Database Reference
In-Depth Information
The Built-In Privilege Sets
The standard privilege sets cover three very common access levels, and you're welcome to
use them if you want, but you have to live with the way they work out of the box, because
FileMaker doesn't let you change anything except their extended privileges.
▪ Although you probably didn't realize it, you've been using the [Full Access] privilege set
all along. As the name says, it gives you full access to the file with absolutely no restric-
tions.
▪ The [Data Entry Only] privilege set is much less powerful. Accounts assigned to this
privilege set can't create or modify tables, field definitions, scripts, or layouts. But they
can add, edit, and delete records in any table; print; change their own password; and ex-
port data.
▪ The least powerful built-in privilege set is [Read-Only Access]. Not only does it prevent
all developer activities, but it also prevents modification of the data. Accounts with this
privilege set can't create, edit, or delete records. They can
view, print, or export
the data
that's already there, and change their passwords.
Custom Privilege Sets
Those built-in privilege sets provide basic security, but they don't give you a full range of
possibilities. Using just FileMaker's standard privilege sets, you can't give Dwight full con-
trol of some tables but let him just enter data in others. In developer's lingo, you don't get a
lot of
granularity
.
NOTE
Think of granularity as a medium for sculpture. If you're building a statue from boulders, then you
can't create delicate details like the nose or eyelashes. If you're building with grains of sand (get
it?), then you can work at a much finer level. Similarly, granularity in security lets you control spe-
cific access to your database.
In FileMaker, you can exercise precise, granular control over security by creating your own
privilege sets and assigning them to the appropriate user accounts.
When you create a new privilege set, it starts out with absolutely no privileges. In other
words, accounts attached to this set—if left alone—can't do
anything
in the database. You
have to turn on exactly the privileges you think the user should have.
To save time, you could duplicate the [Data Entry Only] or [Read-Only Access] privilege set
and then add or remove privileges as necessary. This way is usually a little faster, but it does
