Creating and editing account access
Overview
Claris Pro
Account access entries in a file specify Claris ID accounts (email addresses), which identify users. Claris Pro supports only Claris ID accounts for individual users but not groups. When a user opens a file, the Claris ID they used to sign in to the Claris client is used to sign in to the file. If the file contains an account access entry that matches the user's Claris ID user name, the file opens. The privilege set assigned to that account access entry in the file determines what the user can do in that file. See About accounts, privilege sets, and extended privileges.
FileMaker Pro
Account access entries in a file specify user names (and for FileMaker file accounts, passwords), which identify users. For some types of accounts (see below), groups of users can be defined. When a user opens a file, a dialog box usually prompts the user to enter account information. When a user opens a file with correct account information, the privilege set assigned to the account access entry in the file for that user’s account, or for the group that user is in, determines what the user can do in that file. See About accounts, privilege sets, and extended privileges.
To fully manage account access for a file, you must open the file as a user whose account access entry is assigned the Full Access privilege set. If you open the file without full access privileges, the File menu > Manage > Security command lets you change fewer options or the command is disabled. See Editing other privileges.
You can create and modify account access in a shared file while clients are using it. The account access changes you make take effect immediately but do not disrupt any current clients. For example, if you make an account access entry inactive while clients are using it, their usage of the file is not interrupted. However, after the clients close the file, they won’t be able to open it again.
You can grant account access to as many users or groups as you need. Each file also contains two predefined accounts. See About the creator's account and Default account (Claris Pro only) or About the Admin and Guest accounts (FileMaker Pro only).
Types of accounts (FileMaker Pro only)
FileMaker clients support several types of accounts, which differ by how they authenticate users. Only the FileMaker file account defines the account name and password within the FileMaker Pro file. For all other types, the user account or group information is defined by an identity provider or authentication server. For these, the FileMaker Pro file defines only how those user accounts or groups are allowed to access the file.
The following table summarizes which FileMaker hosts support each account type, where the account information is defined, and whether individual user accounts or groups are supported. Note that only the FileMaker file account type can be used to open a local file.
Account type |
Local file |
Hosted by FileMaker Server |
Hosted by FileMaker Cloud |
Where account information is defined |
Supports users or groups |
FileMaker file |
Yes |
Yes |
No |
Within the FileMaker Pro file |
Users |
Claris ID or external IdP |
No |
No |
Yes |
By the Claris ID or external identity provider system |
Users, groups |
External server |
No |
Yes |
No |
By an external authentication server such as Apple Open Directory, a Windows domain, or Microsoft AD FS |
Groups |
Apple ID |
No |
Yes |
No |
By the Apple ID identity provider |
Users |
Predefined OAuth identity provider |
No |
Yes |
No |
By a predefined OAuth identity provider, such as Amazon, Google, or Microsoft Azure AD |
Users, groups1 |
Customizable OAuth identity provider |
No |
Yes |
No |
By a customizable OAuth identity provider |
Users, groups1 |
-
Microsoft Azure AD is the only predefined OAuth identity provider that supports groups. Some customizable providers also support groups (see your provider's documentation for details).
To create or edit account access:
-
Choose File menu > Manage > Security.
-
FileMaker Pro only: For Authenticate via, choose the type of account to work with.
The account access list displays only the access granted for the selected type of account. See "Types of accounts" above.
-
To grant account access, click New. To change an existing account access entry, select the user or group.
-
Edit the account access details.
-
Claris Pro: See Editing Claris ID account access (Claris Pro only).
-
FileMaker Pro: See the following for the account type you chose in step 2:
-
To duplicate or delete existing account access entries:
-
Choose File menu > Manage > Security.
-
FileMaker Pro only: For Authenticate via, choose the type of account to work with.
-
Select a user or group, then:
-
To duplicate the access to this file, click .
-
To delete the access to this file, click .
-
Notes
-
Account access entries that aren’t assigned the Full Access privilege set can be granted limited privileges to manage accounts. See Editing other privileges.
-
FileMaker Pro only: For FileMaker file and external server accounts:
-
Use only ASCII characters in passwords, such as a-z, A-Z, 0-9, and punctuation characters like "!" and "%." Passwords containing certain accented characters or non-roman characters such as Cyrillic or Japanese may not work, particularly in cross-platform custom apps and files accessed via FileMaker WebDirect.
-
If the file is shared via web publishing, also limit account names to ASCII characters. Do not use colons in account names and passwords of web-published files.
-
Automatically signing in to a file is supported by local files and files hosted on a FileMaker Server host that isn’t configured to require password-protected files. To automatically sign in each time a file is opened, choose File menu > File Options and specify the account name and password. See Setting file options.
-
The user name defined in the Preferences dialog box is automatically entered in the Open dialog box. When the user name and account names match, the user doesn’t need to type the account name when opening the file. See Setting general preferences.
-