Database Reference
In-Depth Information
▪ To check the privilege set, use the
Get(AccountPrivilegeSetName)
function. It returns
the name of the privilege set assigned to the current user. Bear in mind that if you change
the name of a privilege set, then you have to modify any scripts that use this function.
▪ If you need to restrict an action to a particular account, then use
Get(AccountName)
in-
stead. As you probably expect, it returns the name of the account with which the user
logged in. The same warning applies here: Beware of renamed accounts.
NOTE
If someone logged in with external authentication, then
Get(AccountName)
gives you her real
account name in the external directory server.
▪ Finally, FileMaker has one more tempting function:
Get (UserName)
. This function nor-
mally returns the user name from the computer's operating system (the name you use to
log into the computer itself). If you use shared accounts in FileMaker, then you may want
to use the user name to find out who's actually doing something. Bear in mind, though,
that most people can change their user name settings to anything they want, so it isn't
useful for security-related purposes because it's easy for a user to pretend to be someone
else.
You can easily use these functions, but they have some drawbacks. Chances are that, at some
point in the future, you'll need to change the account names, privilege sets, or users that can
do certain things. Every time you do, you have to check and probably edit all your scripts.
If you want to secure a scripted process, then the extended privilege feature described on
Ex-
tended Privileges
is safer and lets you update accounts and privilege sets much more easily.
Handling Security Errors
If your script tries to do something the person isn't allowed to do, then FileMaker shows the
error message in
Figure 18-21
. If you turn error capture on in your script, then this error
doesn't show on the screen. Instead, you can use the
Get(LastError)
function to check for
an error. That way, you can have the script display a custom message box, email you the
name of the misbehaving person, or take some other action. The most common security-re-
lated error is number 200: “Record Access is Denied.” (If you're interested in learning more
about error codes, check out the resources in
Appendix D
.
)
