I've been tasked with beefing up our administative databases, and
currently we're using server 5.5 and filemaker 6 on the workstations.
Until now, the data we were serving up didn't require much in the way of
security, but as this project progresses, it looks like we'll have make
some adjustments there.

I've looked briefly at filemaker 8 and it looks like they've addressed
the basic issue of passwords being easy to break, but it also looks like
they still don't have any sort of centralized authentication (so my
users would still have to change their passwords across multiple
databases). Is this all correct? I see that multi table dbs are now
supported, so I suppose I could bring all of the databases into one, but
I tend to like multiple small files instead of giant ones so that's not
so appealing.

On the other hand, it looks like Security Manager 1.0 addresses my basic
desire to toughen the passwords and provide centralized administration.
How good is this product? And are there any similar products I should
look at as well?

tia,
bil

--
________________
bil hays
Network Manager
Computer Science

Here's what I've done in a multi-file (~30) Filemaker 7 solution. None
of this exists in versions before 7.

In 7 you can create accounts and assign them permission sets. You can
set the account to use External Authentication, which in my case meant
letting OSX check the password. I created an account for each level of
access I wanted to give groups of users. They are called Regular,
Admin, Contact, Editorial, etc. I then created Groups in OSX with the
same names.

Next, I created a user account for each user who would use the system,
e.g. jsmith. I made them members of whichever groups I wanted them in,
e.g. Editorial.

When Joe Smith opens the database, he is prompted to enter his
password. When he does so, OSX authenticates it (because of External
authentication) and returns to Filemaker a list of the groups he is a
member of. Filemaker sees that Joe has access as Editorial. This gives
him access to the layouts, tables, and scripts defined in the Editorial
permission set.

To make the whole process easier, there is a Freeware program called
SharePoint that will let you easily create OSX Groups and add/remove
users to them.

Hope that all makes sense!
Kevin

audleman (AT) quasika (DOT) net <audleman (AT) quasika (DOT) net> wrote:

If a layout is not inaccessible for group A but accessible for group B,
and Joe Smith is member of both groups, does he get access to this
layout?
--
http://clk.ch

Yes, it does, thanks much, seems like a very sane solution. Have you or
anyone else done this on a server that is not maintaining local users,
but rather diverting authentication to ldap or a kerberos realm? We
don't currently maintain passwords locally.

If anyone has any experience with this I'd appreciate a direct email
response--evidently my news feed isn't very well oriented to this group,

bil

--
________________
bil hays
Network Manager
Computer Science

I just read this, and all mention seems to be to the Macintosh, is
there something similar for the PC?

- Teresa K.

Teresa K. wrote:
Somebody already mentioned that FileMaker 7/8 support external
authentication. This means that FMP uses the Windows login and a
Windows user group to authenticate the FMP user's account.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Howard Schlossberg (818) 883-2846
FM Pro Solutions Los Angeles, California

FileMaker 7 Certified Developer
Associate Member, FileMaker Solutions Alliance

Thanks Howard! I appreciate that knowledge. I'm begining to look up
information and create a comparison sheet of FMPro 6 vs FMPro 8. If
someone else has already done this, do you have any pointers or links
you could share? Once again, my thanks in advance.

- Teresa K.

Filemaker will check against all groups the person is a member of. If
any one of the groups grants access, the user is in.