TASC Posted November 10, 2007 Posted November 10, 2007 Hi, I am new to filemaker 9 security. Is there a way to give a user access to create accounts and change privilege sets and passwords only? I don't want this user to have full access to the file. I just want them to be able to manage user access to the database. So I would have a user called Administrator who could create a new user and select a privilege set for that user and set the user's password. Thanks in advance for any feedback. Constance
bcooney Posted November 10, 2007 Posted November 10, 2007 (edited) Absolutely! However, you need to build it. This is a step-by-step how to from the FM Advisor site. You may need a subscription to read this, but it'll be well worth it. User Account Management System Yikes! Just saw that you're in FM6. I'm not sure if this article will help or confuse. The principles are the same but the functions may not be available in FM6. Upgrade FM? Edit: Your profile says FM6, but you start off saying you're in FM9. Edited November 10, 2007 by Guest
Steven H. Blackwell Posted November 10, 2007 Posted November 10, 2007 Sure. This can be done by use of any of the Account steps in ScriptMaker. Or, if you're using FileMaker Server, just use External Server Authentication and pass the Accounts off to the Server. You can read more about all this in the Security Tech Brief or in the Server External Authentication Tech Brief. Steven
Steven H. Blackwell Posted November 10, 2007 Posted November 10, 2007 I would be very cautious of any approach advocated that does not closely adhere to the FIleMaker Pro or FileMAker Server developed system. Most, if not all, of these ersatz systems are easily crackable. Steven
bcooney Posted November 10, 2007 Posted November 10, 2007 The Advisor article isn't an ersatz system. It simply shows how to use the Account script steps in action.
TASC Posted November 10, 2007 Author Posted November 10, 2007 Thanks for your reply. We are just now upgrading to fm9. Yikes is right! It's quite a process, but we'll get there, Thanks again for your suggestions. Constance
TASC Posted November 11, 2007 Author Posted November 11, 2007 Thanks Steven, for your suggestions. This is exactly what I ended up doing, using scripts. However, there is one thing I have not figured out how to do. How do you change an existing user's privilege set through a script? Can you? Constance
Fenton Posted November 11, 2007 Posted November 11, 2007 No. But, if you've scripted creation of accounts, you'll find that it's even easier to script deletion of an account. All you need is the account name. So what you do is delete the account (in all files, via the script), then recreate the same account with the different privilege set. It takes very little time to delete an account, even in multiple files. If you don't know their the password (and you likely wouldn't in a secure setup), then you can create the account with a temporary (simple) password, and check the option to have the user create their own password the first time they log in. They would need to have the access privilege to do that. The end result, from the user's point of view, is they get their same account and password back, with a shiny new privilege set -]
Steven H. Blackwell Posted November 11, 2007 Posted November 11, 2007 Of paramount importance in any of these approaches is the need to [color:red] trap for and to manager errors that will almost inevitably occur, especially in a multi-file environment. This is just one of the reasons for recommending External Serever Authentication. Steven
Recommended Posts
This topic is 6221 days old. Please don't post here. Open a new topic instead.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now