Am i correct in thinking there is no way to script the appearance of the Extended Privileges window?

Sorry, what do you mean?

There is no way to create a script which will show the extended privilege definitions if that is what you are referring to.

In addition, there is no way to script the modification of extended privileges either.

Edited November 24, 200619 yr by Guest

You hit the nail on the head.

I have set up one user level admin account to only manage extended privileges and have added extended privileges to define deletion, read and edit access to each table.

I am trying to avoid eratz security but I am trying to make it as easy as possible for the User Administrator to access this window.

at the moment they have only access to one table with no fields and one layout. After they have logged in the startup script (the only one they have access or rights to execute) takes them to this layout and loads a Custom Menu Set.

The Custom Menu Set only has the "Define" Submenu on it.

It is just annoying that:

A. I cannot only display the Extended Privileges window on startup.

B. Have to write an instruction on the layout to say

"Click Define > Accounts & Privileges from the Menu bar"

When they click on Define they also see

Database

Value Lists

File References

Accounts & Privileges

Custom Functions (Advanced Only)

Custom Menus (Advanced Only)

greyed out

Its annoying because this appears even if you remove the [Full Access] account, and displaying these things may lead them to believe there is a way to access these things.

best

Stuart

Well; there are several approaches. Some of which are elegant; some of which are crude

How about this as a suggestion? Change the default menu set. (See attached file)

SNIP.zip

Its actually kind of the opposite that i need.

See Attachment...

Log in as User Admin to edit the Extended Privileges:

Developer:

Username: devadmin

Password: devadmin

User Admin:

Username: admin

Password: admin

User 1:

Username: user1

Password: user1

User 2:

Username: user2

Password: user2

ps: this is 8.5 only at the moment.

Secure.fp7.zip

Edited November 25, 200619 yr by Guest

I do hope your reference to not using obvious usernames and passwords in your security for dumbies post was not in relation to my post... this was for simple access to the example only.

I would like advice on architecture and not password making ... also do not want to give anyone ideas about the methods i use to create my passwords.

Advice / thoughts would be useful.

best

Stuart

Edited November 25, 200619 yr by Guest

No definitely no intention re dummies and your example at all -- none whatsoever. And hey, I'm by no means an expert in this stuff; i just say what i know and look forward to being proven wrong so i can gain better understanding!

Cheers

Steve

Hey Stuart;

I can't open this because I'm still running 8 not 8.5

Do you have an 8 version?

Then we are on the same quest.

Attached version 8 file.

If you look at my other recent posts i have tried to bring up and tackle security issues one by one... in order to arrive at the most secure (and flexible) security model i can for 8.5.

This file does not (i think) deploy any 8.5 specific features so is fine for 8 i have lowered the test threshold.

(same obvious usernames and passwords as previous post)

best

Stuart

Secure_8.fp7.zip

Hi again Stu;

I've given this some thought and had a bit of a play with your file and a few different options.

There doesn't appear to be an easy way to remove those menu items in submens using just FileMaker. I've had a play around with SecureFM (which I own) and it doesn't seem to want to deal with disabling submenu items either. It appears to only want to deal with the whole menu or nothing at all. I'm going to look into other plugin options but i fear this may not be possible.

Steve

Hi again;

Well SecureFM and MenuMagic won't do the trick; but Dacons has a brilliant little tool that will.

www.dacons.net

and download his menu plugin.

Let me know what you think

Steve

It is possible to give a power user the ability to manage Extended Privileges without being able to define new ones. Check the options in the Privilege Set definition UI.

Steven

try as i might ... hunting, reading, searching...

I can find no way of restricting the Management of Extended Privileges to modify only.

Could you elaborate further Steven as i would like to implement this. Just a furthe nudge in the right direction would be good.

best

Stuart

I can find no way of restricting the Management of Extended Privileges to modify only.

Correct. The capacity to manage the privileges entails the capacity to create new custom ones and to assign these privileges to specific Privilege Sets and through the Privilege Set to all Accounts attached to a Privilege Set.

I typically do not allow this, so I have not investigated whetherthere are any workarounds for what you're seeking.

Steven

It is possible to give a power user the ability to manage Extended Privileges without being able to define new ones

Sorry OAM this statement confused me ... i suppose the nature of the way Extended Privileges are implemented mean that even though you can create new ones they would not actually do anything. Although it would be useful to stop users modifying or deleting them.

Have you had a look at the file i have posted ... i would like to know if you feel i am moving in the right direction for a secure flexible model.

best

Stuart

I should not have stated this in the way that I did, for obviously you can make new custom Extended Privileges. These function a bit differently than do the core ones that deal with connectivity (except for the FMPHP Beta API).

Where are all these files people refer to? I have seen no files. Not that I have had any opportunity to review files since I have been traveling.

Steven

Hi Steven

http://www.fmforums.com/forum/attachment.php?attid/9163/

here is one of the files i refered to from this post

best

Stuart