Jump to content

Change current privilege on the fly, securely?

Matt Klein

By Matt Klein
in Security Concepts

 Share

This topic is 3683 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Matt Klein Proficient

Matt Klein

Posted
Posted

I'm pretty sure I know the answer to this question, but I have to ask because I'm really hoping I'm wrong.....

 

 

Is there a way to change the current privilege set on the fly securely via scripting or some other method?

 

I'd like to use FileMaker's security mechanism to prevent certain fields from being modified under certain conditions.    I know that we can use the calculation engine when setting the Edit privilege under Record Privileges, but this effects the entire record and the calculation only evaluates when you "Open" the record.  Ideally, we'd be able to use the calculation engine for the Field Access privilege, but we can't.

 

Seems like the next best thing would be to be able to switch the current privilege set.  I just can't seem to come up with a way to do this without exposing the password to the generic account setup that has the appropriate privilege set associated with it.  

 

The only way I know to do it would be to use the Re-Login script step, but putting the password in this step in a script leaves it exposed.  Would it be any less exposed if it was stored in a custom function that was called in the password field of the Re-Login script?    Would using FileMaker 13's ability to encrypt data at rest make it safe to store the password in a field now?

 

I do use field validation, but I'd use it as a redundancy to the FileMaker security mechanism.    Ever since FM7,  field validation doesn't happen until the entire record is committed.  From a user standpoint,  this is less than ideal as they can enter a lot data before committing the record only to find out they can't do it.    I suppose I could use script triggers, but that seems a little intrusive and leaves room for issues where I'd rather rely on FileMaker's security mechanism.  Also,  to replicate FileMaker's security mechanism's immediate dialog when attempting to edit a field,  you'd have to set an onobject or onlayout modify script trigger which means the script would run for each keystroke which will add lag.

 

I could keep going, but I'd like to hear what you all have to say about this. 

 

Link to comment
Share on other sites
comment Grand Master

comment

Posted
Posted
I'd like to use FileMaker's security mechanism to prevent certain fields from being modified under certain conditions.

 

I am not sure I fully understand the situation you describe. Switching the privilege set (which is NOT possible, AFAIK) would require running a script, wouldn't it? If that's an option, why not start with denying the field's editing privileges, then have a script force-modify it by running with full privileges?

 

See also:

http://fmforums.com/forum/topic/51523-how-to-lock-a-field-based-on-value-of-another-field/

Link to comment
Share on other sites
volkovpunk Rookie

volkovpunk

Posted
Posted

I use universal script trigger ( "OnObjectEnter" event)

 

Set Variable [$param; Get(ScriptParameter) 

If[$param                       // field disabled

     Undo/Redo [undo]

     Go To Object ["foo"]

     Exit Script[]

End If

 

"foo"  - is the Name of hidden portal

Link to comment
Share on other sites

This topic is 3683 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept