How Do I Secure CC Calendar SE ?
CC Calendar SE is distributed without any security in place; there are no accounts or passwords set up whatsoever. You’ll likely want to add some security to your copy as you deploy it. If you have an existing FileMaker solution to which you’re adding CC Calendar, the security of the calendar will need to be modified to fit in seamlessly with your existing security system. This means creating the same privilege sets and accounts in CC Calendar as you have in your existing solution.
If you don’t have an existing security solution to move into CC Calendar, you’ll want to set up at least some basic security for the Calendar:
a) You’ll want to prevent you users from modifying the schema (field definitions, scripts, and layouts) of the calendar. Even if you allow schema modifications to the data tables like appointments, you’ll want to prevent such changes to the Calendar, Days, and Hours tables where most of the interface work of the calendar takes place.
b) Users should also be prevented from deleting or creating new records in the Calendar table. The six records there are used to display the month view of the calendar; if one is deleted or an extra interface record is created, the calendar will no longer display properly. Preventing the accidental creation or deletion of records in the Calendar table will prevent these problems. If records are created or deleted accidentally you can use the reset script in CCCalendar.fp7 to restore the original records. This script is set to run with “full access privileges” so you’re security settings won’t get in the way of it. No other scripts in the calendar are set to run with “full access privileges,” so if you really lock down the calendar you may want to add this option to some of the calendar scripts.
c) In a similar fashion, you should prevent users from deleting records when on the About / Clients screen. This screen is based on the Clients table and selecting “Delete Record” from the FileMaker Record menu can result in misleading results if executed when there is no client currently selected. The best way to accomplish this and item “b” above is to create a new privilege set for your users and change the menu access for this privilege set to “Editing Only”. This will remove the “Delete Records” command (along with other pesky items) from the menu and force users to use your scripts to delete records.
d) If you’re not using the (Instant Web Publishing), available separately, you’ll want to turn IWP access “off” for the CC Calendar files. You can do so from the FileMaker Pro Menu, selecting Sharing / Instant Web Publishing.
e) When you deploy the calendar be sure to remove the Show Status Area script from the Scripts menu. Also be sure to change the first line of the Adjust Window script to lock the status area when hiding it.