Managing security

There is two security points that is preventing us from officially starting to use Otto with all developers. In general, I would like to know if security is going to be worked on for OttoDeploy, with users implementation. I really don’t want to rewrite it in Filemaker and use the api, I like the actual web interface! The two main problems are :

-Not showing a full access password and encryption password. Our file security is managed by oauth groups, we don’t distribute those passwords. This is a problem in OttoDeploy. Would it be possible to remove the eye button that let you see those passwords in deployments?

-Separating admins that create and edit servers and deployments, and users that can only use what’s there.

-We prefer hosting one OttoDeploy copy to our taste and not distribute many, each setup with the developer’s clients. To prevent some mistakes, it would be great if we could only show some deployments to each user, or block them from using.

I know it would be simpler if everyone had access to everything, but we kinda don’t want to touch our current structure to stop coding in production!

Hello,

The full access passwords issue is easily solved. You can use a user name and password tied to a extended privilege that ONLY allows data migration. That account can’t be used to open the file.

The extended Privilege needs to start with fmmigration. The privilege set need not have access to access to any tables, scripts, or layouts.

See Data Migration Tool Guide

The second issue is a bit more complex but we could do it. We’ll add it to the list.

Thanks for the feedback.

Todd

Interesting, I had missed the existence of this privilege! We’ll test it out, thank you!

Same here - never knew about this extended priv set!