Skip to content Accesskey=4Skip to sub-navigation Accesskey=3View our Accessibility Options MIT Information Services and Technology Home About IS&T Contact IS&T Site Map Search Advanced Search
Getting StartedGetting Services by Topic or Alphabetically Getting Help

Guidelines and Procedures

ITAG standards
tools

FileMaker

Resources

DCAD

Architecture

Database Operations

Usability Team

ATIC Lab

Training and Help

Training

User Groups


Search the Developer's Resource:


FileMaker - Authorization

ITAG Standard #4: For security reasons, Client/Server and Web based applications must provide server authorization to determine if an authenticated user is allowed to use services provided by the server.

Privilege Sets

With the introduction of version 7, a much more robust and traditional system of authorization has been built into FileMaker. You may now establish levels of access, with great granularity, to a true set of user accounts and groups. The various levels of access you establish are referred as "privilege sets." FileMaker automatically creates three privilege sets in a new database: [Full Access], [Data Entry Only], and [Read Only Access]. You can use these or define new privilege sets entirely. These privilege sets, representing all the possible roles for users, can then be assigned to user accounts, each to match but not exceed the needs of the individual users.

Access privileges in each defined set fall into these categories:

  • Data Access and Design (read, write, or no access for the following)
    • Tables/Records (this includes create/delete in addition to r/w and drills to the field level)
    • Layouts
    • Value Lists
    • Scripts
  • Extended Privileges
    • Access via IWP
    • Access via o/jdbc
    • Access via FM network (for peer-to-peer or external authentication)
    • Access via FM Mobile
    • Access via xml
    • Access via xslt
  • Other Privileges
    • Allow printing
    • Allow exporting
    • Manage extended privileges
    • Allow user to override validation warnings
    • Disconnect user when idle
    • Allow user to modify password
  • Extended Privileges
    • Access via Instant Web Publishing [fmiwp]
    • Access via odbc/jdbc [fmxdbc]
    • Access via FileMaker Network [fmapp]
    • Access via FileMaker Mobile [fmmobile]
    • Access via xml publishing [fmxml] -- requires hosting by FileMaker Server Advanced
    • Access via xslt publishing [fmxslt] -- requires hosting by FileMaker Server Advanced

    • Additionally, you may distinguish access privileges for existing versus new tables, layouts, value lists, and scripts. You can also restrict the menu options available to privilege sets, though not in a granular way.

Privilege sets are defined and assigned at the database file level, not at the server level. However, the "Extended" privileges address functions that are server-based, e.g., permitted access methods to the data. Additionally, authorizations can be tied to the server's authentication technology. In FileMaker parlance, this is referred to as External Authentication.

Gotchas

Implementing a thorough and detailed authorization schema for your database is only effective in conjunction with the physical security of your database file itself. There are hacking tools that will allow someone with malicious intent to overwrite your [Full Access] user account, allowing the hacker to gain control over your database. A strong password is no defense against overwriting. So, be sure to keep your file secure on a well-protected server.

For more information on privilege sets, see FMI's How to Employ the New Advanced Security System.
MIT Home | Getting Started | Getting Services | Getting Help | About IS&T | Accessibility
Ask a technology question or send a comment about this web page.