Jump to content

AD account identification


This topic is 3151 days old. Please don't post here. Open a new topic instead.

Recommended Posts


My FM database is using AD to determine whether a user has access to the db or not. Once logged in, I've used a set of tables & relationships to identify whether the user sees particular layouts, records within tables etc. This has been fine for the small number of teaching staff that have been accessing it to date.

However, I'm now looking at expanding the db so that students are able to access it too. However, I really don't want to maintain a table with student accountnames (1500 students) in order to identify them as a student instead of a member of staff (default home page is different)

Is there a simple way of doing this once they've logged in. Can FM pull AD credential such as the AD group name they belong to that will allow me to check if they are a student etc.

Or is there something I'm missing and a way easier way of doing this?


Link to comment
Share on other sites

Students belong to a separate AD group, right?  Simply make an "external account" in FM that matches the student AD group and one that matches whatever non-student AD group(s) you want people to belong to.  

Authorization (what layouts they can see,...) really belongs in the Privilege Set, not in data tables...

Link to comment
Share on other sites

Please pay particularly close attention to what Wim has said here. The links between thePrivilege Sets, Groups in the files, the Groups in Active Directory, and the Accounts in the Active Directory Group are they key to effective security.  It's designed that way on purpose.



Link to comment
Share on other sites

Thank you.

I have used privilege to prevent them accessing layouts that they shouldn't see. this works very well. All teachers get to see the same layout when they log in it hasn't been an issue.

When a student logs on, I want FM to know to go to the student homepage (they have access to a number of different layouts). How does FM know which one to go to just based on privileges.

Apologies if this seems like a numpty question. 


Link to comment
Share on other sites

This topic is 3151 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.