About accounts, privilege sets, and extended privileges
You use accounts, privilege sets and extended privileges to protect FileMaker Pro database files.
Accounts authenticate users who are attempting to open a protected file. Each account specifies an account name and (usually) a password. Any user that cannot specify valid account information won’t be able to open a protected file. Each file initially contains two accounts: Admin and Guest.
You may want to create an account for every individual who accesses a file, or you may want to create a small number of accounts that are shared among many individuals, such as a “Marketing” account and a “Sales” account:
If you host files on FileMaker Server, you can create External Server accounts that obtain authentication information from an authentication server such as Apple Open Directory or a Windows domain. This allows you to use a centrally managed user directory that may already be in use to manage access to other network resources such as file servers. See Creating accounts that authenticate via an external server.
See Managing accounts and About the Admin and Guest accounts.
Privilege sets
A privilege set specifies a level of access to a database file. When you create a privilege set, there are many options available that you can use to limit database access, such as which layouts are viewable, which menus are available, and whether printing is permitted. Privilege sets can also restrict access to particular tables, records, or fields within a file. Each account is assigned a privilege set, which determines the level of access when someone opens a file using that account.
You can create as many privilege sets as you need to define the types of access you want to permit to a file. Each database file contains three predefined privilege sets for common types of access levels.
See Using the predefined privilege sets and Managing privilege sets.
Extended privileges
Extended privileges determine the data sharing options that are permitted by a privilege set, such as whether a privilege set permits users to open a shared file or view a database in a web browser.
The following table lists the default extended privileges that are available. (FileMaker as well as third-party developers may provide additional extended privileges to manage access to other software products designed to work with FileMaker Pro or FileMaker Server.)
Opening a shared file (either a file shared by FileMaker Pro or hosted and shared by FileMaker Server).
When a user attempts to open or access a protected file using one of the above methods, the user will be prompted to provide account information. If the privilege set for the account does not permit the type of extended privilege access the user is requesting, the user will get an error indicating that they cannot access the file in that way.
All extended privileges except fmreauthenticate10 are disabled by default, even in the Full Access privilege set.
Enabling extended privileges only makes it allowable for certain privilege sets to access shared data. To actually access the shared data, you must also set up sharing for the type of access that you want. See Sharing files on a network, Using ODBC and JDBC with FileMaker Pro, or Publishing databases on the web.
For more information on extended privileges, see Managing extended privileges.