i don't know how to title this topic, but please bear with me on this.
i have 2 databases that works fine
- main application (that has its own user lists but limited info), lets call this MA
- user mngt(complete info of users, made longtime ago but still works), lets call this UM
- users in MA is not defined in UM
- there are only 2 users in UM, 1 admin and 1 user
what i need is to lookup to UM while i am running the user list in MA
- when i choose John in MA, i also need to have an info from UM
- every time i access the UM, it asks me my username and password
is there a way that i can save the user in UM their username/password in a global variable and use it when it asks me my username/password
Hello @marke1415 ,
when in MA you open UM, the logged in credentials for MA a sent to UM. If the user is not defined in UM, then it asks for an account and password.
EAch fileMAker file does it's own access management. If the user is defined the same way in MA and UM, with proper privileges, then it will proceed without a asking again for credentials.
I don't get what "Google authentication has to do with that though" ...
EDITED: corrected a typo.
There are other ways as well .....
1 - a bit technically complex - use the DataAPI to authenticate to the other DB. Limited in that you do all the data work through the API.
2 - use external authentication (ideally NOT Google or Amazon as they don't implement the content of groups). User are assigned to a directory service group, and you set up a group as a FM user, with the appropriate privilege set. That way, any user in that group, when they log in using external authentication, can access any file that that GROUP exists in. Azure directory services in the cloud, allows 500,000 actions per month for free, so for most typical FM solutions, this is more than adequate. (and most larger installs have their own Active Directory).
In either case, the user account needs to exist in both files identically, for a given user to be able to authenticate against the database. Authorization (privilege set) can be uniquely defined.
IF (and this is a dangerous security practice) the second database is information that you are not concerned about, you can open the second database to a default guest login automatically. definitely NOT RECOMMENDED
The following graphic is from Wim DeCorte at Soliant Consulting and Stephen Blackwell.
Using built-in authentication with multiple files works nicely when all the accounts are in synch. The pain comes you have to add, or update an account, then you have to make the same change in all files.
Plenty of people have solved this problem and make their solutions available. Search for "FileMaker User Account Module"
Security is one area where attempts to manage multiple files with native security using one app, is risky business.
Going with external authentication is a much safer path.
At Many of my clients, I’ve implemented univention corporate server in a VM. The AD compatible directory service is not only free but at many clients, HR now manages accounts and not IT.
If this were my project, depending on the complexity of the database, layouts and such of UM I might look at incorporating UM data into MA and manage access through security/privileges, etc. Perhaps it's not an option in this case, but without using external authentication as @Kirk suggests (a natural solution for this) or synchronizing user accounts as needed on both files (constantly) as @Malcolm describes, it's likely to be a bit of a headache.
I've had to do this with old projects, and while it was a big task, the results were soooo much nicer to maintain.
But as @planteg points out, the quick fix is to use the same credentials on both files, but that's not a great security approach (IMHO).