Stuart Taylor Posted November 24, 2006 Posted November 24, 2006 Am i correct in thinking there is no way to script the appearance of the Extended Privileges window?
Singlequanta Posted November 24, 2006 Posted November 24, 2006 (edited) Sorry, what do you mean? There is no way to create a script which will show the extended privilege definitions if that is what you are referring to. In addition, there is no way to script the modification of extended privileges either. Edited November 24, 2006 by Guest
Stuart Taylor Posted November 25, 2006 Author Posted November 25, 2006 You hit the nail on the head. I have set up one user level admin account to only manage extended privileges and have added extended privileges to define deletion, read and edit access to each table. I am trying to avoid eratz security but I am trying to make it as easy as possible for the User Administrator to access this window. at the moment they have only access to one table with no fields and one layout. After they have logged in the startup script (the only one they have access or rights to execute) takes them to this layout and loads a Custom Menu Set. The Custom Menu Set only has the "Define" Submenu on it. It is just annoying that: A. I cannot only display the Extended Privileges window on startup. B. Have to write an instruction on the layout to say "Click Define > Accounts & Privileges from the Menu bar" When they click on Define they also see Database Value Lists File References Accounts & Privileges Custom Functions (Advanced Only) Custom Menus (Advanced Only) greyed out Its annoying because this appears even if you remove the [Full Access] account, and displaying these things may lead them to believe there is a way to access these things. best Stuart
Singlequanta Posted November 25, 2006 Posted November 25, 2006 Well; there are several approaches. Some of which are elegant; some of which are crude How about this as a suggestion? Change the default menu set. (See attached file) SNIP.zip
Stuart Taylor Posted November 25, 2006 Author Posted November 25, 2006 (edited) Its actually kind of the opposite that i need. See Attachment... Log in as User Admin to edit the Extended Privileges: Developer: Username: devadmin Password: devadmin User Admin: Username: admin Password: admin User 1: Username: user1 Password: user1 User 2: Username: user2 Password: user2 ps: this is 8.5 only at the moment. Secure.fp7.zip Edited November 25, 2006 by Guest
Stuart Taylor Posted November 25, 2006 Author Posted November 25, 2006 (edited) I do hope your reference to not using obvious usernames and passwords in your security for dumbies post was not in relation to my post... this was for simple access to the example only. I would like advice on architecture and not password making ... also do not want to give anyone ideas about the methods i use to create my passwords. Advice / thoughts would be useful. best Stuart Edited November 25, 2006 by Guest
Singlequanta Posted November 25, 2006 Posted November 25, 2006 No definitely no intention re dummies and your example at all -- none whatsoever. And hey, I'm by no means an expert in this stuff; i just say what i know and look forward to being proven wrong so i can gain better understanding! Cheers Steve
Singlequanta Posted November 25, 2006 Posted November 25, 2006 Hey Stuart; I can't open this because I'm still running 8 not 8.5 Do you have an 8 version?
Stuart Taylor Posted November 25, 2006 Author Posted November 25, 2006 Then we are on the same quest. Attached version 8 file. If you look at my other recent posts i have tried to bring up and tackle security issues one by one... in order to arrive at the most secure (and flexible) security model i can for 8.5. This file does not (i think) deploy any 8.5 specific features so is fine for 8 i have lowered the test threshold. (same obvious usernames and passwords as previous post) best Stuart Secure_8.fp7.zip
Singlequanta Posted November 25, 2006 Posted November 25, 2006 Hi again Stu; I've given this some thought and had a bit of a play with your file and a few different options. There doesn't appear to be an easy way to remove those menu items in submens using just FileMaker. I've had a play around with SecureFM (which I own) and it doesn't seem to want to deal with disabling submenu items either. It appears to only want to deal with the whole menu or nothing at all. I'm going to look into other plugin options but i fear this may not be possible. Steve
Singlequanta Posted November 25, 2006 Posted November 25, 2006 Hi again; Well SecureFM and MenuMagic won't do the trick; but Dacons has a brilliant little tool that will. www.dacons.net and download his menu plugin. Let me know what you think Steve
Steven H. Blackwell Posted November 25, 2006 Posted November 25, 2006 It is possible to give a power user the ability to manage Extended Privileges without being able to define new ones. Check the options in the Privilege Set definition UI. Steven
Stuart Taylor Posted November 25, 2006 Author Posted November 25, 2006 try as i might ... hunting, reading, searching... I can find no way of restricting the Management of Extended Privileges to modify only. Could you elaborate further Steven as i would like to implement this. Just a furthe nudge in the right direction would be good. best Stuart
Steven H. Blackwell Posted November 25, 2006 Posted November 25, 2006 I can find no way of restricting the Management of Extended Privileges to modify only. Correct. The capacity to manage the privileges entails the capacity to create new custom ones and to assign these privileges to specific Privilege Sets and through the Privilege Set to all Accounts attached to a Privilege Set. I typically do not allow this, so I have not investigated whetherthere are any workarounds for what you're seeking. Steven
Stuart Taylor Posted November 25, 2006 Author Posted November 25, 2006 It is possible to give a power user the ability to manage Extended Privileges without being able to define new ones Sorry OAM this statement confused me ... i suppose the nature of the way Extended Privileges are implemented mean that even though you can create new ones they would not actually do anything. Although it would be useful to stop users modifying or deleting them. Have you had a look at the file i have posted ... i would like to know if you feel i am moving in the right direction for a secure flexible model. best Stuart
Steven H. Blackwell Posted November 25, 2006 Posted November 25, 2006 I should not have stated this in the way that I did, for obviously you can make new custom Extended Privileges. These function a bit differently than do the core ones that deal with connectivity (except for the FMPHP Beta API). Where are all these files people refer to? I have seen no files. Not that I have had any opportunity to review files since I have been traveling. Steven
Stuart Taylor Posted November 26, 2006 Author Posted November 26, 2006 Hi Steven http://www.fmforums.com/forum/attachment.php?attid/9163/ here is one of the files i refered to from this post best Stuart
Recommended Posts
This topic is 6571 days old. Please don't post here. Open a new topic instead.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now