Hello,
So, in a db I have a layout "staff" that contains all the data of the
staff (address, phone,etc.)
I wish also to have an accout combined with every staff member (so that
with the provileges I can easily grant o deny access to tables and
layouts).
At the moment I have 2 privilege set ("admin" and "user"), but at the
and I think they will be 3 or 4 (but this is not a problem).
I
'm able through buttons and scripts to create a new account (with the
right privileges), enable/disable an account and reset/change the
password.

But I need to be able to check the existence of an account, check if
it's enabled or not and change the privileges of an account without
having to delete and recreate it.

Is it possible? How?

Thanks Bye
Jack
--
Yoda of Borg am I! Assimilated shall you be! Futile resistance is, hmm?

you continue the way you are going.
Just add a field (active [true / false]) for user/staff table
when a user has logged in the scipt checks if the user is active
If not, user gets a message (your account is currently inactive) and the
script closes the file
Make sure you strat the script with script can be aborted to OFF.


Ursus


"Jack" schreef in bericht news:1kom2gs.lc11f28ix0igN%pippo2 (AT) disney (DOT) com...

Hello,
So, in a db I have a layout "staff" that contains all the data of the
staff (address, phone,etc.)
I wish also to have an accout combined with every staff member (so that
with the provileges I can easily grant o deny access to tables and
layouts).
At the moment I have 2 privilege set ("admin" and "user"), but at the
and I think they will be 3 or 4 (but this is not a problem).
I
'm able through buttons and scripts to create a new account (with the
right privileges), enable/disable an account and reset/change the
password.

But I need to be able to check the existence of an account, check if
it's enabled or not and change the privileges of an account without
having to delete and recreate it.

Is it possible? How?

Thanks Bye
Jack
--
Yoda of Borg am I! Assimilated shall you be! Futile resistance is, hmm?

E. Appeldoorn <ursus.kirk (AT) ziggo (DOT) nl> wrote:

Ok, but the idea is to use the mechanism fm has already to manage
accounts.
There is a way to do it or I need to do all manually?

Thanks Bye
Jack
--
Yoda of Borg am I! Assimilated shall you be! Futile resistance is, hmm?

In article <1kom42h.jfgu1z1k3i2z2N%pippo2 (AT) disney (DOT) com>,
pippo2 (AT) disney (DOT) com (Jack) wrote:

I designed a database for multi-agency use, in which I want specified
users within the agencies to be able to create and delete user accounts
for people within their agency, without having Full Access privileges.

I did this as follows:

Developed several different privilege sets that give different levels of
access and control to the database.

Built a table listing the names of the privilege sets. I use this as the
source of the value list of privilege sets for the actions described
below.

Built a table named "User" that has:

-fields to link to the Contact record of each user, to store the user
account name, initial password and privilege set of the user, and the
timestamp of record creation and user account creation and deletion;

-scripts with pushbuttons on the layout to create user records, assign
unique user names and initial passwords, specify the privilege set,
create the user account in the Security setup of the database, with the
specified user name and initial password; delete the account; and delete
the user record from the User table.

The scripts to create and delete user accounts in the database security
system record the timestamp of those actions in the appropriate fields
of the user table. That enables a supervisory user to see at a glance
what users have access to the database and what are their privilege sets.


The user name is generated from the first few letters of the user's last
name concatenated with the primary key field value of the user record,
which is a unique serial number. This assures each user name is unique.

The initial password is generated by a random combination of upper and
lower case letters and numbers of specified length.

The user is required to change his or her password on first log-in, to a
password of his or her own devising. I have built the system to require
the user's new password to be at least a specified number of characters
long. The system is also set up to require users to change passwords at
specified intervals.

The scripts for operating the user table run with Full Access privileges
so a user that does not have Full Access privileges can run those
scripts.

I control by privilege set what users are able to view the User table
and run the scripts. I set up a privilege set I named "Manager" that
allows viewing of the User table and running of the associated scripts.

I also have controls set up in the scripts so that these Manager users
can only do this for users from their own database agency.

I, as Full Access user, can set up the Manager users for each agency,
and they can then set up other users in their agency. They are limited
in the privilege sets they can assign the other users.

All this uses only features that are available in Filemaker, not any
third-party plugins.

I have built other controls in the database to limit what users can see
and do for data not created by their own agency; discussion of this is
beyond the scope of how to set up a system for creating and tracking
users.

Hope this helps.

Bill <bbcollins (AT) earthlink (DOT) net> wrote:


Thanks, it helps a little.

Bye Jack
--
Yoda of Borg am I! Assimilated shall you be! Futile resistance is, hmm?