Managing security > Creating and editing account access
 

Creating and editing account access

Accounts specify user names and (usually) passwords, which identify users. For some types of accounts (see below), groups of users can be defined. When a user opens a file, a dialog box usually prompts the user to enter account information. When a user opens a file with correct account information, the privilege set assigned to the account access entry in the file for that user's account, or for the group that user is in, determines what the user can do in that file. See About accounts, privilege sets, and extended privileges.

To fully manage account access for a file, you must open the file as a user whose account access entry is assigned the Full Access privilege set. If you open the file without full access privileges, the File menu > Manage > Security command lets you change fewer options or the command is disabled. See Editing other privileges.

You can create and modify account access in a shared file while clients are using it. The account access changes you make take effect immediately but do not disrupt any current clients. For example, if you make an account access entry inactive while clients are using it, their usage of the file is not interrupted. However, after the clients close the file, they won't be able to open it again.

You can grant account access to as many users or groups as you need. Each file also contains two predefined accounts: Admin and Guest. See About the Admin and Guest accounts.

Types of accounts

FileMaker clients support several types of accounts, which differ by how they authenticate users. Only the FileMaker file account defines the account name and password within the FileMaker Pro Advanced file. For all other types, the user account or group information is defined by an external identity provider or authentication server. For these, the FileMaker Pro Advanced file defines only how those user accounts or groups are allowed to access the file.

The following table summarizes which FileMaker hosts support each account type, where the account information is defined, and whether individual user accounts or groups are supported. Note that only the FileMaker file account type can be used to open a local file.

 

Account type

Local file

Hosted by FileMaker Server

Hosted by FileMaker Cloud for AWS

Where account information is defined

Supports users or groups

FileMaker file

Yes

Yes

Yes

Within the FileMaker Pro Advanced file

Users

External server

No

Yes

No

By an external authentication server such as Apple Open Directory or a Windows domain

Groups

OAuth identity provider

No

Yes

Yes

By an OAuth identity provider, such as Amazon, Google, or Microsoft

Users, groups1

1. Microsoft Azure AD is the only supported OAuth identity provider that supports groups.

To create or edit account access:

1. Choose File menu > Manage > Security.

2. For Authenticate via, choose the type of account to work with.

The account access list displays only the access granted for the selected type of account. See "Account types" above.

3. To grant account access, click New. To change an existing account access entry, select the user or group.

4. For the account type you chose in step 2, edit the account access details. See:

Editing FileMaker file accounts

Editing external server account access

Editing OAuth account access

To duplicate or delete existing account access entries:

1. Choose File menu > Manage > Security.

2. For Authenticate via, choose the type of account to work with.

3. Select a user or group, then:

To duplicate the access to this file, click Duplicate account button.

To delete the access to this file, click Delete account button.

Notes 

Account access entries that aren't assigned the Full Access privilege set can be granted limited privileges to manage accounts. See Editing other privileges.

For FileMaker file and external server accounts:

Use only ASCII characters in passwords, such as a-z, A-Z, 0-9, and punctuation characters like "!" and "%." Passwords containing certain accented characters or non-roman characters such as Cyrillic or Japanese may not work, particularly in cross-platform database solutions and files accessed via FileMaker WebDirect.

If the file is shared via web publishing, also limit account names to ASCII characters. Do not use colons in account names and passwords of web-published files.

Automatically signing in to a file is supported by local files and files hosted on a FileMaker Server host that isn't configured to require password-protected files. To automatically sign in each time a file is opened, choose File menu > File Options and specify the account name and password. See Setting file options.

The user name defined in the Preferences dialog box is automatically entered in the Open dialog box. When the user name and account names match, the user doesn't need to type the account name when opening the file. See Setting general preferences.

Related topics 

Creating and editing account access

Creating and editing privilege sets

Creating and editing extended privileges

About the Admin and Guest accounts