Securing filemaker systems Flashcards
FileMaker Security can be defined as figure out who the user is, and figure out what the user can see and do. What part(s) of FileMaker security is the “who”? What part(s) of FileMaker security is the “what”?
FileMaker Security: a. the “who” consists of i. FileMaker Accounts ii. External authentication through oAuth or External Accounts (via Open Directory or Active Directory) b. The “what” consists of i. Privilege Sets ii. Extended Privileges
What extended privilege must be enabled so that users can connect to a custom app using FileMaker Go, FileMaker WebDirect, and via the FileMaker Data API?
The required extended privilege for each client:
a. FileMaker Go – fmapp
b. FileMaker Web Direct – fmwebdirect
c. FileMaker Data API – fmrest
George uses a custom app with these tables: Customers, CustomerContacts, Invoices, InvoiceLineItems, and Products. His job is to update customer records with new information, such as new contacts, a change of address, etc. Occasionally he needs to add customers to the system, but he should not be able to delete them. He doesn’t need to create or edit invoices. He does need to view them, however. George’s account is linked to a privilege set called “CustomerEntry”. Describe how this privilege set should be set up to give him access only to the customer area for working with those records.
The privilege “CustomerEntry” should include the following access in the privileges:
a. Records Access:
i. Customers: View, Edit, Create
ii. CustomerContacts: View, Edit, Create, Delete
iii. Invoices: View
iv. InvoiceLineItems: View
v. Products: View (to see product data displayed in Invoice line items)
b. Layouts Access:
i. Any layouts with Customers or CustomerContacts as the underlying table: view only for layouts
and modifiable for records
ii. Any layouts with Invoices or InvoiceLine Items as the underlying table: view only for layouts and
records
iii. Any layouts with Products as the underlying table: no access for layouts and records
A FileMaker file sits on a physical server machine. What are three ways to ensure the file cannot be opened by unauthorized users in the event the machine on which it resides is stolen?
The three ways are:
a. Encryption at Rest. This feature makes sure that the database is encrypted while residing on a machine,
and this provides one measure of security if the physical machine is stolen.
b. Do not allow the file to open automatically using any level of account.
c. Require full access privileges to create external references to this file.
What are the two default FileMaker accounts present in any new file? List four attributes of each account in a new file.
There are two default accounts: Admin and Guest a. Admin i. [Full Access] privilege set ii. No password iii. Used to log into the database automatically iv. Fully editable v. Can be renamed vi. Can give it a password vii. Can be made inactive viii. Can be deleted 17 18 b. Guest: i. Enables a user to log in with no specific account information ii. [Read-Only Access] privilege set iii. Inactive iv. Not fully editable v. Cannot delete vi. Cannot change its name vii. Cannot give it a password
A custom app contains a Web Viewer object. This Web Viewer uses the FMP Protocol to run a script in FileMaker Pro Advanced. A user, however, reports a bug. Clicking on a link that references that fmpurl in the Web Viewer shows an error message. What should be done to allow the link in a Web Viewer to run?
By default for all accounts, the “fmurlscript” extended privilege is disabled. This privilege should be enabled so that a link in a Web Viewer is able to run a script in FileMaker Pro Advanced.
If a FileMaker file contains multiple accounts using oAuth authentication, which account is used when the user opens the file?
The first matching account in the authentication order.
