Generally, you create your privilege sets first, and then add accounts for each user, as you'll see in the following sections. When you add an account, FileMaker asks you to pick a privilege set to control that person's access. But true to the FileMaker way, if you start to create an account, and don't yet have an appropriate privilege set, you can easily create one right then and there, before you save the account.
All the work of creating and maintaining accounts and privilege sets is done in the Define Accounts & Privileges window (Figure 16-1). You can get there by way of the File images/U2192.jpg border=0> Define images/U2192.jpg border=0> Accounts & Privileges command.
When you're creating privilege sets, there's a big temptation to give people too much power. The more folks can do on their own, the less often they'll come bugging you, right? Unfortunately, this attitude invites trouble. For instance, if your database holds credit card numbers along with order records, and your Order Entry privilege set allows users to export data, you might one day find yourself the subject of an FBI investigation. To be on the safe side, if you aren't sure someone needs a privilege, don't give it to him.
There's a practical component to this rule as well. If someone has access to a feature he shouldn't have, it's very unlikely he'll complain. He probably won't even notice, and neither will you until someone abuses it. On the other hand, if you lock someone out of a capability she needs, you can bet you'll hear about it right away. You can easily add the needed power when it comes up. In other words, if your privilege sets start out too restrictive, they'll naturally grow to the right level of power over time based on user feedback.
16.2.1. Managing Privilege Sets
To create or edit privilege sets, click the Privilege Sets tab. The first thing you notice is that you already have some. Every FileMaker database has three built-in privilege sets: [Full Access], [Data Entry Only], and [Read-Only Access] (the brackets help to remind you that these privilege sets are special). You can see the Privilege Sets tab in Figure 16-2.
The standard privilege sets cover three very common access levels, and you're welcome to use them if you want:
These built-in privilege sets provide basic security, but they don't give you a range of possibilities. Using just FileMaker's default privilege sets, you can't give Malcolm full control of some tables, but let him just enter data in others. In developer's lingo, you don't get a lot of granularity.
Tip: Think of granularity as a medium for sculpture. If you're building a statue from boulders, you can't create delicate details like the nose or eyelashes. If you're building with grains of sand (get it?), you can work at a much finer level. Similarly, granularity in security lets you control specific access to very specific aspects of your database.
In FileMaker, you can exercise precise, granular control over security by creating your own privilege sets and assigning them to certain people or groups.
18.104.22.168. Creating a new privilege set
Before you create a new privilege set, you have a decision to make: Do you start from scratch, or do you take a shortcut? If you click New, FileMaker makes a new privilege set with absolutely no privileges. In other words, accounts attached to this setif left alonecan't do anything in the database. You have to turn on exactly the privileges you think the user should have.
To save time, you can start by duplicating the [Data Entry Only] or [Read-Only Access] privilege set, and then add or remove privileges as necessary. This way is usually a little faster, but it does open up the possibility that you'll accidentally leave something turned on that shouldn't be.
Note: For some reason, you can't duplicate the [Full Access] privilege set. This is FileMaker's way of encouraging you to really think about the privileges you assign, and it should encourage you to give users the least access possible for them to do their jobs. If you want a privilege set that grants almost full access, you have to build it up by hand.
16.2.2. Other Privileges
Draw your attention to the Other Privileges area. Here is where you decide on some basic FileMaker features. Most of these are pretty self-explanatory:
To develop a full understanding of how privilege sets work, why not try building one from scratch?
FileMaker pops up the Edit Privilege Set dialog box (Figure 16-3). First off, every privilege set needs a name, which can be anything you want. Call this one Project Manager by typing it in the Privilege Set Name box. While you're at it, in the Description box, type: create and edit jobs, create new invoices.
That's it for the "Other Privileges" part of the dialog box. But if you leave the Project Manager privilege set with these settings, your users can't do anything very useful. Next, you'll look at the section where all the granularity is hiding so you can start adding real privileges to the list.
16.2.3. Data Access and Design Privileges
The Data Access and Design section of the Edit Privilege Set dialog box is where you control access to your specific database elements. The window has a pop-up menu for Records, Layouts, Value Lists, and Scripts. Right now, the Project Manager privilege set doesn't allow access to any of these. To start adding privileges, click the Records pop-up menu. Figure 16-4 shows all your choices.
22.214.171.124. Record privileges
If the three built-in privilege sets form the first level of granularity in the security system, the options in this pop-up menu are part of the second level.
Without much fuss, you can pick one of the prebuilt options:
Each of these options applies to every record in every table. But you might want to let some users "Create, edit, and delete" only in some tables, and let them "View only" in others. For instance, you can let part-timers create new customer records, but not tamper with the Expenses table. For that kind of control, choose "Custom privilege" (Figure 16-5).
To modify privileges for a particular table, you first have to select it. But don't waste time: You can select several tables if you want to, and then modify the settings for all of them at once. FileMaker even gives you a Select All button so you can easily make a change to every table.
For the Project Manager privilege set, you want to give at least View access to every table:
FileMaker selects every table in the list.
The word "yes" appears in the View column for every table. Accounts with the Project Manager privilege set can see data in every table in the file.
This time, "all" appears in the Field Access column. Now Project Managers can see the contents of every field in all the tables. Project Managers need to work with customers, jobs, expenses, and timeslips, so you'll give them access to those tables next.
Managers should be able to create, edit, and delete in those tables, not just view them.
126.96.36.199. Creating record-level access
Invoice privileges are a little more complicated. You want Project Managers to be able to "create invoices," but invoices involve multiple tables and processes, which you have to translate into a set of privileges. They need to create invoice records, of course, but they also need to be able to create line item records. And once they've added items to an invoice, they should also be able to edit those items. You decide, however, that they shouldn't be able to edit items on invoices from last year. In fact, they probably shouldn't change any invoice that isn't dated today. You can handle even a complicated security requirement like this easily in FileMaker: Just add a simple calculation to the mix. (See Chapter 9 for a refresher on calculations.)
When you choose to limit access like this, FileMaker lets you use a calculation to decide which records the users can edit. This calculation gives you tremendous control over the security system. You can use data from the record itself, information about the current date, time, or account name, and even global field or global variable values. Your calculation must return a Boolean result: True if the record should be editable, and False if it shouldn't.
Here are the steps to set up the invoice privileges described above:
FileMaker puts "yes" in the Create column, meaning that managers with this privilege set can create invoice records. From here on, things get more complicated.
You don't want the user to be able to edit any invoice record. Instead, you're giving them limited edit privileges. Your old friend, the Specify Calculation dialog box, appears.
This calculation returns a true result when the invoice date is on or after the current date. It's false for invoices dated before today, so that FileMaker allows Project Managers to edit only today's invoices.
You're going to use the exact same calculation shortly, so why bother retyping?
The Specify Calculation dialog box returns. This time, you're going to limit the managers' ability to delete invoice records. The rule is the same: They can only delete new invoices.
Repeat the above steps for the Line Items table. In this case, though, you want to let managers edit or delete line items when the invoice they're attached to contains today's date. So use the following in steps 3 and 6:
Invoices::Date Get ( CurrentDate )
188.8.131.52. Field-level access
If you remember the original design requirements for this database, the Payments table has a field called Credit Card Number. This type of information falls into the need-to-know category: Unless someone needs it to do his job, he has no business seeing it. Even though Project Managers can view Payment records, you can still control access to individual fields in that table. You're about to exercise field-level granularity:
The Custom Field Privileges window appears (Figure 16-6). FileMaker offers three field-level privileges: modifiable means users can see and edit the field data; view only means they can see the information in the field, but can't change it; and no access means they can't even see it.
And indeed, the words "no access" appear in the Privilege column for the selected fields. Click OK.
Note: Even though the other fields in this list say "modifiable," the entire record isn't editable for these people, so they can't change field data. The record-level security settings effectively trump those at the field level.
The two tables whose privileges you haven't touched yetInvoice Finder and Globalshave only global fields, so they don't need records at all. But you still need to turn on the Edit privilege, so the managers can change values in the globals. Select both tables and simply choose "yes" from the Edit pop-up menu. When you're finished, your Custom Record Privileges dialog box should look a lot like the one in Figure 16-7.
When you're done looking, click OK to close this dialog box. Because you just made a set of complex choices, FileMaker sums up everything you just did by displaying "Custom privileges" in the Records pop-up menu in the Data Access and Design section of the Edit Privilege Set dialog box. To review or edit the record-or field-level access you've set, click "Custom Privileges" in the pop-up menu again.
184.108.40.206. Layout privileges
If you've been following along in this section, you've given Project Managers just the right access to the data in your database. But if you stop now, they still can't get very far. They don't have access to any layouts yet, and without layouts, a FileMaker database isn't of much use. If someone were to open the database with this privilege set now, she'd see something like Figure 16-8.
FileMaker uses layouts to display your file's data, which means you'll need to add layout access to your privilege sets. To give your users all-important access to the various database layouts, use the Edit Privilege Set window's Layouts pop-up menu:
The final option, Custom Privileges… lets you exercise the most control over access to specific layouts. Because layouts are a vehicle for the other database items on the layout, there are two distinct layers of privilege.
Tip: If you want to prevent editing of customer data altogether, it'd make more sense to use the record-level privileges instead. The "Records via this layout" setting is available just in case you want to restrict editing from one particular layout, even though the data in the table can be edited elsewhere.
|UP TO SPEED
Any New Anything
Both the table list in the Custom Record Privileges window and the field list in the Custom Field Privileges window have an unusual last item: [Any New Table] and [Any New Field]. These items don't really exist in your database. Instead, when you set privileges for them, you're telling FileMaker how this privilege set should treat any new items that are added later.
Most FileMaker databases are living creatures that grow and adapt constantly. You might add new fields, layouts, scripts, and even tables at any time, so it would be fool-hardy to give everybody access to any and every new item. Instead, you'll be more secure assuming that no one gets access to anything new, until you set the new privileges specifically. To implement this more strict security rule, turn off all privileges for the [Any New…] items. In fact, FileMaker already has "any new" turned off whenever you make a new privilege set.
Figure 16-9 shows the Custom Layout Privileges dialog box. This window has something else that didn't exist on the Custom Record Privileges dialog box: The "Allow creation of new layouts" checkbox lets you decide if these people can create their own new layouts. In fact, you can let users who can't even add or edit data, create layouts. For example, you might have a whole class of peoplethe Accounting Department, saywho shouldn't be editing customer records or adding product information, but they need to create monthly and annual reports (read: layouts) from that data.
In the current example, you want Project Managers to be able to use any layout (and edit records through them). But you also want them to be able to create their own layouts in case they need to do some custom reporting. These new layouts should of course be editable.
You really intend to make custom privilege settings, but when you first visit the Custom Layout Privileges dialog box, everything is turned off. Since you want most options on, save your wrist by choosing "All view only," and FileMaker turns them all on for you. In the next step, you'll just turn a few options off.
The Custom Layout Privileges window reappears. This time, though, every layout is set to "view only" with "modifiable" records.
You may have to scroll down to see it; it's always at the bottom of the list.
This action tells FileMaker you want new layouts to be modifiable. Click OK when you're done.
If you had tried to click OK without making new layouts modifiable, FileMaker would complain that it doesn't make sense to let someone make a new layout he can't edit. Now, any user with the Project Manager privilege set can edit any new layouts he creates.
220.127.116.11. Value list privileges
Value lists may not seem as critical a security choice as records and layouts, but since value lists help your users enter consistent data, you want to pay attention to these choices. If you put a pop-up menu on a field to limit data input, but then you give those same users the ability to modify the value list underlying the pop-up menu, they have a way to circumvent your control.
You can see the Custom Value List Privileges window in Figure 16-10. This window lets you assign any of three privileges to each value list: modifiable, view only, or no access. You can also let the user create new value lists with an "Allow creation of new value lists" checkbox, and set the privileges to be assigned to any new value lists.
You can control access to value lists in much the same way you manage record and layout privileges. And like record and layout privileges, you have three canned choices in the pop-up menu, plus Custom privileges:
In the business rules you're applying to your database, Project Managers should have view-only access to all value lists, so click Cancel and choose "All view only" from the Value Lists pop-up menu. The Value List access you assign to a privilege set overrides layout designs. That is, even if you set up a pop-up menu with the option of "Include 'Edit…' item to allow editing of value list," users with the Project Manager's privilege set can't edit values in the list.
18.104.22.168. Script privileges
The final option under Data Access and Design lets you control access to your scripts. As with layouts, it's possible to have a class of users who can create new scripts, but can't edit data. If it's the Accountants mentioned in the example on Section 16.1.2, they need to write scripts to run the reports on the layouts you're letting them create. You could also create a privilege set that lets a level of users run most scripts, but doesn't let them run certain scripts that do destructive activities like deleting sets of records. You could save those scripts for higher-level users instead. Figure 16-11 shows the control choices you have.
Again, the pop-up menu gives you three canned choices and a Custom option:
For the Project Managers set, choose "All executable only" from the Scripts pop-up menu. With this change, you've finished creating your privilege set. Your window should look just like Figure 16-12.
To save your new privilege set, click OK. FileMaker adds Project Manager to the list of privilege sets in the Define Accounts & Privileges window (Figure 16-1).
Note: When you give an elementa record, field, layout, value list, or scriptthe "no access" setting, it literally disappears from the user's view. Scripts disappear from the Scripts menu, layouts from the Layout pop-up menu, fields from sort dialog boxes, and records from lists and portals. Your users won't be tempted to run a script or go to a layout they don't have access to.
22.214.171.124. Editing a privilege set
If you need to make changes to this privilege set later, just come back to this window, select it in the list, and click Edit. You see the Edit Privilege Set window again, and you're free to change anything you want.
You can't edit FileMaker's built-in privilege sets. If you want to change one, duplicate it first and then change the duplicate. Remember, though, that you can't duplicate [Full Access].
Part I: Introduction to FileMaker Pro
Your First Database
Organizing and Editing Records
Building a New Database
Part II: Layout Basics
Advanced Layouts and Reports
Part III: Multiple Tables and Relationships
Multiple Tables and Relationships
Advanced Relationship Techniques
Part IV: Calculations
Introduction to Calculations
Calculations and Data Types
Part V: Scripting
Part VI: Security and Integration
Exporting and Importing
Sharing Your Database
Part VII: Appendixes
Appendix A. Getting Help