Setting Up Your Security

Security. While it isn't as sexy as a nice UI widget or as crafty as a really cool scripted workflow, setting up your security is something you must consider before any database deployment. When it comes to security, you can't miss a beat. If you do, then that one attack vector might be the one that bites you. And, unless your FileMaker solution is never going to connect with the network at large, knowing who can do what within your system is an essential requirement of security.

Getting to know FileMaker's privilege sets, and how they work, is one thing. But, weaving this knowledge into a system which provides a good degree of flexibility is another. If you're interested in the User/Group/World permissions model, then applying it to your FileMaker solution isn't too hard. You just need know which fields to add and how to make them interact with the rest of the security model in order to accomplish your intended goal.

This video, and the companion file that comes with it, will provide you with the best starting point possible for figuring out how you might want to integrate your security objectives. If you've never quite gotten FileMaker's security under your belt, then give this video and file a good look over.

AttachmentSize
SettingUpSecurity.zip1.65 MB

Comments

Matt, this video does a great job connecting the FM Security settings to the requirements of an application and user set.

Question: What is a way to build on this design, to include a "conditional" security. For example, a record, such as an "Estimate" can be modified by a group, until the status changes to "Accepted" by the client. Another example might be Invoice lines that can be modified, until the Bill is marked paid.

I'm guessing it would be in the "Custom Record Privileges" where you explained the "limited access" calculation.

Looking forward to more of your great videos!
~David

Vyking Gold

The "limited access" calculation is where you would control all the various ways in which a record can be controlled (view view, edit and/or delete).

You can do this by using a dedicated field named something like "state". You would "set a flag", meaning set a certain number to the field. For example, zero could represent the "Estimate" state and a one would represent the "Accepted" state. If the record had a value of one within that field, then you would make the result of the "limited access" setting for edit result in false.

Therefore, that particular record, with THAT particular field value, would not let that particular privilege set modify the record anymore.

Hope that helps.

Really, it's all in the logic of the calculation used within the "limited access" setting.

-- Matt Petrowsky - ISO FileMaker Magazine Editor

Hi Matt,

great video! But I do have a concern about performance. How big a performance hit can I expect when setting up security like this?

Kind regards,

Joost

Hi Matt,

Does the "Created by" field need to be set up in the privilege set as "View Only" or "No Access"; otherwise this field could be changed to get access to the record? Am I missing something?

All the best,

Peter

Pete Boyce