Using the predefined privilege sets
Every new FileMaker Pro database contains three predefined privilege sets:
-
Full Access: permits accessing and changing everything in the file
-
Data Entry Only: permits viewing and entering of data only
-
Read-Only Access: permits viewing but not changing data
Note The Read-Only Access privilege set permits write access to all global fields. To create a privilege set in which global fields and all record data are view-only, you can duplicate the Read-Only Access privilege set and change Records from Custom privileges to View only in all tables.
You cannot change or delete these predefined privilege sets, except to enable or disable extended privileges for them. You can either use them as is, or duplicate them and then modify the duplicate copies.
The following table summarizes the properties of these privilege sets.
|
Privilege |
Full Access privilege set |
Data Entry Only privilege set |
Read-Only Access privilege set |
|
Records (in all tables) |
create, edit, delete |
create, edit, delete |
view only |
|
Layouts |
all modifiable |
view only |
view only |
|
Value lists |
all modifiable |
view only |
view only |
|
Scripts |
all modifiable |
all executable only |
all executable only |
|
Extended privileges |
all off, except fmreauthenticate10 |
all off, except fmreauthenticate10 |
all off, except fmreauthenticate10 |
|
Allow printing |
on |
on |
on |
|
Allow exporting |
on |
on |
on |
|
Manage extended privileges |
on |
off |
off |
|
Manage database, data sources, containers, and custom functions |
on |
off |
off |
|
Manage custom menus |
on |
off |
off |
|
Manage accounts that don't have Full Access |
on |
off |
off |
|
Override data validation warnings |
on |
off |
off |
|
Disconnect user from server when idle |
off |
on |
on |
|
Allow Open Quickly access to layouts and scripts |
on |
off |
off |
|
Allow password modification |
on |
on |
on |
|
Password change number of days |
off |
off |
off |
|
Minimum password length |
off |
off |
off |
|
Available menu commands |
All |
All |
All |
Note Full Access is the only privilege set that permits access to all aspects of the file. Even if you create privilege sets that have all of the privileges listed above, those privilege sets can't perform the additional actions that are reserved to only the Full Access privilege set. For example, only accounts with Full Access can use the Manage Security dialog to manage accounts that have the Full Access privilege set, use Tools > Developer Utilities (such as database encryption), or grant scripts full access privileges.
In each file, at least one active account must be assigned the Full Access privilege set and be authenticated via a FileMaker file account, or if hosted by FileMaker Cloud, via a Claris ID or external identity provider (IdP) account. An error message appears if you edit accounts so that no active account is assigned the Full Access privilege set.