About controlling plug-in access between files

Starting in version 19.2.1, extended privileges that start with fmplugin provide a way to control whether FileMaker plug-ins called in one file can access another file. This extended privilege allows you to enhance security by preventing unauthorized files from performing certain operations in your file via an enabled plug-in.

Plug-ins may provide external functions and external script steps that can be called in a source file to operate on a target file. An fmplugin extended privilege affects only plug-ins that try to perform either of the following operations on a target file when the source and target files are not the same file:

  • execute a script by name
  • execute an SQL statement

The list of extended privileges is scanned in the order displayed in the Extended Privileges tab in the Advanced Security Settings dialog box. If the target file contains no extended privileges starting with "fmplugin" (not case sensitive), the above operations are allowed to run normally. Otherwise, the scan stops at the first extended privilege that is either of the following:

  • fmplugin
  • fmpluginXXXX where XXXX matches the plug-in's four-character ID (case sensitive)

If the current account's privilege set includes a matching fmplugin extended privilege, the above operations are allowed to run normally. Otherwise, the source and target files are checked to see whether they are authorized to access each other (see Authorizing access to files). If they are authorized, the above operations are allowed to run normally.

If the files are not authorized and the following conditions are true, the user is prompted whether to authorize the files to access each other:

  • the plug-in is running in a FileMaker product that can display a user interface
  • the current account has full access privileges in both files

If the user authorizes the files, the operations above are allowed to run normally from now on between the source and target files no matter what extended privileges are in the target file. If the files aren't authorized (because the user declined or the FileMaker product doesn't display a user interface), an error is returned for the operation the plug-in is trying to perform.

Starting in version 19.2.1, fmplugin is present in the list of extended privileges in new files, but not in existing files. However, you can add fmplugin in existing files, if needed. See Creating and editing extended privileges.

For any accounts that need plug-ins to perform the above operations in authorized files, you must add an fmplugin extended privilege to the privilege sets assigned to those accounts. See Editing extended privileges for a privilege set.