New Security Features of FileMaker Pro 7

Estimated Time To Read This: 6 – 10 minutes

Among the hundreds of new features and functions in FileMaker Pro 7 is a brand new security model. At the heart of this new model is a new account and privilege management module consisting of Accounts, Passwords, Privilege Sets and Extended Privileges.

This Isn’t Your Father’s FileMaker
Since the early days of FileMaker, there have been passwords. For security, that’s all there was in fact. With FileMaker 7, passwords still exist (and they’re now case sensitive) but they’re no longer stored in the file. Before you start ranting about how passwords could be stored outside of the file, let me explain. The passwords themselves are not stored in the file but an encrypted “signature” is. Think of how an algorithm works: some known string is acted on using a process defined by the algorithm. A variable is applied to the process so the result will be unique. What FileMaker does is store the result in the file so that when you try to open the file with your password, it applies the algorithm with the password you typed as the variable and re-encrypts it. It then checks that the new result matches the result stored when you first created your password.

Fig 1.

Account names are added to the mix to allow proper account management for role-based security implementations. If you choose, you can treat accounts as user names (one for each user) or as roles (one account services many users). This dual function comes from the option to set an account to authenticate either internally or externally. If an account is authenticated externally (requiring FileMaker Server 7), FileMaker Pro and server talk to the operating system to determine which security group(s) the current user belongs to. When Server finds a group name that matches an externally authenticated account name within the FileMaker Pro file, it logs the user in using that account. This also makes single-sign-on possible: a user can log in to their network using their username and password and open a FileMaker solution without entering another account name and password since those credentials have been passed by the operating system and FileMaker Server. When creating a new FileMaker file, two accounts are created by default: Admin and [Guest]. Admin has no password and the File Options are set to automatically log in as Admin so that the user has a similar experience to previous versions of FileMaker. The Guest account can’t be renamed as it controls permissions for users to log in as Guests as opposed to using a defined account.

How does FileMaker Pro know what rights you have within the file? That’s done using Privilege Sets. Each account is assigned to a privilege set.

Privilege Sets
A privilege set is the configuration for an account that defines access including record creation, deletion, export, print and menu commands available to the user. The screen that allows you to modify a privilege set is similar to the password definition screen in previous versions of FileMaker Pro. When you create a new FileMaker file, three Privilege Sets are created for you: [Full Access], [Data Entry Only], and [Read-Only Access]. Full Access is the definition used for the Admin account created by default and cannot be deleted or modified. All files must have this set. The other two sets created by default are also not modifiable or able to be deleted but their use is optional.

Fig 2.

As you can see from Figure 2, additional Extended Privileges can be assigned to a privilege set. These extended privileges are simple names of functions the developer assigns. Scripts can then be written that test to see if the current account uses a privilege set that includes a certain extended privilege. For instance, a developer might create an extended privilege called ‘playSound’ that is assigned to two accounts. The script that runs on startup tests to see if the current account was assigned this extended privilege using
PatternCount ( Get ( ExtendedPrivileges ) ; “playSound” )
within an If step. It’s a simple way of adding additional functionality without having to tie the function to a layout or field (both of which were workarounds for this type of challenge in previous versions of FileMaker Pro).

FileMaker provides four Extended Privileges by default: [fmiwp], [fmxdbc], [fmapp] and [fmmobile]. As you can see from the descriptions in Figure 2, these control communications with other technologies. The most common one to use would be [fmapp] which controls whether an account can access this file over a network using peer-to-peer sharing or FileMaker Server. Even if a file is set for sharing over a network, if none of the Privilege Sets have the fmapp privilege turned on, no one will be able to access it.
Managing Your Accounts
FileMaker Pro comes with a number of account management tools that let you control your accounts via scripting. You can build an infrastructure around your solution that allows a user to enable/disable accounts, change their password or reset the password for another account, create or delete an account or re-login as a different user. Naturally to make all these features work with your solution, especially if it involves multiple files, some homework will have to be done in order to automate these processes.

Other Cool Security Features
In addition to all we’ve mentioned above, there is also the ability to execute a script with full access privileges. This allows you to grant a user rights to an action they don’t normally have permissions for. This feature applies only to the script it’s defined for and doesn’t transfer to other scripts, even sub-scripts. For example, you may not want your users to have Export capabilities but under certain circumstances or for specific reports, you need them to be able to export. For that one script that requires it, full-access will allow the export to occur.

When defining a Privilege Set, you can allow a user of that account to create new layouts, scripts or value lists without giving them access to existing ones. In addition, you can set rules for new layouts, scripts and value lists to be modifiable or restricted. This could be useful for those sites or clients who have an on-site programmer who can make small changes or add a new report to your solution without giving them the developer password.

Conversion Issues
When you convert a file from an earlier version of FileMaker, there are a couple of issues you need to be aware of. First, since the new passwords are case sensitive, passwords from converted files are also case sensitive. In earlier versions it was possible to define a password in all caps (HATCHET) in one file and in mixed-case in another file (Hatchet) and successfully open both files using lower case (hatchet). If these files were converted to 7 however, you would have to remember the case you used for each file before it would open. This may make it necessary to re-enter your passwords in your related files so their case is uniform.

Since all passwords must now have an account to go with it, converted files get an account name the same as its password. You probably will want to change these account names! When you first open a converted file that has passwords, you may choose to only enter the password since the account name is not needed if the account name and its password are identical.
The Bottom Line
We think you’ll agree that FileMaker Pro 7 has a host of new features and one of the most important is its new security architecture. Still easy to use, in many ways it’s backwards compatible with earlier FileMaker versions but much more robust and granular.

Steve Hearn