Protecting databases > Authorizing access to files
 
Authorizing access to files
As part of your overall security plan, you can control whether other FileMaker Pro files are permitted to access the schema in a file (including its tables, layouts, scripts, and value lists) in your secured solution. When protection is enabled, any use of the protected file through a FileMaker data source will require authorization. Therefore, in a multifile solution, you will need to authorize the other files.
For example, enabling protection prevents someone with an account in your file from creating another file that uses tables in your file but does not implement the same business logic (such as the same script triggers). The use of this alternative file can bypass your intended business logic (although record-level access would still be enforced). Turning on this option also prevents files that are not authorized from opening a protected file using the Open File script step.
Each authorized file is assigned a unique numeric identifier, which the protected file keeps track of, ensuring that the protected file remains protected even if it is renamed or duplicated. Any efforts to bypass authorization, such as by replacing an authorized file with a different one, will be unsuccessful.
Protecting a file and authorizing other files to access it is different from protecting a file’s record data and other security measures that you can take. See Planning security for a file.
To manage access to files, you need to open the file with an account that is assigned the Full Access privilege set, which is the only privilege set that permits making privileges changes to a file.
To authorize access to a file:
1. Open the file that you want to protect.
2. Choose File menu > Manage > Security.
If the Manage Security dialog box displays the basic security settings, click Use Detailed Setup.
3. Click the File Access tab. Then:
 
To
Do this
Protect this file against unwanted access from other files
Select Require full access privileges to use references to this file.
If any files that reference the protected file are currently open, you see an alert for each file, asking if you want to authorize the file. Click Yes.
Remove authorization for a file
Select the file for which you want to remove authorization, then click Deauthorize.
If the deauthorized file is open on any clients, deauthorization will not take effect until the next time the file is opened.
Remove all restrictions to file access
Deselect Require full access privileges to create references to this file.
4. If you want to authorize additional files that are not currently open, click Authorize. In the Open File dialog box, choose a file to authorize, and click Open.
You may be asked to enter the name and password of an account with Full Access privileges.
Important  If you don’t authorize a file that references a protected file, the references will no longer work.
The authorized file appears in the File Access list, with the date and time it was authorized, and the account used to create the authorization.
5. When you are finished, click OK.
Notes
If you rename an authorized file and the file is currently open, the new name appears next to the original name in the File Access list. For example, if you renamed the file SalesReport to ExecReport, then ExecReport;SalesReport appears in the list.
A protected file retains its list of authorized files if the file is cloned or included in a runtime solution, so you don’t have to repeat this process.
This is helpful because you don’t have to repeat the authorization process. However, if you duplicate or clone a protected file, each file will also have the same ID. If you use both files in the same multifile solution, you must reset the ID in one of the files so that each file has a unique ID. To reset the protected file’s unique ID, click Reset All, then click Yes. After resetting, you will need to reauthorize all files that are authorized to access the protected file and any protected files that file was authorized to access.
Important  Resetting the ID cannot be undone by clicking Cancel in the Manage Security dialog box.