Protecting databases > Using the predefined privilege sets
 

Using the predefined privilege sets

Every new FileMaker Pro Advanced database contains three predefined privilege sets:

Full Access: permits accessing and changing everything in the file

Data Entry Only: permits viewing and entering of data only

Read-Only Access: permits viewing but not changing data

Note  The Read-Only Access privilege set permits write access to all global fields. To create a privilege set in which global fields and all record data are view-only, you can duplicate the Read-Only Access privilege set and change Records from Custom privileges to View only in all tables.

You cannot change or delete these predefined privilege sets, except to enable or disable extended privileges for them. You can either use them as is, or duplicate them and then modify the duplicate copies.

The following table summarizes the properties of these privilege sets.

 

Privilege

Full Access privilege set

Data Entry Only privilege set

Read-Only Access privilege set

Records (in all tables)

create, edit, delete

create, edit, delete

view only

Layouts

all modifiable

view only

view only

Value lists

all modifiable

view only

view only

Scripts

all modifiable
and executable

all executable only

all executable only

Extended privileges

all off, except fmreauthenticate10

all off, except fmreauthenticate10

all off, except fmreauthenticate10

Allow printing

on

on

on

Allow exporting

on

on

on

Manage extended privileges

on

off

off

Override data validation warnings

on

off

off

Disconnect user from server when idle

off

on

on

Allow password modification

on

on

on

Password change number of days

off

off

off

Minimum password length

off

off

off

Available menu commands

All

All

All

Note  The Full Access privilege set is the only one that permits access to the Manage Database dialog box in order to modify fields, tables, relationships, and data sources. It is also the only privilege set that permits changing accounts and privileges. Because you cannot enable these privileges in any other privilege set, any user that wants to make database definition changes or privileges changes must open the file with an account that is assigned the Full Access privilege set.

At least one active, FileMaker authenticated account in each file must be assigned the Full Access privilege set. An error message will appear if you edit accounts so that no active account is assigned the Full Access privilege set.

Related topics 

Editing record access privileges

Editing layouts privileges

Editing value list privileges

Editing scripts privileges

Editing extended privileges for a privilege set

Editing other privileges