Planning security for a file
A new FileMaker Pro file is initially unprotected. Whenever the file opens, it automatically logs in the user with the Admin
account, which is assigned the Full Access
privilege set. This permits the user to access and change everything in the file.
You can use accounts and privilege sets to secure the database file. How you secure a file depends largely on whether you share the file with others or not:
•If you simply want to keep someone else from opening a database file on your computer, you can password-protect the file. See
Password-protecting a file.
•If you need to share a database file with others and provide varying levels of file access to different users, you need to plan the security for the file. Follow the steps below to plan the security you need for the shared file.
You can additionally protect a file by requiring
authorization of any file that attempts to access its
tables,
layouts,
value lists, and
scripts. See
Authorizing access to files.
To plan the security for a shared file:
1. Determine the privilege sets that you need for the file.
Make a list of the areas of the file that you want to protect, such as particular tables,
fields,
records, layouts, value lists, and scripts. Plan the number of privilege sets you need to enforce the varying levels of file access that you require.
2. Determine whether you need individual accounts for each user, or accounts that multiple users can share.
3. Decide if you want to enable the Guest account, which permits users to open the file without specifying account information.
4. Create the privilege sets that you need in the file.
5. Determine if you need to enable any extended privileges for certain privilege sets.
If you want certain privilege sets to be able to open a shared file over a network as a
client, access the file from a web browser via
FileMaker WebDirect, or access a file as an
ODBC or
JDBC data source, you need to enable
extended privileges for certain privilege sets. Don’t enable extended privileges unless they’re needed.
6. Create the accounts you need in the file, and assign the appropriate privilege set to each account.
If you’re using the Guest account, assign a privilege set to it as well. Otherwise, disable the Guest account. See
Managing accounts.
7. Test each privilege set to make sure it restricts file access the way you want.
Open the file using different accounts and test each privilege set that you created. Make sure the restrictions work the way you want, and make any needed corrections to your privilege sets.
8. Optionally limit other files from accessing the schema of your files by use of the File Access tab.
Additional security tips
Though accounts and privilege sets provide good database protection, they are not a 100% secure solution. You should take other reasonable measures to protect access to your files and information, and not rely solely on FileMaker Pro access privileges. For example:
•If you host FileMaker Pro databases on a computer that is shared over a network, use operating system level security settings and passwords to restrict folder and file access to authorized personnel only.
•Set the screen saver feature of your operating system to require a password in order to wake up the computer from the screen saver.
•Protect the physical security of the computers, hard drives, and backup storage media where the database files reside.
Notes