Creating and editing account access

Account access entries in a file specify user names (and for FileMaker file accounts, passwords), which identify users. For some types of accounts (see below), groups of users can be defined. When a user opens a file, a dialog box usually prompts the user to enter account information. When a user opens a file with correct account information, the privilege set assigned to the account access entry in the file for that user's account, or for the group that user is in, determines what the user can do in that file. See About accounts, privilege sets, and extended privileges.

To fully manage account access for a file, you must open the file as a user whose account access entry is assigned the Full Access privilege set. If you open the file without full access privileges, the File menu > Manage > Security command lets you change fewer options or the command is disabled. See Editing other privileges.

You can create and modify account access in a shared file while clients are using it. The account access changes you make take effect immediately but do not disrupt any current clients. For example, if you make an account access entry inactive while clients are using it, their usage of the file is not interrupted. However, after the clients close the file, they won't be able to open it again.

You can grant account access to as many users or groups as you need. Each file also contains two predefined accounts. See About the Admin and Guest accounts.

Types of accounts

FileMaker clients support several types of accounts, which differ by how they authenticate users. Only the FileMaker file account defines the account name and password within the FileMaker Pro file. For all other types, the user account or group information is defined by an identity provider or authentication server. For these, the FileMaker Pro file defines only how those user accounts or groups are allowed to access the file.

The following table summarizes which FileMaker hosts support each account type, where the account information is defined, and whether individual user accounts or groups are supported. Note that only the FileMaker file account type can be used to open a local file.

Account type

Local file

Hosted by FileMaker Server

Hosted by FileMaker Cloud

Where account information is defined

Supports users or groups

FileMaker file

Yes

Yes

No

Within the FileMaker Pro file

Users

Claris ID or external IdP

No

No

Yes

By the Claris ID or external identity provider system

Users, groups

External server

No

Yes

No

By an external authentication server such as Apple Open Directory, a Windows domain, or Microsoft AD FS

Groups

Apple ID

No

Yes

No

By the Apple ID identity provider

Users

Predefined OAuth identity provider

No

Yes

No

By a predefined OAuth identity provider, such as Amazon, Google, or Microsoft Azure AD

Users, groups1

Customizable OAuth identity provider

No

Yes

No

By a customizable OAuth identity provider

Users, groups1

  1. Microsoft Azure AD is the only predefined OAuth identity provider that supports groups. Some customizable providers also support groups (see your provider's documentation for details).

To create or edit account access:

  1. Choose File menu > Manage > Security.

  2. For Authenticate via, choose the type of account to work with.

    The account access list displays only the access granted for the selected type of account. See "Types of accounts" above.

  3. To grant account access, click New. To change an existing account access entry, select the user or group.

  4. For the account type you chose in step 2, edit the account access details. See:

To duplicate or delete existing account access entries:

  1. Choose File menu > Manage > Security.

  2. For Authenticate via, choose the type of account to work with.

  3. Select a user or group, then:

    • To duplicate the access to this file, click Duplicate account button.

    • To delete the access to this file, click Delete account button.

Notes 

  • Account access entries that aren't assigned the Full Access privilege set can be granted limited privileges to manage accounts. See Editing other privileges.

  • For FileMaker file and external server accounts:

    • Use only ASCII characters in passwords, such as a-z, A-Z, 0-9, and punctuation characters like "!" and "%." Passwords containing certain accented characters or non-roman characters such as Cyrillic or Japanese may not work, particularly in cross-platform custom apps and files accessed via FileMaker WebDirect.

    • If the file is shared via web publishing, also limit account names to ASCII characters. Do not use colons in account names and passwords of web-published files.

    • Automatically signing in to a file is supported by local files and files hosted on a FileMaker Server host that isn't configured to require password-protected files. To automatically sign in each time a file is opened, choose File menu > File Options and specify the account name and password. See Setting file options.

    • The user name defined in the Preferences dialog box is automatically entered in the Open dialog box. When the user name and account names match, the user doesn't need to type the account name when opening the file. See Setting general preferences.