How Security Works

FileMaker's security system has two levels of control: who can get into your database in the first place and what they can do once they're there. You determine who gets access to your database by setting up user accounts, and you control what each person can do by assigning privilege sets to each account.

16.1.1. Who Gets Access

FileMaker understands that different individuals access your database. The who part of security is important for several reasons. For instance, Malcolm and Lois each need access to the database, but their manager Craig doesn't. You get to decide who gets access. With individual accounts, you can keep track of who's in the file. If Lois leaves the company, you need to keep her from accessing the database in the future. Likewise, when Lois's replacement is hired, you need to give him access, too.

In FileMaker, you create an account for each person who accesses the database. Just like any password-protected document, an account has a user name and a password. When people open the database, they have to type a name and password to get in. If they don't know the right combination, they can't see your database. If they get the password right, FileMaker assumes they are who they say they are.


Note: When FileMaker asks for an account name and password, propeller-heads say it's authenticating the user. In other words, it's making sure the user's for real. The actual window that pops up on the screen is called the Authentication dialog box, and the whole process is called authentication. This book, for the most part, dispenses with this jargon.


POWER USERS' CLINIC

Spyware by Script

When you've set up database accounts, FileMaker remembers the account name of whoever's currently signed in. In fact, by using a script, you can find out who it is with the Get ( AccountName ) function. For example, if you want to record the account name in a Notes field when someone runs a particularly important script, you could include a script step like this:

Set Field [Notes;Notes & Get(AccountName) & " ran THE script on " & Get (CurrentDate) & " at " & Get (CurrentTime )]  

Then every time the script runs, FileMaker looks up the name and password of whoever's using the file at the moment, and puts the person's account name and the date and time in the Notes field.

Along with the account name, FileMaker remembers the name of the privilege set when someone logs in. You can use the Get ( PrivilegeSetName ) function to find out what it is.

 

16.1.2. What They Can Do

But who gets into your database is only half the story. You also control what they can do. Now then, while all people are unique, you probably don't need to grant each person the privilege to use individual layouts or scripts on a case-by-case basis. Instead, FileMaker assumes you have just a few different types of users, and lets you define privilege sets for each type. A privilege set is simply a list of things a user's allowed to do, and in effect it creates a level of privilege. For example, you might have one privilege set for Accounting and another for Sales. People with the Accounting privilege set can run reports, but they can't enter new orders. People with the Sales privilege set can enter and edit data, but they can't run reports.

You can make as manyor as fewprivilege sets as you need. And you can give 50 accounts the same privilege set, or make a privilege set just for one account. When you create a privilege set, you get lots of control over what it can do. A privilege set can prevent people from editing scripts, or it can let them edit just certain scripts. It can stop a sales person from editing any order entered more than five days ago, or prevent accountants from editing orders at all.

Категории