Editing extended privileges for a privilege set
Privilege sets can limit extended privileges, which determine whether and how a shared file is accessible.
To edit extended privileges for a privilege set:
-
Start editing a new or existing privilege set in the Edit Privilege Set dialog box.
See Creating and editing privilege sets.
Note If the File menu > Manage > Security menu is dimmed, your privileges do not permit you to access it. See the note below for another possible way to edit extended privileges.
-
In the Extended Privileges list, select the extended privileges you want to enable, and clear the ones you want to disable.
The following table lists the default extended privileges that are available.
Keyword |
Extended privilege |
Determines if a privilege permits |
fmwebdirect |
Access via FileMaker WebDirect |
Accessing a database file from a web browser via FileMaker WebDirect. |
fmxdbc |
Access via ODBC/JDBC |
Accessing a database file as an ODBC or JDBC data source. |
fmapp |
Access via FileMaker Network |
Opening a shared file via FileMaker Pro or FileMaker Go. |
fmreauthenticate10 |
Require re-authentication after the specified minutes in sleep/background |
Accessing a file in FileMaker Go without having to re-login after file hibernation or after using a different app. Also determines how long after FileMaker Pro or FileMaker Go becomes disconnected from a FileMaker host (perhaps because the network connection is lost or the device sleeps) before the user must reauthenticate in order to reconnect automatically. The default time is 10 minutes. To change the default time, see Creating and editing extended privileges. |
fmxml |
Access via XML Web Publishing |
Accessing a database file from a web browser or other application via XML web publishing on a supported FileMaker host. |
fmphp |
Access via PHP Web Publishing |
Accessing a database file from a web browser or other application via PHP web publishing on a supported FileMaker host. |
fmrest |
Access via FileMaker Data API |
Accessing a database file from a web service via the FileMaker Data API on a supported FileMaker host. See FileMaker Data API Guide. |
fmextscriptaccess |
Allow Apple events and ActiveX to perform FileMaker operations |
Accessing a database file from another application. |
fmurlscript |
Allow URLs to run FileMaker scripts |
Running a script from a URL or through Shortcuts. See Opening FileMaker Pro files using a URL and Running scripts through Shortcuts. |
fmodata |
Access via OData |
Accessing a database file on a supported FileMaker host from an OData-capable client application. See FileMaker OData Guide. |
fmplugin |
Validate cross-file plug-in access |
Plug-ins called in a source file to access a target file. See About controlling plug-in access between files. |
Notes
-
Do not create extended privileges that begin with "fm"; keywords with this prefix are reserved by Claris.
-
Enabling extended privileges only makes it allowable for certain privilege sets to access shared data. To actually access the shared data, you must also set up sharing for the type of access that you want. See Sharing files on a network, Sharing FileMaker Pro data via ODBC or JDBC, or Publishing databases on the web.
-
While configuring sharing settings for FileMaker Network sharing, ODBC/JDBC, or FileMaker WebDirect, you can enable sharing for all users or certain privilege sets if your privilege set permits it. This method is accessible by any account access assigned a privilege set with the Manage extended privileges privilege enabled, so it can be accessed by account access that is not assigned the Full Access privilege set. See Editing other privileges, Sharing files on a network, Using ODBC and JDBC with FileMaker Pro, or Publishing databases with FileMaker WebDirect.
-
If a file has been set to save the password in your Credential Manager (Windows) or keychain (macOS, iOS, and iPadOS), and the fmreauthenticate extended privilege has been enabled, you will not be prompted for account information unless the password is invalid or the current account name does not match the account name stored in your Credential Manager or keychain.