Jump to content

FMP 11 Advanced: Password protect individual records?

JDW

By JDW,
in Security Concepts

 Share Followers 1

Recommended Posts

JDW

JDW 1

Posted
Posted

Our company still uses FMP 11 Advanced because hosting online via IWP is much, much cheaper than hosting with a modern version of FMP.  Currently, we pay double to have two different FMP 11 databases hosted online.  One database contains 900 records and is open to the public with no password, and the other has several thousand records and requires a password.  

In hopes of cutting our hosting cost in half, I would like to combine the two databases into one database, such that we need only pay to host 1 database.  But our need to password protect certain records remains.  

In other words, I want to put the content that doesn't require a password inside the FMP database file that has data we want to protect.  I know it's possible to combine the two databases, but that would mean we can no longer use a main password to lockout the entire file, as that would lock out everybody.  I would like to know if I can use FMP 11 Advanced to password protect only certain records within a single database file?

Thanks.

Link to post
Share on other sites
comment

comment 1,817

Posted
Posted

You can define two privilege sets and allow only one of them access to certain records. Then make sure that the accounts assigned to this privileges set have a non-empty password.

It sounds like you have multiple users using the same account. This is not good practice.

 

Link to post
Share on other sites
JDW

JDW 1

Posted
  • Author
Posted

Thank you for your reply.  

First, how do I go about "defining 2 privilege sets" in FMP 11 Advanced, specifically?

Second, you say it is not good practice to have multiple users on the same account.  I am unsure what you mean.  Are you familiar with Instant Web Publishing, which allows multiple people to access a single database hosted online?  This how IWP works.  The number of simultaneous users is not unlimited but we've been hosting our FMP databases for many, many years using MacUSA and never once had any issues whatsoever with more than one person accessing our hosted databases.  So again, I am unsure what you mean.

Link to post
Share on other sites
comment

comment 1,817

Posted
Posted
5 minutes ago, JDW said:

how do I go about "defining 2 privilege sets"

Select File > Manage… > Security from the menu and then navigate to the [ Privilege Sets ] pane. For more, consult the help - I couldn't possibly fit it all here.

  

10 minutes ago, JDW said:

you say it is not good practice to have multiple users on the same account.  I am unsure what you mean.

I mean that Adam should log in under account name "Adam" and password ********, and if Betty wants to access the same database she should enter "Betty" and her own password as her login credentials. This is regardless of the method of access.

 

Link to post
Share on other sites
JDW

JDW 1

Posted
  • Author
Posted

That is how access works right now.  Everybody must type in their own Username and Password.  However, like I said before, I cannot do that if I want some records to be freely accessible.  Right now, we have 2 hosted databases.  One has no ID/PSW requirement, while the other DB has the requirement.  But if I combine the two into a single DB, if I retain a password, then I lockout people I don't want to be locked out.

So what I want to do is allow entry of everyone who is allowed to see the free content (which is everybody), but then put a link in the database that will lead to a password page to allow access to protected content.  I want to know if that is possible as per your File > Manage... > Security suggestion.

Again, the reason why is because it's silly for me to pay double the price to host 2 separate FMP Databases if I can pay for to host just one that offers both free and password protected content.  That is my aim here.

Link to post
Share on other sites
comment

comment 1,817

Posted
Posted (edited)
1 hour ago, JDW said:

That is how access works right now.  Everybody must type in their own Username and Password.

Good. Then you can ignore my remark.

 

1 hour ago, JDW said:

However, like I said before, I cannot do that if I want some records to be freely accessible.

Yes you can. If Adam's account belongs to the "VIP" privilege set, then Adam will automatically have access to all records. OTOH, if Betty's account belongs to the "Common" privilege set, she won't be able to access certain records - as defined in the privilege set settings. All this is determined at login and cannot be changed by entering an additional password (I don't know of a secure way to allow such feature).

 

Edited by comment
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 1
Go to topic listing

  • Similar Content

    • Jim Gill
      Add Account Function -
      By Jim Gill
      Hello All,
      I have a very old script (fmp 10?) that creates User Accounts and assigns Privilege Sets.  The users are then able to Login via WebDirect (primarily).  The Add Account function is used with the following parameters:
      Add Account [ Account Name: _Parent Data::Parent1_Email_TrimAndRemoveReturns; Password: _Parent Data::
      Parent1_WebPassword; Privilege Set: Web_User ]
      [ Expire password ]
      The Password is temporary (for first login only) that is randomly generated via Custom Function.   Users are required to change their password on first login.  
      The account is created but for some reason the user cannot Login via Webdirect or Client (Invalid Account/Password).  I checked the privilege sets and they all check out.  I can manually change the password form the Security Console and require a new password - and everything works as expected.   Again this script worked for years - we typically only create accounts in the fall - so if there has been a major security update or some other new requirement  that would throw a wrench in the works - well, hoping you all can help me out.  
      Thank you in advance!
      Jim
    • Joost Miltenburg
      Record Access working local, not while hosted
      By Joost Miltenburg
      Hi All,
      I added security to limit the DataAPI user from accessing certain records, with the limited option. I tested this while running these files on my HD no server. Worked like a charm. After moving the files to FMServer the DataAPI account can access all record in the table all of a sudden.
      Any thoughts as to why this is happening?
      Kind regards,
      Joost
    • MSPJ
      File Access Protection and Import
      By MSPJ
      Hi - I'm developing a business solution to be hosted on FM Server.  It will be hosted on Soliant Cloud.  This is my first time developing for Server.  I read Steven and Wim's whitepaper on FM 16 security, which was very helpful.
      In the past, when I've created upgrades to my solution, I've imported data from the previous version into the new one. Each update is a modified version of the previous file. 
      I read about the benefits of using File Access Protection. My solution is a single file solution so I can basically exclude any other file having access - except I'm not sure what impact that will have on import from previous versions.  I assume both files will have the same ID - but not sure if that means that FM will see the older version as trusted or not. 
      Thanks!
    • cbum
      Audit log for record ACCESS
      By cbum
      Our institution is now requiring PHI-containing databases to log not just modifications to records, but to log every access/viewing of any record. They want to be able to respond to the question "Who has looked at my medical record, even with no change to the record?".
      I am not aware how to achieve this with FM, do any of the add-on programs have such features?
      I am facing the forced elimination of a critical database, built over 15 yrs, if this cannot be achieved.
       
      Thanks for any suggestions.
    • wedgeman
      Applescript with encryption via terminal
      By wedgeman
      We are working on a process for passing certain info nuggets out of a solution (FMP 13) in an encrypted method.
      For various reasons a version upgrade isn't feasible. So the plan is to encrypt the nuggets, then pass them into a format for transport.
      Currently, we're using Applescript to pass the particular fields into an AES-256-CBC encryption process in a calculated Applescript step, as follows :
       
       
      The problems which concern me here:
      1. The password is "traveling" into Terminal in plaintext.   Is there a way this can be viewed during the process (a 'ps' or some other method)??
      2. Is there a better method to accomplish this without running as an echo?
       
      I've tried various flavors of this process (successful encryption & transport, etc), but am most concerned about the potential vulnerability from within OSX.. I've run various flavors, then attempted to grep for any of the password strings in log files and Library/Application Support/ folders, but haven't found anything...
      Is this an unfounded issue, or should I be going a different direction?
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept