Join Cris Ippolite for an in-depth discussion in this video Creating accounts, part of Advanced FileMaker Pro 12.
Security is primary concern for both developers and end users of databases. It governs whether a person can open a given database and determines what functions and data are accessible to the user once they do open it. The topic of security is often overlooked though when you're developing in FileMaker because it's not just something that's there to limit access to the entire database; in fact, there are some very sophisticated ways to set up security within your database system that will allow you to limit access to certain functionality or maybe just to the whole file itself. However, you should be looking at setting up security as not only determining who can log in, but what they can do once they log in.
So it's also a way to identify users for other tasks that are not related to restricting access, like taking them to certain layouts or showing them certain font sets and stuff like that. So think of security as identifying who your users are. Administrators of FileMaker Pro databases will work primarily with two security elements and both can be managed under the File>Manage>Security dialog and those two elements are Accounts and Privilege Sets. We're going to talk about Accounts in this movie and Privilege Sets later in this chapter. In the Manage Security dialog, you see you have a tab here for Accounts and you'll see your accounts in list view and it lists all the accounts that are already set up in your system.
FileMaker recommends that the best practice is to establish a unique account for every individual user of the database. This practice is more secure than having multiple users just share one account and it also enforces the concept of identifying your users so that you can customize their user experience. User accounts will then be associated with one and only one of the Privilege Sets. We're going to talk about Privilege Sets here in an upcoming movie, but you'll notice here that we've got a list of Accounts and there is a column here for Privilege Sets, so one account can only be assigned to one privilege set.
By default, any new FileMaker file or a starter solution or a freshly converted FileMaker file is set up in what's called a permissive state. This means that it's got an Account set up already and this account has the Account Name of Admin and the Password of blank and it's set up with Full Access. So this account will allow users to log in to the file and do anything they want inside the file. This permissive state that I'm talking about is enforced by the fact that under the File menu, you'll notice there is an option for File Options.
You'll see here that there are two selections that you have in the first screen for the Open tab, that's Log in using and then the Admin account is actually set up that way. So that's why when you open up this file, you'll see when I close the file, and can go back into the file, you'll see that I'm not prompted for a password. That's because each file is set up to automatically log in with the Admin account. Nowwe can override that, as you'll see when I open up the File>Recent. On Windows, I can hold down the Shift key at this point or on Mac, I can hold the Option key down and this will prompt the Open dialog to appear, which allows me to enter in a new Account Name and Password and at this point, I could just enter in the Admin account.
So it's really a good practice to go under the File menu to File Options and disable this account. In the exercise files, throughout the rest of this title, I'm going to leave this on. But in your actual real-world production databases, I advise you to turn this off and give all your users a password so that they are prompted when they login. Now back under the Manage>Security dialog, you'll also notice in the Account list by default there is a Guest Account set up. It's set up to be inactive, but if you turn it on and make it active and then log out of the database, you'll notice that we're getting prompted anytime we make a change in Manage Security to enter in the Full Access account. This is just FileMaker's way of making sure that you don't lock yourself out of the database.
Now notice when we go to log into this database, I'm going to hold down the Option key again here, again, it could be Shift on Windows, you'll notice now that there's a Guest option that's available and when users select this, they can get into the database, but you see by some of the grayed out options that they have limited access to the database that they're opening up. Log in back into the database now and log in using the Admin and blank. So back under Manage>Security, under the Accounts tab, you'll notice that if you create a new account by hitting the New button, or if you were to double-click on one of the existing ones that will open up the same dialog, you'll see that you really only have a few different options to select here.
You've got how you're going to authenticate, whether it's FileMaker's internal authentication, which is what the default is, or External Server which we'll cover in the next movie. You can leave that at its default FileMaker authentication and then you're prompted to enter an Account Name and a Password. You should know that it's best practice to provide both an Account Name and a Password, even though you can leave the Password blank and that you should know that the Password is case-sensitive although the Account Name is not. So if you just sort of commit yourself to knowing that both they are case-sensitive, that'll be a discipline that will allow you to not get yourself into trouble there, but it's important to provide an account and a password for every individual user of your system, at which point you can then turn this account on, meaning it's active or make it inactive if you plan on not using it till later. and then you just simply select one of the Privilege Sets.
So you're going to have to select your Privilege Sets before you set up your accounts; we're going to talk about Privilege Sets later in the course. Now FileMaker Pro will require that at least one account that's set up in the system is associated with a Full Access Privilege Set. Now you can remove the Full Access Privilege Set as long as you have configured another Privilege Set that does have Full Access, but there must be at least one account set up in the system to allow this. This is of course so that you can get in and do stuff inside the database or change other accounts if you don't have a Full Access account, for example here, if I go in and I edit and I make this Data Entry and hit OK and hit OK again, FileMaker is prompting me with a message that basically says I need to have one of these accounts allow Full Access into the system.
But before we set up our accounts, we must first have Privilege Sets configured and the accounts themselves will allow you to identify who your users are. So each user gets a unique combination of a username and a password. And once you know who is going to be accessing your database, you can not only restrict them from certain data and functionality, but you can also make their user experience more customized by showing them only data and functions that might be specific to them.
- Managing access to your database
- Parsing text with calculation functions
- Using calculations in field validation and auto enter options
- Creating nested subsummary and crosstab reports
- Creating user-driven and multi-criteria relationships
- Working with intermediate script techniques
- Extending Web Viewer using HTML5 and data URLs
- Sharing databases on a network using FileMaker Server
- Publishing your databases to the web using the Instant Web Publishing or PHP