A Fundamental Question About Security

[Ted S]

I have a very fundamental question about security.

I have a FileMaker database of about 50 files and right now and I need roughly 5 levels of access to each file. There is a growing group of about 200 employees that will need access to the database. I'm using the term database to refer to the collection of interrelated FP5 files that make up the entire system.

It looks to me like I have to update 5 groups in 50 different files which is 250 entries and that seems like a lot of work but still manageable.

I'm familiar with the Windows security model where an account is created for each user and each user is assigned to one or more security groups and users all have their own unique user IDs and passwords. This method of applying security to a system is intuitive to me and pretty easy to administer once the groups have been created.

With FileMaker it seems that all people in a group share the same password and have no unique login ID. I know that there is a User Name field in the Application Preferences dialog box where a user can enter his or her name but what keeps the unsavory types from entering the name of a coworker for instance?

Now if I were to try to replicate some of the Windows model and create different passwords for all employees wouldn't that be a huge effort? 200 Users x 50 Files or 10,000 entries? And everytime another employee was hired wouldn't I be updating 50 files? Where am I going wrong here? How is FileMaker security typically deployed in an environment like this?

[BobWeaver]

You might want to check out some of the password management products that New Millennium sells.

http://www.nmci.com/Product_Overview.htm?pid=P703XLMOYQF6ISLDU2DJ&-session=dwc:61F75F853C284353FFE0B8AB128043AA

I haven't used it myself, but it looks like a useful product.

[Vaughan]

Rumours suggest that FMP 7 includes better password management.

[Ted S]

Gentlemen,

Thanks for the info. Actually I know of New Millenium but don't want to go down that path unless I'm forced to and I have heard the rumors about 7.0 too.

Since I'm in a Windows only shop it would be great if version 7 were able to utilize the groups built into the Windows OS but I'm not holding out much hope for that happening.

I gather that I'm not too far off on my assessment of the way FileMaker security works since I haven't had any "you're nuts!" type comments.

Anyway, I remember reading something recently where the writer was recommending the SEND MESSAGE script step to have the Windows %username% command direct the results to a text file. I presume that a later step was import the results and compare it to the Status(CurrentUserName) to verify that the Windows username and the FileMaker user were one-in-the-same.

[Steven H. Blackwell]

You can force the user to authenticate to a Windows domain before being able to access the Server. You must use FileMaker Server to do this.

There are also lots of rumours floating around these days, and I too have heard some of them. From long experience I can tell you that he who lives by the FileMaker crystal ball soon learns to eat ground case functions.

When and if a future version of the product is released, I feel sure that FMI will supply extensive information about its features and functionalities.

HTH

Steven

[HazMatt]

If those rumors aren't true about better password protection in FileMaker 7, I'm not upgrading.

That has been the number-one problem issue for me and FileMaker, and we only have 30 databases and maybe 20 users at any given time.