FileMaker Privilege Sets Explored

From Dwayne Wright PMP, PMI-ACP, CSM
Certified FileMaker Developer

WEB: www.dwaynewright.com
EMAIL: info@dwaynewright.com
TWITTER: dwaynewright
YOUTUBE: FileMakerThoughts

The privilege set is used in concert with account settings to set access levels to a FileMaker database. You have to understand privilege sets to work with FileMaker security environment. Good news! It’s very easy to understand how to create privilege sets. After you create a privilege set, you simply need to start assigning accounts to them!

Each account has only privilege set. A privilege set can be assigned to multiple accounts.

Privilege Sets consist of a large number of security settings (kind of like a large lunch buffet) and the combination of selected options define what a user can see or do. To help get the ball rolling, FileMaker has 3 predefined privilege sets for new files. The are Full Access, Data Entry Only and Read Only access.

The Privilege Set setup consists of a very cool dialog box that allows you to ...

- name the privilege set
- write a comment about it ( used to document the purpose for the set)
- define individual settings for record, layout, value list and script access

Privilege Sets can be used to control access to data structure elements ( like layouts or ScriptMaker access ) and/or control access to data within the database file ( a particular field or a particular record ).

All in all, you can create as many privilege sets as you need for your collection of user accounts.


Here you can see the privilege setup dialog box.

You can define a privilege set to have precise control over what a user can see or do on a record by record basis. For example, you could create a privilege set for sales people to only be able to access records they created.

First you will need to access the Define Privilege Set dialog box. This is done via File Menu, Define Accounts & Privileges and click the Privileges tab.

Here you will see an area labeled " Data Access And Design". Your very first pull down menu is for record settings and is labeled such. The options from the pull down menu are

Create, edit and delete in all tables
Create edit in all tables
View only in all tables
All no access
Custom privileges

The first four settings really do all the talking for themselves. Each is a global security setting for all records in all tables of the file. These basic settings will go a long way in supporting small to average size databases that have typical security needs.

The last option ( custom privileges ) is where the rubber hits the road. In most cases, custom privileges are used in multiple department settings. As you might expect, the custom record privileges dialog box is really cool. It's nice to have a new version of FileMaker with all these "big boy" features. Anyway, you can set what the privilege set can do for every record in every table. You can control what can be seen, edited, created within, deleted or field access.

The control of these areas can be a "yes", "no" or a based upon a calculated result. If you know anything about FileMaker's calculations / functions capabilities, you can get pretty serious ... pretty quick.

You have to realize ... though ... getting really serious ... really quick ... isn't always the best course to take when defining security settings ( grin ). However, with your fully documented security plan by your side, you precisely define what a user can do or see ... from one record to the next.

=
More info about the author and FileMaker in general, contact me at info@dwaynewright.com.

© 2007 - Dwayne Wright - dwaynewright.com

The material on this document is offered AS IS. There is NO REPRESENTATION OR WARRANTY, expressed or implied, nor does any other contributor to this document. WARRANTIES OF MERCHANT ABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY DISCLAIMED. Consequential and incidental damages are expressly excluded. FileMaker Pro is the registered trademark of FileMaker Inc.