Protecting databases > About accounts, privilege sets, and extended privileges
About accounts, privilege sets, and extended privileges
Accounts authenticate users who are attempting to open a protected file. Each account specifies an account name and (usually) a password. Any user that cannot specify valid account information won’t be able to open a protected file. Each file initially contains two accounts: Admin and Guest.
You may want to create an account for every individual who accesses a file, or you may want to create a few accounts that are shared among many individuals, such as a "Marketing" account and a "Sales" account:
Create accounts for individuals when it is necessary to guarantee the identities of particular users and you want to manage access at an individual level.
Create shared accounts when you want fewer accounts to maintain and you are less concerned about managing individual access to the database file.
Shared accounts can be a security risk, so in general use individual accounts for better security. If you intend to use shared accounts anyway, make sure you limit the access capabilities of the privilege sets that shared accounts use. Change the password occasionally, particularly when certain users no longer require access.
If you host files on FileMaker Server, you can create External Server accounts and OAuth identity provider accounts.
External Server accounts obtain authentication information from an authentication server such as Apple Open Directory or a Windows domain. See Creating accounts that authenticate via an external server.
OAuth identity provider accounts obtain authentication information from third-party OAuth identity providers that have been specified in FileMaker Server. See Creating accounts that authenticate via an OAuth identity provider.
See Managing accounts and About the Admin and Guest accounts.
Privilege sets
A privilege set specifies a level of access to a database file. When you create a privilege set, there are many options available that you can use to limit database access, such as which layouts are viewable, which menus are available, and whether printing is permitted. Privilege sets can also restrict access to particular tables, records, or fields within a file. Each account is assigned a privilege set, which determines the level of access when someone opens a file using that account.
You can create as many privilege sets as you need to define the types of access you want to permit to a file. Each database file contains three predefined privilege sets for common types of access levels.
See Using the predefined privilege sets and Creating and editing privilege sets.
Extended privileges
Extended privileges determine the data sharing options that are permitted by a privilege set, such as whether a privilege set permits users to open a shared file or view a database in a web browser. See Editing extended privileges for a privilege set and Creating and editing extended privileges.
A user who attempts to open or access a protected file will be prompted to provide account information. If the privilege set for the account does not permit the type of extended privilege access the user is requesting, the user will get an error indicating that he or she cannot access the file in that way.
All extended privileges except fmreauthenticate10 are disabled by default, even in the Full Access privilege set.
Enabling extended privileges only makes it allowable for certain privilege sets to access shared data. To access the shared data, you must also set up sharing for the type of access that you want. See Sharing files on a network, Using ODBC and JDBC with FileMaker Pro, or Publishing databases on the web.
Privileges protect a single file
The privileges that you set up apply to a single file only and all tables within that file. If your database solution consists of multiple files that you want to protect, you may want to combine all of these files into one multitable file. Then you can define privileges in only a single file to manage access to the entire database solution. If you don’t want to combine the files into one file, then you should define privileges in each file that contains items you want to protect.
Important  If you create a relationship in one file that references a table in another file, you cannot manage access privileges for the related table in the first file. The privileges defined in the other file control access to that table.
If you have a multifile database solution that includes multiple protected files, consider using identical account names and passwords in each protected file. When one protected file attempts to access another protected file (such as to access related data or execute a script in the second file), FileMaker Pro initially attempts to open the second file with the same account name and password that was used to open the first file. If there is a matching account name and password, FileMaker Pro skips displaying Open dialog box. If there is no matching account, then FileMaker Pro displays the Open dialog box so the user can enter account information.
When you are accessing a database file as an ODBC or JDBC data source, that external data source provides the access privileges for the data. You can add access privilege requirements in FileMaker Pro. See Editing ODBC data sources.