As technology changes, mechanisms to protect our data resources must also evolve. The FileMaker 18 Platform includes a variety of security enhancements that I’m sure the FileMaker community has been waiting for! At The Support Group, we're pretty particular about security. Drum roll. Some of the new security features you'll appreciate in FileMaker Pro 18 Advanced are:
- User interface enhancements
- New user privilege set
- Updates to file access
- Digitally signed plug-in notifications
Security User Interface Enhancements
When accessing the manage security section as a Full Access user, the “Enter Credentials” dialog no longer appears. Thank goodness! That has been a pet peeve of mine for so long. We are all in favor of entering our credentials when a modification is made.
New Privilege Set
One feature I’m most excited about is the “Manage accounts that don’t have Full Access” privilege. Previously only users with a Full Access privilege set could access the manage security section to add, delete, edit and activate/deactivate user accounts. This new privilege set allows other users to have access to the “Manage Security” menu, but these users do not have full access to any other part of the file. Essentially now you can designate which group of users can manage accounts.
A Full Access user will need to designate which privilege set can manage accounts. It’s important to note that the default Data Entry Only and Read-Only Access privilege sets cannot be modified, therefore you can only enable “Manage accounts that don’t have Full Access” to custom privilege sets. Don't worry if your system does not have custom privilege sets because they're easy to set up. You can either create a new one or select an existing one then click the Duplicate button.
For example, I duplicated the Data Entry Only privilege set and renamed it “Data Entry Manage Security.” Under Other Privileges, I clicked the “Manage accounts that don’t have Full Access” checkbox. Once you save these settings and assign user accounts to the privilege set, those users will be able to add, edit, delete and activate/deactivate other accounts as well as assign privilege sets.
How to Manage Accounts
To manage accounts click on the File → Manage → Security menu
The Manage Security window will display all of the existing accounts. You’ll notice any accounts with the Full Access privilege are grayed out because these accounts cannot be modified.
Create a new account by clicking the “+ New” button
Authenticate via: You can specify how to authenticate users. The default and most common option is via the “FileMaker File.” You have the option of selecting “External Server” if that's your organization's process.
Account Name: The account name must be unique.
Password: Click the pencil icon to set the password. A new dialog window will prompt you to enter a new password. FileMaker also includes a Password Quality feature that automatically indicates weak, moderate or strong passwords.
Require password change on next sign-in: When enabled the user will be prompted to change his/her password after the initial login.
Active: Specify if the account is active or inactive. This is a useful way to control access without necessarily having to delete accounts.
Privilege Set: When a list of existing privilege sets displays, select the appropriate option from your existing privilege sets. You’ll notice the Full Access option is grayed out because only Full Access users can grant Full Access privileges to other users.
Description: You can provide notes or comments about the particular user account for yourself and/or other developers.
Click OK when you're done and you’ll be prompted for your username and password to save the settings. Pretty straight-forward, right?
Updates to File Access
Prior to FileMaker 18, the checkbox "Require full access privileges to use references to this file” was disabled by default. This is one of those easy settings to forget when trying to make your FileMaker solution secure. Fortunately, in FileMaker 18 the setting is enabled by default! As long as this function is enabled, only users with Full Access can link to the file from other files, which makes your app more secure.
Digitally Signed Plug-in Notifications
If your FileMaker app includes plug-ins, you may have noticed a warning dialog for unsigned plug-ins. FileMaker 18 automatically displays a message to notify users if the plug-in is not digitally signed by its developer. As a result, FileMaker cannot verify whether it has been tampered with. Since the release of this new version, I’m sure plug-in vendors are updating their plug-ins so that they are signed. I’d recommend updating the plug-ins your system uses. If you receive the warning message, you do have the option of loading unsigned plug-ins as well as specifying “Always load this plug-in” in order to avoid the message going forward.
So now you have more tools to secure your applications almost as well as Fort Knox.
Join our mailing list to keep up with FileMaker 18 new features, like the new import interface and new calculation functions. And discover what makes FileMaker a leading Workplace Innovation Platform.
This article is also published on FileMakerProGurus.com.