Creating and editing account access
Account access entries in a file specify user names (and for FileMaker file accounts, passwords), which identify users. For some types of accounts (see below), groups of users can be defined. When a user opens a file, a dialog box usually prompts the user to enter account information. When a user opens a file with correct account information, the privilege set assigned to the account access entry in the file for that user's account, or for the group that user is in, determines what the user can do in that file. See About accounts, privilege sets, and extended privileges.
To fully manage account access for a file, you must open the file as a user whose account access entry is assigned the Full Access privilege set. If you open the file without full access privileges, the File menu > Manage > Security command lets you change fewer options or the command is disabled. See Editing other privileges.
You can create and modify account access in a shared file while clients are using it. The account access changes you make take effect immediately but do not disrupt any current clients. For example, if you make an account access entry inactive while clients are using it, their usage of the file is not interrupted. However, after the clients close the file, they won't be able to open it again.
You can grant account access to as many users or groups as you need. Each file also contains two predefined accounts. See About the Admin and Guest accounts.
Types of accounts
FileMaker clients support several types of accounts, which differ by how they authenticate users. Only the FileMaker file account defines the account name and password within the FileMaker Pro file. For all other types, the user account or group information is defined by an identity provider or authentication server. For these, the FileMaker Pro file defines only how those user accounts or groups are allowed to access the file.
The following table summarizes which FileMaker hosts support each account type, where the account information is defined, and whether individual user accounts or groups are supported. Note that only the FileMaker file account type can be used to open a local file.
Account type |
Local file |
Hosted by FileMaker Server |
Hosted by FileMaker Cloud |
Where account information is defined |
Supports users or groups |
FileMaker file |
Yes |
Yes |
No |
Within the FileMaker Pro file |
Users |
Claris ID or external IdP |
No |
No |
Yes |
By the Claris ID or external identity provider system |
Users, groups |
External server |
No |
Yes |
No |
By an external authentication server such as Apple Open Directory, a Windows domain, or Microsoft AD FS |
Groups |
Apple ID |
No |
Yes |
No |
By the Apple ID identity provider |
Users |
Predefined OAuth identity provider |
No |
Yes |
No |
By a predefined OAuth identity provider, such as Amazon, Google, or Microsoft Azure AD |
Users, groups1 |
Customizable OAuth identity provider |
No |
Yes |
No |
By a customizable OAuth identity provider |
Users, groups1 |
-
Microsoft Azure AD is the only predefined OAuth identity provider that supports groups. Some customizable providers also support groups (see your provider's documentation for details).
To create or edit account access:
-
Choose File menu > Manage > Security.
-
For Authenticate via, choose the type of account to work with.
The account access list displays only the access granted for the selected type of account. See "Types of accounts" above.
-
To grant account access, click New. To change an existing account access entry, select the user or group.
-
For the account type you chose in step 2, edit the account access details. See:
To duplicate or delete existing account access entries:
-
Choose File menu > Manage > Security.
-
For Authenticate via, choose the type of account to work with.
-
Select a user or group, then:
-
To duplicate the access to this file, click .
-
To delete the access to this file, click .
-
Notes
-
Account access entries that aren't assigned the Full Access privilege set can be granted limited privileges to manage accounts. See Editing other privileges.
-
For FileMaker file and external server accounts:
-
Use only ASCII characters in passwords, such as a-z, A-Z, 0-9, and punctuation characters like "!" and "%." Passwords containing certain accented characters or non-roman characters such as Cyrillic or Japanese may not work, particularly in cross-platform custom apps and files accessed via FileMaker WebDirect.
-
If the file is shared via web publishing, also limit account names to ASCII characters. Do not use colons in account names and passwords of web-published files.
-
Automatically signing in to a file is supported by local files and files hosted on a FileMaker Server host that isn't configured to require password-protected files. To automatically sign in each time a file is opened, choose File menu > File Options and specify the account name and password. See Setting file options.
-
The user name defined in the Preferences dialog box is automatically entered in the Open dialog box. When the user name and account names match, the user doesn't need to type the account name when opening the file. See Setting general preferences.
-