When you're creating privilege sets, there's a big temptation to give people too much power. The more folks can do on their own, the less often they'll come bugging you, right? Unfortunately, this attitude invites trouble. For instance, if your database holds credit card numbers along with order records, and your Order Entry privilege set lets users export data, you may one day find yourself the subject of an FBI investigation. To be on the safe side, if you aren't sure someone needs a privilege, then don't give it to him.
This rule has a practical component as well. If someone has access to a feature he shouldn't have, then he's very unlikely to complain. He probably doesn't even notice, and neither do you—until someone abuses it. However, if you lock someone out of a capability he needs, you can bet you'll hear about it right away. You can easily add the needed power when it comes up. In other words, if your privilege sets start out too restrictive, then they'll naturally grow to the right level of power over time based on user feedback. FileMaker encourages this approach by creating each new privilege set without any privileges at all. Your job is to add each privilege a user needs.
You do all the work of creating and maintaining accounts and privilege sets in the Manage Security window (Figure 18-1). You can get there by way of the File→Manage→Security command.
Figure 18-1. The [Guest] and Admin accounts are added for you when you first create a new database. The checkbox to the left of the Admin account tells you that it's the only one currently active.
Every FileMaker database has three built-in privilege sets: [Full Access], [Data Entry Only], and [Read-Only Access]. You can only make a few minor edits to these sets. The brackets make it easy to pick them out of a list with your custom sets. You can see the Privilege Sets tab in Figure 18-2.
Figure 18-2. The Privilege Sets tab of the Manage Security dialog box lists all the privilege sets in your database. Each privilege set has a name (in the Privilege Set column) and a description. The list also shows you all the accounts assigned each privilege set. Out of the box, only the [Full Access] privilege set is being used—by the Admin account.
Those brackets around the default sets' names are actually part of the name, as you'll soon find out when you use the Get ( PrivilegeSetName ) function. So although they're awkward to look at and bothersome to read, get used to seeing them.
The standard privilege sets cover three very common access levels, and you're welcome to use them if you want, but you have to live with the way they work out of the box, because FileMaker doesn't let you edit them.
Although you probably didn't realize it, you've been using the Full Access privilege set all along. As the name says, it gives you full access to the file with absolutely no restrictions.
The Data Entry Only privilege set is much less powerful. Accounts assigned to this privilege set can't create or modify tables, field definitions, scripts, or layouts. But they can add, edit, and delete records in any table, print, change their own password, and export data.
The least powerful built-in privilege set is Read-Only Access. Not only does it prevent all developer activities, but it also prevents modification of the data. Accounts with this privilege set can't create, edit, or delete records. They can view, print or export the data that's already there, and change their passwords.
Those built-in privilege sets provide basic security, but they don't give you a full range of possibilities. Using just FileMaker's standard privilege sets, you can't give Dwight full control of some tables, but let him just enter data in others. In developer's lingo, you...