Editing extended privileges for a privilege set

Privilege sets can limit extended privileges, which determine whether and how a shared file is accessible.

To edit extended privileges for a privilege set:

  1. Start editing a new or existing privilege set in the Edit Privilege Set dialog box.

    See Creating and editing privilege sets.

    Note  If the File menu > Manage > Security menu is dimmed, your privileges do not permit you to access it. See the note below for another possible way to edit extended privileges.

  2. In the Extended Privileges list, select the extended privileges you want to enable, and clear the ones you want to disable.

    The following table lists the default extended privileges that are available.

  3. Keyword

    Extended privilege

    Determines if a privilege permits


    Access via FileMaker WebDirect

    Accessing a database file from a web browser via FileMaker WebDirect.

    (FileMaker platform only)

    Access via ODBC/JDBC

    Accessing a database file as an ODBC or JDBC data source.


    Access via FileMaker Network

    Opening a shared file via FileMaker Pro or FileMaker Go.

    (FileMaker platform only)

    Require re-authentication after the specified minutes in sleep/background

    Accessing a file in FileMaker Go without having to re-login after file hibernation or after using a different app. Also determines how long after FileMaker Pro or FileMaker Go becomes disconnected from a FileMaker host (perhaps because the network connection is lost or the device sleeps) before the user must reauthenticate in order to reconnect automatically.

    The default time is 10 minutes. To change the default time, see Creating and editing extended privileges.


    Access via XML Web Publishing

    Accessing a database file from a web browser or other application via XML web publishing on a supported FileMaker host.

    (FileMaker platform only)

    Access via PHP Web Publishing

    Accessing a database file from a web browser or other application via PHP web publishing on a supported FileMaker host.


    Access via FileMaker Data API

    Accessing a database file from a web service via the FileMaker Data API on a supported FileMaker host. See FileMaker Data API Guide.


    Allow Apple events and ActiveX to perform FileMaker operations

    Accessing a database file from another application.


    Allow URLs to run FileMaker scripts

    Running a script from a URL or through Shortcuts. See Opening files using a URL and Running scripts through Shortcuts.


    Access via OData

    Accessing a database file on a supported FileMaker host from an OData-capable client application. See FileMaker OData Guide.


    Validate cross-file plug-in access

    Plug-ins called in a source file to access a target file. See About controlling plug-in access between files.


  • Do not create extended privileges that begin with "fm"; keywords with this prefix are reserved by Claris.

  • Enabling extended privileges only makes it allowable for certain privilege sets to access shared data. To actually access the shared data, you must also set up sharing for the type of access that you want. See Sharing files on a network, Sharing FileMaker Pro data via ODBC or JDBC (FileMaker Pro only), or Publishing databases on the web.

  • While configuring sharing settings for FileMaker Network sharing, ODBC/JDBC (FileMaker platform only), or FileMaker WebDirect, you can enable sharing for all users or certain privilege sets if your privilege set permits it. This method is accessible by any account access assigned a privilege set with the Manage extended privileges privilege enabled, so it can be accessed by account access that is not assigned the Full Access privilege set. See Editing other privileges, Sharing files on a network, Using ODBC and JDBC with FileMaker Pro, or Publishing databases with FileMaker WebDirect.

  • FileMaker clients only: If a file has been set to save the password in your Credential Manager (Windows) or keychain (macOS, iOS, and iPadOS), and the fmreauthenticate extended privilege has been enabled, you will not be prompted for account information unless the password is invalid or the current account name does not match the account name stored in your Credential Manager or keychain.