Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 6571 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted (edited)

Sorry, what do you mean?

There is no way to create a script which will show the extended privilege definitions if that is what you are referring to.

In addition, there is no way to script the modification of extended privileges either.

Edited by Guest
Posted

You hit the nail on the head.

I have set up one user level admin account to only manage extended privileges and have added extended privileges to define deletion, read and edit access to each table.

I am trying to avoid eratz security but I am trying to make it as easy as possible for the User Administrator to access this window.

at the moment they have only access to one table with no fields and one layout. After they have logged in the startup script (the only one they have access or rights to execute) takes them to this layout and loads a Custom Menu Set.

The Custom Menu Set only has the "Define" Submenu on it.

It is just annoying that:

A. I cannot only display the Extended Privileges window on startup.

B. Have to write an instruction on the layout to say

"Click Define > Accounts & Privileges from the Menu bar"

When they click on Define they also see

Database

Value Lists

File References

Accounts & Privileges

Custom Functions (Advanced Only)

Custom Menus (Advanced Only)

greyed out

Its annoying because this appears even if you remove the [Full Access] account, and displaying these things may lead them to believe there is a way to access these things.

best

Stuart

Posted (edited)

Its actually kind of the opposite that i need.

See Attachment...

Log in as User Admin to edit the Extended Privileges:

Developer:

Username: devadmin

Password: devadmin

User Admin:

Username: admin

Password: admin

User 1:

Username: user1

Password: user1

User 2:

Username: user2

Password: user2

ps: this is 8.5 only at the moment.

Secure.fp7.zip

Edited by Guest
Posted (edited)

I do hope your reference to not using obvious usernames and passwords in your security for dumbies post was not in relation to my post... this was for simple access to the example only.

I would like advice on architecture and not password making ... also do not want to give anyone ideas about the methods i use to create my passwords.

Advice / thoughts would be useful.

best

Stuart

Edited by Guest
Posted

No definitely no intention re dummies and your example at all -- none whatsoever. And hey, I'm by no means an expert in this stuff; i just say what i know and look forward to being proven wrong :) so i can gain better understanding!

Cheers

Steve

Posted

Then we are on the same quest.

Attached version 8 file.

If you look at my other recent posts i have tried to bring up and tackle security issues one by one... in order to arrive at the most secure (and flexible) security model i can for 8.5.

This file does not (i think) deploy any 8.5 specific features so is fine for 8 i have lowered the test threshold.

(same obvious usernames and passwords as previous post)

best

Stuart

Secure_8.fp7.zip

Posted

Hi again Stu;

I've given this some thought and had a bit of a play with your file and a few different options.

There doesn't appear to be an easy way to remove those menu items in submens using just FileMaker. I've had a play around with SecureFM (which I own) and it doesn't seem to want to deal with disabling submenu items either. It appears to only want to deal with the whole menu or nothing at all. I'm going to look into other plugin options but i fear this may not be possible.

Steve

Posted

It is possible to give a power user the ability to manage Extended Privileges without being able to define new ones. Check the options in the Privilege Set definition UI.

Steven

Posted

try as i might ... hunting, reading, searching...

I can find no way of restricting the Management of Extended Privileges to modify only.

Could you elaborate further Steven as i would like to implement this. Just a furthe nudge in the right direction would be good.

best

Stuart

Posted

I can find no way of restricting the Management of Extended Privileges to modify only.

Correct. The capacity to manage the privileges entails the capacity to create new custom ones and to assign these privileges to specific Privilege Sets and through the Privilege Set to all Accounts attached to a Privilege Set.

I typically do not allow this, so I have not investigated whetherthere are any workarounds for what you're seeking.

Steven

Posted

It is possible to give a power user the ability to manage Extended Privileges without being able to define new ones

Sorry OAM this statement confused me ... i suppose the nature of the way Extended Privileges are implemented mean that even though you can create new ones they would not actually do anything. Although it would be useful to stop users modifying or deleting them.

Have you had a look at the file i have posted ... i would like to know if you feel i am moving in the right direction for a secure flexible model.

best

Stuart

Posted

I should not have stated this in the way that I did, for obviously you can make new custom Extended Privileges. These function a bit differently than do the core ones that deal with connectivity (except for the FMPHP Beta API).

Where are all these files people refer to? I have seen no files. Not that I have had any opportunity to review files since I have been traveling.

Steven

This topic is 6571 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.