Passwords and privileges

[Oldsneekers]

I have a 24 file solution in FM5 converting to FM7 for a small office. I am posting this to see if there is a better way of handling security. There are two levels of users, me the developer and the end user office staff. I have full access but the staff has access only to non-dev functions all through buttons. Status area is hidden and locked. The menu bar is disabled as much as FM allows so that that scritps controll all acess. All fields are set to be entered or not on differrent layouts. There are separate layouts for find, edit, enter, view, with fields and buttons that appropriately guide and limit access to data.

There is a file (STAFF) that lists a users name, computer name and password as well as privilege sets ( ViewOnly Yes or No, ViewInventoryOnly Yes no, ViewFinancials Yes no... and for this example call these fields "Staff::PrivilegeX"). Of course, only I have access to this.

On loging in to FM, all the staff users have the same password that allows the same type of limited use and I the developer have another that allows full access. The splash screen has a user name field (drop down list) and a password field (formated to be illegible). When the user enters both pieces of information, a relationship is used to compare the info entered with that in the Staff file, and allows entry to the main menu layout if equal . Navigation and functions scripts start with "if Staff::PrivilegeX not equal to "yes" exit script." (where x is the given function and associated privilege previously defined in the staff file for each staff member).

Any suggestions to improve the security, other than perhaps giving each staffer a separate FM password, and I am not sure if that is much of an improvement in security.

Many thanks in advance.

[Ender]

FM7 offers many built-in security enhancements that should make our custom login solutions obsolete (I'm in the same boat.) Using a custom login solution is not really secure, and the functionality can now be done with the built-in security.

You should read the Security tech brief on the FileMaker website for details about how the new security model works. One thing that is highly recommended, is giving each user their own FM account and password.

I'm still working out the best way to implement FM7's security with multiple files. I have a dangling thread in this forum about this.

[Fenton]

If you do a search here on the word "Accounts" (don't know which forum, kind of spread around), you will see a rather lengthy thread(s) discussing this. Somewhere in there is a small example file of mine which creates and modifies Accounts. Also in there is a reference to a sample file by Vaughan (in Sample files) which does this. Version 7 is just much better at built-in security. No more of that cramped Overview layout (though it was handy for seeing which layouts a field was on - if you could read the field name).