope you can help me. thank you so much in advance. Joy Lab Hours.zip

Hello All, This is a theoretical question as I am about to start my first project in FM and would like to know if this functionality sounds feasible: I will be creating a DB of personnel records with various tables holding data about training undertaken, time-off, performance records, etc. So every member of staff in the company has a record in the DB and is also a user of the DB. Is it possible to have records in the personnel table provision/inform the User Accounts in FM? Also, I would like staff to be able to access only their own records, apart from Heads of Departments who will be able to access all the records of staff in their department. Manageme…

I have a portal full of different types of addresses. I want to set it that if the user who is logged in is a guest account, they can only see some of the records in the portal and not all of them. Any help would be much appreciated.

Change Control is not a term you see used among FileMaker developers; in part, because it goes against many of the aspects of FileMaker that we all love. However, data security concerns are leading to platform security concerns and to an increased demand from customers/clients that we document our Software Development Live Cycle and follow established Change Control policies. Unfortunately, FileMaker ain't built that way. There is no check-out/check-in of scripts, no logging of script edits, no code-compare features which highlight changes to a solution. So, the Question is this: What tools, tricks or techniques have folks found useful in trying to address the …

I have a filemaker solution which is going to use WebDirect to allow a low level of access to "many" users, where "many" is going to be between 50 to 100. This will be in addition to a dozen accounts with direct FileMaker Pro access. I see that in FM13, the Manage Security / Accounts panel still has the same design as was used in FM11 : a single flat Table for all accounts, with columns that do not sort, and no way to group accounts by Privilege Set. I'm worried that with around 100 accounts, this system will be hard to use. I've thought of another way: create a single "WebDirect" account privilege, and then use another login scheme (such as "Show custom Di…

I have separation files. In the GUI, I re login as Manager. When I switch to a layout which has fields from the data file, I expect it to open using same credentials but it does not. It stays on the prior credentials. I even force it to close using Close File and it automatically reopens which is cool. But it stays on the prior credentials. Must I always re log in the data file separately? I use data viewer to tell me the account name of the file I am viewing and also Get(currentPrivilegeSet) and even tried the other privilege set but they all show the prior log in. I am missing something very basic here. When the data file opens it does not ask for account…

I set up a privilege set that has custom privilges for records on the "main" table. The calculation is... Access = "Public" or PatternCount ( Get(AccountName); List( Creator;AccessUserList )) > 0 Translated this says that if the field Access equals "Public" or the Account Name matches a list of names which includes the creator of the record then you have full access to the record. In Filemaker 11 all the records that you had No Access to disappeared when a find or a Show All was performed. After converting to Filemaker 13 these records show up when a find or a Show All is performed but have the words <<No Access>> on all the fields of t…

I want to create an account that has full access priviledge but won't be able to delete or deactivate an Admin account... The account should be able to create new users for other priviledge sets.. How can I accomplish this?

Could anyone shed some light upon how to properly test backup files? Today, one of our files crashed during production hours and I restored it with a backup file, however, I'm unsure whether my backup will eventually face the same fate. The consistency check cleared my backup but I'm not sure if that should put my mind at ease. I am currently running the most recent version of FMS 11. Thanks in advance!!

hi, i have a question regarding file security over the networking. when user prompt the open remote dialog box , file name shows on the dialog box and can user copy that file from the dialog box ? the file resides on a remote computer which user has no access to - only available through open remote dialog box. kevin

I was just reading here http://fmforums.com/forum/topic/28989-best-calculation-for-custom-record-privileges/ Steven says be careful about people being able to change this data. Here is my situation please if someone could help I have a table called Users with a field called Type. This means they can only change records which also have this Type field in them. But when I go to set up their privilege set, the calculation box is throwing me. If(User::Type = Sales Orders::Type) but how will the calculation know which user I am referencing? All I can think to do is put the person's type into a global variable when they log in and then calculation would b…

Apologies if this question has been answered elsewhere. I scanned previous posts and couldn't find this specific question. I want to set up a custom record privilege that allows certain users to edit a particular record. I would like the following types of users to be able to edit a given record: 1. The user who created the record 2. Other users to whom I (the administrator) give permission. Currently, I have a field called "EditorApproved" in which I can place usernames (other than creator) of those who may edit the record. Ideally, I'd like the permission calculation to scan for the presence of the username in the EditorApproved field and allow them to…

I have a large database for several clients. I want to take advantage of the Web Publishing and give access to some clients so they can view their own data only. The database has a field with the customers name so it can searched or sorted by the clients name. How can I achieve this ? Thank you.

August 4th 2014 Today, August 4th, marks fourteen years since my first post regarding FileMaker security items that appeared on the old FSA Tech Talk. It now seems as if “…everything old is new again…”, as the song goes. Two events at the just concluded FileMaker Developer Conference bring this into sharp focus. First, FileMaker, Inc. Senior Consulting Engineer Rosemary Tietge’s excellent presentation on the Threat Landscape should have been a trumpeting wake-up call to any who might still believe the FileMaker community is immune to present-day security issues. Second, Mark Richman of FBA Platinum Member Skeleton Key posted to Twitter (https://twitter.co…

Hi Where can I login as admin with the newly created password? Seems a rather obvious screen to have easy access to? Somehow when creating a password for admin, I locked myself out of the creating/editing privs for the database and layout. I seem locked into the guest account with no option to login as admin When I opening the menu item, File options..., I get "Your access privileges do not allow you to perform this action." I get the greyed out screen: https://www.dropbox.com/s/idr3p4myu45490l/Screenshot%202014-07-15%2013.14.19.png Much appreciation in advance Graham

I've been following this discussion, it's very interesting. Rather than hijack the discussion, I've started this topic. I'm extremely curious to hear if anyone has ever experienced or even heard of an actual incident of someone circumventing FileMaker security (other than password cracking utilities). What was the damage and what was the exploit? How could it have been prevented?

Hi All, I've got two records. The parent record has a 1 to many relationship with the child. The parent is for clients The child is for people I want to only allow someone access to the parent records, when there is at least one child records which has Are_They_Green = "Yes" So if any of the client's people are green, then access will be allowed to the parent. I'm using a calculation within the privilege set, view limited: Are_They_Green = "Yes" The problem that i've got, it seems to me, is that i'm only getting one or a couple of layers down in the portal. How can i calculate it to show that there is at least one occurrence of Are_They_Green = "Y…

I ave a question about the security levels in filemaker. I use a function to get access to the records of the tables based on File Maker Accounts and Privilege Sets (filemaker 13) in the security tab i use a custom privilege set and set for my table the View , Edit and Delete to custom. In the calculate tab i use a custom function to set the appropriate access. that works fine, but why can'y i do the same with new / create, that option is not available View, Edit and Delete have options; No, Limited... , Yes, but Create has only: No and Yes. How can i make this work so that some users cannot create new records for certain tables.

The system I'm working on has always used user initials for the Account Name, which I'm aware is a pretty bad practice, but it was implemented long before my time. As the company grows, it becomes more and more of a hassle, as people obviously share initials, and we have to use some "creative" solutions. I'd like to update the system to use a different ID system (their network ID, which is usually their firstname.lastname, sometimes with an initial, but always 100% unique). I believe I need to write a script for this that loops through each record in my password manager file, creates a new account with the new ID (which I will end up manually inputting into a new field) …

Hello, I've read a few similar threads in this area, but none were quite the same as what I'm experiencing. I have a table of employee project records, and I was trying to set up a custom privilege set such that an employee can only view records where the "empID" field matches the global variable $$EmpID. This is so that, should an employee somehow manage to get the Found Set to include records not belonging to them, they would just see the <No Access> label, instead of the data. By setting the View privilege for the table to "Limited" and entering the calculation "empID = $$EmpID", this works. However, what I have discovered is that this somehow prevents al…

I am providing home Physical Therapy services to infants and required to write a note which parent and I both sign (I would like to do this digitally using FM Go, and sync with a FM Advance on a laptop computer.) The state I am working in has the following requirements for electronic records: * Record itself must meet the general and specific requirements of the regulations as to content. * Possible to determine when the record was created. * Process to prevent records from being altered after they are created. * If records can be altered, alteration process is documented. * Actual caregiver identified in the record. * Caregiver identified as having s…

I want a privilege set that can create and edit records, but not delete them. However, when I use the "create and edit" setting for a privilege set, it also seems to remove the ability for a user to right-click on a container to add a document/pdf/picture, etc. Does removing the delete ability in a privilege set simply remove the ability to do anything with a right-click?

The administrator of antivirus software for the company I work for asked me today about a "potential threat" detected by the antivirus program on our FileMaker Server VM (FileMaker Server 13.0.2 on Windows Server 2008 R2 Std). He listed the path to the "file", which I identified straight away as an image file stored externally from the database via Secure Storage. I sent him a link to the KB article on external container data storage using Secure Storage along with a comment that the antivirus is probably reporting a false-positive. His response was "That is a secure way to store viruses files." This got me thinking about keeping the data on both live databases an…

Is it possible to prohibit record editing when a field matches X value? For instance, a field named "Status". When the Status field contains "completed" is it possible to prevent editiing ANY field in that record from that point forward? For some reason, having a hard time figuring this one out.

Could someone clarify the precise action of this setting when calling a script in a remote database that has this setting enabled? The specific scenario is as follows: Database A and Database B are two separate Filemaker databases hosted on the same Filemaker Server User has [read-only access] in both databases, using an identical account name. This should mean he cannot create a record directly in any table in either of the databases. Script 1 in database A has the "Run Script with Full Access Privileges" setting checked. Script 1 includes a perform script step which refers to Script 2 in database B Script 2 in Database B creates a new record in tab…

I am very new to FileMaker but not databases and development. I'm having a problem with Create/Delete in custom privilege sets. Edit/View are working as I would expect. I'm certain I'm missing something glaringly obvious. I'm currently playing with the 30 day eval of FileMaker Pro 13 and FileMaker Server 13 to create a proof of concept. For the most part, other than some fumbling and the occasional online search to figure out how something is done in FileMaker compared to other environments, everything is working as I would expect. Except for custom Privilege Sets. As I said, I'm convinced I'm missing something obvious. Any pointers appreciated. I'm u…

Hi All, I want to stop editing of all but two field in a record after it has been committed (Via script). At the moment I just create a value in a non visible field called Commit and if that value is present then editing is not allowed but I am unable to find a way in Custom Record Privileges to then allow editing of two field that can change. Any help would be appreciated

Hello, I'm having some trouble on creating a Privilege Set..I don't know if it suposed to work differently but maybe someone has a different solution. Here are the tables: - I have 2 related tables : Student and Disciplines ( Disciplines::ID_Rel = Student::ID ) - I have 3 records in Student ( Tom , Jim , Bob ) each having 3 records from Disciplines ( 9 records in total ). Student Disciplines Name Title Tom Math English Physics Jim German Math French Bob Chemistry Physics Ge…

I'm working with Filemaker Advanced Pro 11.0v3. I work for a very small company and the person who set up Filemaker is no longer with the company. I have no experience with Filemaker at all, but I have some programming background so I've been asked to look into an issue with Filemaker to try to see if what we want to do is even possible. The scenario is this - we have one particular layout where several different people would be modifying a single record over the course of a few days. It's basically a shift log where they report what they've done on that shift or on a particular job. I've been asked to try to figure out if we can make it so that once a particular fiel…

Let's face it. If you have a security consious customer and a large development with different security groups, external authentication, IOS, webdirect, XML and php access, encryption, SSL, firewall setup and whatever I'm forgetting here, you kinda lose track. FileMaker has no conventient way of immediately letting me assign security to an object ( a field, a layout or a script ) when I create it, so there's an additional danger of creating security holes if you are not submitting yourself to the regular ritual of reviewing security after a chunk of development. FileMaker security interface is not bad, but sometimes a bit awkward to use, leaving room for errors. One …

Today the machine which was running FM Server crashed, and upon reboot our main database would not open. When saving a copy to the desktop and opening directly it says the file is damaged and cannot be opened. When trying the "recover" command, it comes back with "The access privileges in this file have been damaged or possibly tampered with. Please contact FileMaker Technical Support if the problem cannot be resolved." Most troubling is that all of my backups are also opening with the "The access privileges in this file have been damaged...." I literally don't even so much as have an empty shell of this database, as I did all development as of late remotely (I do have a …

I'm pretty sure I know the answer to this question, but I have to ask because I'm really hoping I'm wrong..... Is there a way to change the current privilege set on the fly securely via scripting or some other method? I'd like to use FileMaker's security mechanism to prevent certain fields from being modified under certain conditions. I know that we can use the calculation engine when setting the Edit privilege under Record Privileges, but this effects the entire record and the calculation only evaluates when you "Open" the record. Ideally, we'd be able to use the calculation engine for the Field Access privilege, but we can't. Seems like the next best …

Hi All - I assume, correct me if I'm wrong, that the most secure use of FileMaker's security mechanism in a multi file app, other than using external authentication, is to maintain the accounts and passwords in all files in that multi file app. I'm just wondering how other developers are dealing with adding files to such an app that has been in place at a client site for a period of time. Are you hand entering the accounts in that new file with random passwords and using the Change Password script step to change the password for the accounts in each file? Are you making a clone of one of the existing files and freezing the all account activity on the app som…

Hi, To start with I'm a FM beginner so excuse my question. I'm using FMPro 11 on a Mac. I created a db and started playing around with while trying to learn FM. I created a new user and gave that account admin rights (full access). Afterwords I removed that user from the user list as it was just for testing. My Mac managed to crash and after restarting it I noticed that I was not able to access my db anymore. I tried to create a new db and then add the testuser I had before and that way managed to open my previous db. The problem now is that I can not edit my database because the user I added does not have full access to the db and the "manage" button i…

I have FMP Advanced 12.0, Is it possible to set up a user account as Data Entry but without the ability of duplicating a record or copying a record.

I am aware of the Security feature added in FM 11 to restrict external File Access in the security settings, but I was recently stunned to discover if this feature is not set, a user can create a new blank database file, and then reference a password and privilege set protected file file without ever having to enter a username/password for that file. I always assumed that in such a circumstance a user would be denied access unless they entered a valid user account for the file that they were attempting to access. On the contrary, I was able to import tables, scripts and data into my blank file, as well as directly manipulate data in the accessed file, without any appa…

Since the beginning I'm hiding the status area in all of my solutions. All the functionality that is needed is built in the interface.  I just found out that on Mac one can simply right-click the title bar and choose 'Customize Toolbar...' And voilà : the status bar appears... and it's going to stay.  I don't know if it's been like that in earlier versions. I suspect that it is. Probably it's an OS thing, so I doubt that FMI can fix this.  Now I need to revise all my solutions to add the script step 'Hide Toolbars' to all relevant scripts. I also have to empty the layout menu.  Don't know how it is on Windows... Â

I forgot my full access login username and password. Is there anyway to recover it, or any workaround?

I have been reading until I am blind. I am just setting up server and creating new program. This is using separation concept with two files. But it will need to be used from both Mac and Windows and different versions as well as through web direct and iPad and iPhone and probably anything else possible. So I read about Open Directory and Active Directory and external authentication and privileges and security. But what if I need to use both? Nothing works right now. Thank you.

I am very happy to hear that FMP13 Advanced offers database encryption. I got the demo, but the encryption feature is not available in the demo. I contacted Filemaker to ask about encryption, but they did not respond. Has anyone tried the new encryption out? I am very interested in how it is implemented as well as it's functionality and security strength. Any help would be greatly appreciated. Thank you in advance, Fed

Hello, I would like to allow overrides by those with a different privilege set. Here's the scenario: A user with privilege set "Basic" tries to put in a value into a field that is out of a specific range based on a calculation. I would like this user to find someone with Privilege set "Super" to click an override button, which would ask for their username and password. Once entered, FM would verify that they are one of the users with privilege set "Super" and then allow the field. The original user would then continue to use the database with their account.

I'm wondering if I should move to External Authentication. I've got a single file hosted with FMS13 and I'm up to about 100 accounts right now. I expect it to double in the next year and about 3/4 of those are for CWP access. I'm not sure what the advantages would be of switching, especially since I don't have an "IT Department" that is any more comfortable adding users to the server than he is adding accounts to the file. Is there a limit to the number of FM authenticated accounts I should have? What's good practice here? Thanks!

Hi, I have created a database. There are two accounts admin and user. Now what I want is that the data entered by admin or user, once it is saved, should not be edited or deleted by user. Anyhow user can create new entries. how it is possible? I have changed many settings in privilege set but all are useless. Because sometime it is not access able or if access able then user can make any change. That I don't want. So some kind of startup script or privilege set is required to secure database. I need your help. I am with filemaker pro advanced v12.

I am building a solution using The Separation Model. What I am trying to do is allow a User to add an Account via Scripting. I want to be able to use this same solution for multiple businesses and thus I plan on making it available to them only by WebDirect and FMGo, so it is a necessity to do this via scripting (so I don't have to manually add Accounts anytime the business wants to add a new user). I am able to add the Account via script to my UI, but I can't figure out how to add it to the Data File. I may not have tried everything I can think of yet, but I have attempted to the point of frustration. Any ideas?

Hello and Happy 2014 to all. I would like to ask a basic security type question. We run our solution on FM12 (soon to be FM13) Pro Advanced on a cloud based server. We unfortunately cannot afford the steep cost of FM Server, so at the clients workstations, we run FM12 Pro and use "Open Remote" to attach ourselves to the running cloud based solution. This does work pretty well for a "poor man's server" arrangement. We are using Username/Password protection on all clients who gain access to the running solution via Open Remote. We were wondering about security with this method. Are the communications back and forth on that Open Remote session encrypted in any wa…

Howdy everyone! I spent time but with no luck to find a solution for our in-house problem regarding security of files. The question is simple (maybe it isn't even Filemaker related!) but i really do not know how to organize our workflow: 5 users are connecting to a FM Server 9 with a mail database and all of the 5 uses are sending quotes out (PDF documents). All of the 5 users have restricted access to the database (export is not allowed, the files are stored in container fields). Now, the database is getting bigger and slower and we would love to move the container files to a central file sharing volume. In order to get access to the files, the shared v…

One of the more interesting new features in the just released FileMaker® Pro 10 allows users to manage the Table View screens that can display FileMaker Pro data. Users have the capability to remove or to add fields to the screen to a view, all without affecting the underlying layout that drives the view. In some instances, however, developers may wish to constrain this practice. So, here are four ways that the Modify Table View capability can be blocked in any given file. 1. Disallow the layout’s being sent to table view by toggling the appropriate check box in layout setup for each layout. 2. Hide and lock the status area. Both steps must be taken; sim…

Hi folks, Am after help compiling a script to limit a demo iPad-based solution to 30days after first open. I have used a date-based script to similar effect, however, am after something more empirical. TIA

I have a few databases (Invoicing, recordkeeping, etc) in which I would likes to "lock" the records upon completion to prevent unintended changes. I've created security privileges which only allow editing when a "Locked" Field is value 0. Upon completion, a script changes the value to 1, locking the record. I do not like the error that filemaker presents, which is "Your privileges do not allow you to perform this action." Is there a way to change the error message to something more descriptive? Thanks. BC

I mean, in a "Projects" layout, that have "Project Name" and "Year" fields, for example: Record 1: Project Name: "Project A", Year: "Year1" Record 2: Project Name: "Project A", Year: "Year2" Record 3: Project Name: "Project B", Year: "Year1" Record 4: Project Name: "Project B", Year: "Year2" What privileges I must change (or do scripts ) to make that an user can only see all the records for "Project A" ? and have no access for all the records from any other Project ?

I tried to post this earlier but it didn't seem to post; please forgive if I've ended up posting this twice. My goal here with this attached file is to get use to working with security levels, passwords and privilege sets and using them to navigate through various layout based on permission levels. I'm starting small. I have a script that runs on open, and is suppose to initialize the global fields in the GlobalsAndUI table; however, the globals are not populating. Can anyone advise me on what I have wrong? There are three passwords: Account name: Full Access, password Full Access Account name: Data Entry Only, password Data Entry Only and Accou…

Hi, I am looking to have an arrangement where can create a new record in a table, but once they've left that record they can not edit it again - view it yes, but not change it. I've looked at the custom privilege set and on a field and a record level can have none, view or full. There also seems to be an option where security can be applied by a calculation. Would I be looking to, say, compare "now" time with the record created time and if they differ by (>x) then...? Any suggestions would be appreciated. Thanks, Greg

In the process of reviewing the privilege sets of the users of our FMP11 databases, I came across a bizarre problem with the [Read-Only Access] default privilege set. Users who are in the [Read-Only Access] privilege set can edit the values of global fields. If you duplicate this privilege set into a new one, then move the users into the new set, they can no longer edit the values of global fields. (In case you were wondering, the [Read-Only Access] default set allows the user to change their password, a privilege i wanted to remove) So why is does [Read-Only Access] allow changes to global fields, and why doesn't duplicating the set give the same ability in the…

On FM for Mac, there is an option to "remember password on keychain", allowing users to essentially be loggen in automatically when they open the database. I want to be able to have this same functionality on FM for Windows. Is this possible? I know that there is a File --> File Options --> "Log in using:" option, but this is a global change; ALL users will sign in with this default account, and I want each user to be able to log in with their individual account without typing in credentials on their computer. Is this possible? Also, the database in use is local to a network. Can we use our network credentials to automatically log in to the database? Tha…

Hi All, We are moving our solution from one server to another (different IP address and server name). I'd like to contact each of the users in the "accounts" tab in File > Manage > Security and notify them of the change prior to actually making the change. Is this possible? Many thanks in advance.

I am setting up user accounts for my db and I am quite perplexed as to why when creating a new user and setting a password for them, upon reopening the user details, fm instead of retaining the password (as an x number of dots) it adds several characters to it. I guess I should be doing something considerably wrong to get this behaviour?

Hello, I would appreciate some guidance . . . It is tempting to think that one could implement a user-managed login authentication system (eg - create new user, reset password / forgotten password, with per user privilege settings) strictly in FM and publish with IWP. A simple scenario would be a school that might have 'teacher' credentials where each teacher has a set of 'students'. The alternative would be to use CWP and use a PHP authentication system. Please suggest which IWP /CWP path is most appropriate. Thank you!

Hello, I looked back through several pages and did not see this. If I am re-posting and someone knows where I can access a like topic and could direct me where to find it I would appreciate it. I was simply wondering if there is a way to set up an account to stay logged in without having to re-authenticate username and password every time a user goes to access the database? Example: Say there are three accounts 1 Admin (full access), than user 1 and user 2 who (data entry only access). The database is set up almost as a Receptionist log, and needs to be accessed quickly in the event of a call. There are no shared devices, meaning each user will access the file from …

I have a centralized database of customers which contains the products they purchase from us to manufacture a given item. We call it a customer program. It also contains a portal for call activity. We have several sales reps that are assigned to these customer programs. I need to set up individual privacy for the sales reps. So far I've set it up using Auto Name = Get ( AccountName ) in the security set up. It does limit access but I'd like it to omit all other records from view in stead of displaying "Access Limited". Any thoughts?

Sorry if this isn't the right sub-forum for this question. In my job, there are many shaerd data bases, and some Mac users have problems whit the message "Do you want the application "FileMaker Pro Advanced.app" to accept incoming network connections?" I've heard that is not possible to solve it whit firewall configuration, and that the best solution is to resign something (don't remember it) using the command "codesign -vvv..." in terminal, but i want to know which are that instructions, step by step, or if there is another solution, thanks.

I know, why would anyone be using FM 5.5! I have a client that uses FM Server 5.5 and FMP 5.5. They somehow have the access privileges configured to the layout and field level with no groups. This setup also has standard users (by their shared password) set to not be able to edit records in the Access Privileges Dialog, yet they can create new records and edit the new record. I had to add some new fields for them to use. The standard users cannot edit these new fields. They can edit the already existing fields. WTH? I need to have it so a standard user can only edit a new record that they just created but also be able to edit the new fields I just added to the database. …

I know that we can choose to prompt the user to change the password at first use when we are creating the account, but I wonder if there is a way to any user by itself to change the password any time when is using the data base ?

We run FMP11 Server Advanced (on Windows) with FMP 11 Clients. The server supports a large number of separate legacy databases which are closely interlinked to support our business requirements. To minimize user logins, our users login to an 'index' database once and can then open other databases via buttons without the need for further login, as user accounts are consistently set up across all the databases. I've recently added a new script to one of our databases to provide a controlled 'undo' facility for our users for one particular action. Within this script I've used one of the long-standing relationships to check if there are related records in another databa…

Is there a way to create a privilege set that will allow a user to manage and administer the accounts, but not permit them to enter Layout Mode or modify scripts? An odd request I know, but I've been put in a position where another user wants administrator access but on the same token I don't want them to modify my design and scripting.

Hi folks, I'm about to issue a time-limited script for a runtime demo. I need help compiling the script which will be along the lines of; At startup, check if the current date is less than August 30, 2013, if it is, then open the "Home" layout, else a custom dialogue "Demo period has expired" and the runtime closes. I should add that there is already an "OnLayoutEnter" short script, (I'm assuming this is what the script would be attached to, as it's the start layout). The script reads simply "Set Field [Client Search Global::gSearch; "Enter Search Text"]. I would assume the time-limiting script lines would be entered above this statement in t…

Hosted the fm file on server.. It was working good in last 4 to 5 months when we access from the fm adv.. But now a days the particular file will show the license issue error message when we try access from the fm adv. We removed that fm file from server and uploaded new file which we are maintaning other server, but still we are getting same error message.. why its happening with that particular file with fm adv... (we re-installed fm server and fm adv many times both installed in separate machines only) Any help would be more helpful

Hi, I have been heavily researching the record access based on the current logged in user account. In particular, I have been referencing these writeups: http://help.filemaker.com/app/answers/detail/a_id/3402/~/limiting-access-by-record and http://fmforums.com/forum/topic/66177-possible-to-limit-record-access-based-on-username/ <- this one seems more appropriate Anyway, a little about my database. It's a Sales and Inventory Management System. I have sales persons that manage their own customers and their orders, payments, shipments etc. When an order is flagged as ship, the warehouse can see the order and will prepare the shipment and pull it from…

I need help to recover my database which is not letting me to modify. I am the creator however I am not getting any option for log in and password dialog box. What did I do wrong? It was working three days ago and today It happend. No place I can see database privileges settings where I can modify my settings. Is there any way I can rescue this file? Following message is coming up: Your access privileges do not allow you to perform this action Thanks for your help Soma55

Hi everybody! I have a FM database (version 9) that I created for a school-- it manages the students' records. Currently, only the teachers and admins have access to it. The plan is to create a 'front-end' to allow access to student records for the parents. So here's out the flow would look like: Local Network - Database - IWP -> Internet My question-- for 200+ students, if I were to use Filemaker's built-in security, that would require a LOT of managing of users. Instead, I would like to create a strong password for each student and then give each parent that password. So, when they access the IWP from their home browser, it would pop up w…

Hi, I have a password protected-database. I currently have the file options set to "Log in using" the Guest Account privileges set to the single FileMaker file. (To toggle this, I can have users hold down the option key (mac) or shift key (windows) to override this and enter an Account Name and Password that has been authorized. However, what I want to do is have it to where a user can enter in their account name and password just ONCE, and then it will save this information, to grant them access to the FileMaker database. For example, maybe a script step that triggers an edit to the file option of "Log in using" and instead of the guest account (default) it will make…

I am transforming our solution to include tracking of time and materials and a communication log. I have these tables created. I need however to allow my standard users (rather then managers) to be able to enter(create a record) in the time and materials table but not be able to modify them after they have been entered. The same with the communication log. We do want standard users deleting or modifying data at a later point in time. I am thinking to use script triggers on a layout to restrict modification. Maybe if the field has a value, revert the field. Unless there is a better way, maybe through the security settings? Do you think I am going about this the rig…

Hi all, I have had the great fortune of always using External Authentication for managing users across multi-file solutions. I am now building a solution that will be hosted via a 3rd party cloud hosting provider. I've emailed them asking if they somehow support external authentication and the answer is no, unless we purchase a dedicated server. Which is what I expected. My question is, what is the best practice for managing local accounts across multiple files, specifically how to manage the case of first time login or password resets which force the user to change their password upon login. Keep in mind I'm not building "my own" login routines in any way. I'm using…

Am I going mad? What I'm trying to do seems like it should be very simple, though I haven't done it before. The database I'm currently working on has a simple value list called "Categories". I use this list as the basis for a pop-up menu for users to select a category in each record. I have two sets of users - the General User and the Administrator. I want the Adminstrators to be able to edit the categories, but the General Users can only select from the existing list. I have set up my two privilege sets. I've set the General User set to "All View Only" in the value list settings. I've set the Administrator set with custom privileges, and set the Categor…

I'd like to allow mobile clients to "register" their devices to allow access to a solution hosted on Filemaker Server. 'Get(SystemNICaddress)' seems to return the address of the server, not the client. Any suggestions for how to uniquely identify clients, or to store a local registration number? I'm looking for a convenient and reliable system, not high security.

I have a order type layout (Order Header ) that contains a portal. The portal contains order lines (Order Line). Each line can create entries in a table that are related to size (Order Line Size). These are accessed by aliases ( e.g. Order Line Size 8 ).  If I login with a user with a privilege set the same as [Full Access] then there is a problem the $Quantity in the OnObjectSave event script. If I login with [Full Access] then there is no problem.  After entering a value (OrderQuantity) in the size (not pressing Enter or Tab) and then selecting a button using the mouse that runs a script outside of the portal then the following occurs. Note: If I click int…