Protecting databases > Planning security for a file
Planning security for a file
A new FileMaker Pro file is initially unprotected. Whenever the file opens, it automatically logs in the user with the Admin account, which is assigned the Full Access privilege set. This permits the user to access and change everything in the file.
You can use accounts and privilege sets to secure the database file. How you secure a file depends largely on whether you share the file with others or not:
If you simply want to keep someone else from opening a database file on your computer, you can password-protect the file. See Password-protecting a file.
If you need to share a database file with others and provide varying levels of file access to different users, you need to plan the security for the file. Follow the steps below to plan the security you need for the shared file.
You can additionally protect a file by requiring authorization of any file that attempts to access its tables, layouts, value lists, and scripts. See Authorizing access to files.
See Security Guide for FileMaker.
To plan the security for a shared file:
1. Determine the privilege sets that you need for the file.
Make a list of the areas of the file that you want to protect, such as particular tables, fields, records, layouts, value lists, and scripts. Plan the number of privilege sets you need to enforce the varying levels of file access that you require.
Note  Each database file contains three predefined privilege sets, which may meet some or all of your needs. See Using the predefined privilege sets.
2. Determine whether you need individual accounts for each user, or accounts that multiple users can share.
3. Decide if you want to enable the Guest account, which permits users to open the file without specifying account information.
See About the Admin and Guest accounts.
4. Create the privilege sets that you need in the file.
See Creating and editing privilege sets.
5. Determine if you need to enable any extended privileges for certain privilege sets.
If you want certain privilege sets to be able to open a shared file over a network as a client, access the file from a web browser via FileMaker WebDirect, or access a file as an ODBC or JDBC data source, you need to enable extended privileges for certain privilege sets. Don’t enable extended privileges unless they’re needed.
6. Create the accounts you need in the file, and assign the appropriate privilege set to each account.
If you’re using the Guest account, assign a privilege set to it as well. Otherwise, disable the Guest account. See Managing accounts.
7. Test each privilege set to make sure it restricts file access the way you want.
Open the file using different accounts and test each privilege set that you created. Make sure the restrictions work the way you want, and make any needed corrections to your privilege sets.
8. Optionally limit other files from accessing the schema of your files by use of the File Access tab.
See Authorizing access to files.
Additional security tips
Though accounts and privilege sets provide good database protection, they are not a 100% secure solution. You should take other reasonable measures to protect access to your files and information, and not rely solely on FileMaker Pro access privileges. For example:
If you host FileMaker Pro databases on a computer that is shared over a network, use operating system level security settings and passwords to restrict folder and file access to authorized personnel only.
Set the screen saver feature of your operating system to require a password in order to wake up the computer from the screen saver.
Protect the physical security of the computers, hard drives, and backup storage media where the database files reside.
If you have FileMaker Pro Advanced, you can encrypt database files to protect them while they are being stored on disk. See Encrypting database files (FileMaker Pro Advanced).