Planning security for a file
A new FileMaker Pro file is initially unprotected. Whenever the file opens, it automatically logs in the user with the Admin account, which is assigned the Full Access privilege set. This permits accessing and changing everything in the file.
You can use accounts and privilege sets to secure the database file. How you secure a file depends largely on whether you share the file with others or not:
 •
 •
If you need to share a database file with others and provide varying levels of file access to different users, you need to plan the security for the file. Follow the steps below to plan the security you need for the shared file.
You can additionally protect a file by requiring authorization of any file that attempts to access its tables, layouts, value lists, and scripts. For more information, see Authorizing access to files.
To plan the security for a shared file:
1.
Make a list of the areas of the file that you want to protect, such as particular tables, fields, records, layouts, value lists, and scripts. Plan the number of privilege sets you need to enforce the varying levels of file access that you require.
Note  Each database file contains three predefined privilege sets, which may meet some or all of your needs. For more information, see Using the predefined privilege sets.
2.
3.
For more information, see About the Admin and Guest accounts.
4.
For more information, see Creating and managing privilege sets.
5.
If you want certain privilege sets to be able to open a shared file over a network as a client, access the file from a web browser via Instant Web Publishing, or access a file as an ODBC or JDBC data source, you need to enable extended privileges for certain privilege sets. Don’t enable extended privileges unless they’re needed.
6.
For more information, see Creating and managing accounts. If you’re using the Guest account, assign a privilege set to it as well. Otherwise, disable the Guest account.
7.
Open the file using different accounts and test each privilege set that you created. Make sure the restrictions work the way you want, and make any needed corrections to your privilege sets.
8.
Additional security tips
Though accounts and privilege sets provide good database protection, they are not a 100% secure solution. You should take other reasonable measures to protect access to your files and information, and not rely solely on FileMaker Pro access privileges. For example:
 •
If you host FileMaker Pro databases on a computer that is shared over a network, use operating system level security settings and passwords to restrict folder and file access to authorized personnel only.
 •
 •
Note  Shared accounts are a security risk. For better security, use individual accounts instead of shared accounts. If you intend to use shared accounts anyway, make sure you limit the access capabilities of the privilege sets that shared accounts use. Change the password occasionally, particularly when certain users no longer require access.