About accounts, privilege sets, and extended privileges


A best practice for security is for every individual who accesses a file to use their own account. This allows you to guarantee the identity of each user and manage their access at an individual level.

Claris Pro

Users must sign in to Claris clients with their Claris ID account when they first start the client. The currently signed in Claris ID account is used to authenticate the user to open a file. If the file doesn't include an account access entry for the user's Claris ID account, the user won't be able to open the file. Each file initially contains two accounts: the file creator's Claris ID account and the Default account.

Claris Pro uses only Claris ID accounts to authenticate users to open files. To grant access to users, you must create account access entries in the file to associate users' Claris ID accounts with privilege sets.

See Creating and editing account access and About the creator's account and Default account (Claris Pro only).

FileMaker Pro

Accounts authenticate users who are attempting to open a protected file. Each account specifies an account name and (usually) a password, which identifies a user. Any user that cannot specify valid account information won't be able to open a protected file. Each file initially contains two accounts: Admin and Guest.

FileMaker Pro works with accounts defined within a FileMaker Pro file (called FileMaker file accounts) and accounts defined externally. To grant access to users or groups of users whose accounts are defined externally, you must create account access entries in the file to associate users' accounts, or the groups they're in, with privilege sets.

See Creating and editing account access and About the Admin and Guest accounts (FileMaker Pro only).

Privilege sets

A privilege set specifies a level of access to a file. When you create a privilege set, there are many options available that you can use to limit access, such as which layouts are viewable, which menus are available, and whether printing is permitted. Privilege sets can also restrict access to particular tables, records, or fields within a file. Each user or group of users is assigned a privilege set, which determines the level of access when someone opens a file using their account.

You can create as many privilege sets as you need to define the types of access you want to permit to a file. Each file contains three predefined privilege sets for common types of access levels.

See Using the predefined privilege sets and Creating and editing privilege sets.

Extended privileges

Extended privileges determine the data sharing options that are permitted by a privilege set, such as whether a privilege set permits users to open a shared file or view a database in a web browser. See Editing extended privileges for a privilege set and Creating and editing extended privileges.

A user who attempts to open or access a protected file will be prompted to provide account information (FileMaker clients only) or will be authenticated with their Claris ID account (Claris clients only). If the privilege set for the user or group does not permit the type of extended privilege access the user is requesting, the user will get an error indicating that they cannot access the file in that way.

All extended privileges except fmreauthenticate10 (FileMaker Pro only) are disabled by default, even in the Full Access privilege set.

Enabling extended privileges only makes it allowable for certain privilege sets to access shared data. To access the shared data, you must also set up sharing for the type of access that you want. See Sharing files on a network, Using ODBC and JDBC with FileMaker Pro, or Publishing databases on the web.

Privileges protect a single file

The privileges that you set up apply to a single file only and all tables within that file. If your custom app consists of multiple files that you want to protect, you may want to combine all of these files into one multitable file. Then you can define privileges in only a single file to manage access to the entire custom app. If you don't want to combine the files into one file, then you should define privileges in each file that contains items you want to protect.

Important  If you create a relationship in one file that references a table in another file, you cannot manage access privileges for the related table in the first file. The privileges defined in the other file control access to that table.

If you have a multifile custom app that includes multiple protected files, consider granting identical account access in each protected file. When one protected file attempts to access another protected file (such as to access related data or run a script in the second file):

  • Claris clients attempt to open the second file with the user's Claris ID account. If the user's account access is the same, the file is opened. Otherwise, the client doesn't open the file and displays an error message.

  • FileMaker clients initially attempt to open the second file with the same credentials that were used to open the first file. If the user's account access is the same, FileMaker clients skip displaying the Open dialog box. Otherwise, the Open dialog box is displayed so the user can enter credentials for an account that can access the second file.


  • When you are accessing an ODBC data source, that external data source provides the access privileges for the data. You can add access privilege requirements in FileMaker Pro. See Editing ODBC data sources.