From the course: FileMaker: Tips, Tricks, and Techniques
Setting up data access and design in privilege sets - FileMaker Pro Tutorial
From the course: FileMaker: Tips, Tricks, and Techniques
Setting up data access and design in privilege sets
- [Instructor] A quick note here about security in FileMaker. First of all, security in FileMaker really pertains to more than just providing gatekeeping like an account and password to limit access to your system. And actually here's some dynamic elements that are affected by Scripts, Layouts, and Fields. So really the best practice here is to set up some test accounts, which are accounts and Privilege Sets, so that you can go through the whole process of user testing before you deploy. But really the real work that you're going to do in security and setting up Privilege Sets and accounts is going to come after, most of the development in your application is done. We like to call that, when you're ready to deploy, from a professional standpoint. So once you actually have that in place you can go ahead and configure security in FileMaker which primarily is made up of Privilege Sets and Accounts. Now, when you go into the FileMaker, manage and security, you're going to see that you open up to the Manage Accounts window, but I want to start first with Privilege Sets, and the reason for that is because you can't set up an account, until you have a Privilege Set. So let's start there first. The way that you get there when you open up the Manage Security dialog is to go to Advanced Settings. And you'll see that it opens up to the Privilege Set tab. Now the first thing you'll notice in my file is that we have three different accounts already set up. You'll also notice that they have brackets around their names. That means that they are the default security Privilege Sets that are set up with every file. So every time you create a new FileMaker file and every time you convert something in FileMaker, you'll have these three available to you. They're pretty self explanatory full access is the full access to the account. You'll notice that you have an account called Admin, that's already set up in your system, that's assigned to full access. And if you look under the File Options under the File menu, you'll see that each FileMaker file is already set to log in using the Admin and then blank password account. So that account will allow anybody full access to every aspect of the Database. Now of course that's going to be critical, when you want to do things like set up tables and fields and relationships. So the idea there is that every account is set up for full access, and then you want to go in after and restrict some of that access. So you'll see the Full Access setup for those purposes, you'll also have Data Entry and Read-Only Access. Now these can be perfectly fine to use in production but I'd urge you to put a little bit more thought in figuring out the complexities of Privilege Sets before you actually deploy the product and maybe use these. So to dig a little bit deeper into what's possible, let's hit the New button. And this brings up the Edit Privilege Set window. And you'll see that these are really broken down into a few areas, Data Access and Design. Other Privileges and Extended Privileges. So first looking at Data Access and Design, you'll kind of see the fall a bit of a pattern, you'll see that they're set to, All no access by default. That's because of FileMaker Security Privileges are set up as pessimistic, so that you don't accidentally create an All access privilege set. Which you'll notice here that when you dig further into some of these, you'll see that there's always a Custom option. So in the case of records we have Custom Record Privileges. And you'll notice that this gives us access to allowing users to be able to View, Edit, Create or Delete records within any of the tables, and you can hold down the shift key and pick multiples and make changes as you'd like. So you'll notice that you've got the ability to do yes, limited or no. In the case of limited. You'll notice that you can invoke the FileMaker Calculation dialog window. This means you can create a Boolean calculation, that results in either a true or false. That will then provide users access to do things like, in this case, edit a record. So I could say for example, only allow users who've created this record to edit it. And you'll notice if you tour around a little bit, you'll see that you have Custom Privileges within Layouts as well. You can select any one of the different Layouts and control access to it. When you talk about modifiable as far as Layouts are concerned, we're talking about being able to go into Layout mode and modify them. So view only means, can actually navigate to Layout, and whether or not they might have access at all. And then there's the Records within the Layout. Can I modify the Records? View them, or will I have no access to those? So you can go through each one of the different tables and each one of the different Layouts and configure these Privileges accordingly. You'll also see that you've got the ability to manage access to Value Lists. Might seem odd, that you have a modifiable option here. But keep in mind that, some of the value this might be set to edit. If you choose, that it can only view them, users can select those values, and those populate the fields that they're attached to. But in the case of no access, if you see drop downs, or pop up menus for example, users won't even see that attached to the field objects. And finally Scripts. You can either allow modifiable, executable, or no access. Now of course, in the case of no access, users clicking on a button or layout object, that's assigned to a script will see an error, executable means everyone can run the script. And modifiable of course means that they can go into script maker can actually make changes to the script. Which is probably not something that you're going to allow users to do. Now the thing to be aware of when it comes to scripts, is that if you go into Script maker. You'll see that it can choose any given Script. And if you right click on it, you'll notice that you have this option to Grant Full Access Privileges. That means that during the time that the Script is running, the user will have Full Access Privileges to the Database, and they'll be allowed to do any of the operations, without running into any privilege errors. Now this isn't some way to fix issues when you're in user testing and find out that users, don't have access to certain areas of your Database. This is meant to be something that, you know, for example, somebody needs full access to go create records in a table, and a one time only deal. So in those cases you'll go and configure that Script to Grant Full Access, but it's not something that you're going to do on a wide scale basis.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.