Managing user accounts on layouts

[madman411]

Hi all

I've been looking at demo CRM solutions for a company I'm working with and was particularly interested in BusinessMan. While looking at their solution I noticed that they have their accounts and privilege sets managed on a layout which alleviated the need for the user to need access the native FileMaker Security module. Is this a plug-in they might be using or perhaps some more complex scripting which updates a "user" table and the security, respectively?

I'm wanting to allow managers to add and disable user accounts but prevent them from needing to access the security module since they could potentially alter the state of my administrator account. 

[bcooney]

All scripted, I would assume. There are script steps that let you do this. See http://www.modularfilemaker.org/module/accounts-modular-user-account-management/

[madman411]

Thank you, bcooney!

[Steven H. Blackwell]

This is a prescription for a vulnerability disaster. I'll be showing this particular vulnerability in my DevCon presentation.

There are script steps that permit adding and deleting Accounts without accessing the Manage Security section of the database.  I would definitely use these instead of the system these people put into their file.

 

Steven

[bcooney]

Steven,

Modular FileMaker's approach I assumed uses the script steps. Does it not?

B