I would like to give users access to a set of databases based on a profile. For example: a European user has edit rights on all European records but has read only rights on all non-European records. And to make a little more challenging this user should have no access to Australian records. It should also be possible to restrict access to layouts which display certain fields.

I figured out I need something like this set of db's: Users, Profiles (stores access to which layouts), User_Profile (stores region and links users & profiles 1:m), and for example Orders and Order_Items. If each user would have just 1 profile I can get it done. What I have not figured out is how to get the example to work. In the end this user should be able to add records for Europe and browse the database and see all records except for the Australian records.

Any suggestion will be appreciated. TIA.

A couple of points here. It is popular and convenient to create separate login and privilege files outside of FM built in security. You must however heed the warnings from Steven H. Blackwell (see Steven's articles on database security in FileMaker Advisor magazine) about such systems. Everything outside of FM systems, login files, etc. is a potential hole and weakens security.

I would use FM's built-in record level security to set record level privileges (Browsing, Editing, Deleting) based upon Status(CurrentGroups) and set Groups based upon passwords. Access to layouts and individual fields can be controlled by Group. The ability to create records can be controlled by Password.

Before I created too many outside security files, I would thoroughly read and understand and experiment with FM's built in security features.

-bd

Points well taken.

I would like to use built-in security, but for my application I see two problems:

- record level access is based on dynamic criteria.

- I do not want to give a user access to entire database, just so he/she can add and delete users. Can't do it myself.