Privilege sets
FileMaker automatically creates three privilege sets in a new database: [Full Access], [Data Entry Only], and [Read Only Access]. Use these or define new privilege sets entirely and then assign them to user accounts, each to match but not exceed the needs of the individual users.
Access privileges in each defined set fall into these categories:
-
Data Access and Design (read, write, or no access for the following)
- Tables/records (this includes create/delete in addition to r/w and drills to the field level)
- Layouts
- Value lists
- Scripts
-
Extended Privileges
- Access via instant web publishing [fmiwp]
- Access via odbc/jdbc [fmxdbc]
- Access via FileMaker Network [fmapp] -- required for External Authentication
- Access via FileMaker Mobile [fmmobile]
- Access via XML web publishing [fmxml]
- Access via XSLT web publishing [fmxslt]
- Access via PHP web publishing [fmphp]
-
Other Privileges
- Allow printing
- Allow exporting
- Manage extended privileges
- Allow user to override validation warnings
- Disconnect user when idle
- Allow user to modify password
You may distinguish access privileges for existing versus new tables, layouts, value lists, and scripts. You can also restrict the menu options available to privilege sets, though not in a granular way.
Privilege sets are defined and assigned at the database file level, not at the server level. However, the "Extended" privileges address functions that are server-based, e.g., permitted access methods to the data. Authorizations can be tied to the server's authentication technology. In FileMaker parlance, this is referred to as External Authentication.
Security
Implementing a thorough and detailed authorization plan for your database is only effective in conjunction with the physical security of your database file itself. Be sure to keep your file secure on a well-protected and properly managed server.