« MBS FileMaker Plugin,… | Home | MBS FileMaker Plugin,… »

Network share access from script on FileMaker Server

Recently a couple of users asked how to access network shares on a FileMaker Server. The built in commands from FileMaker are all limited to documents and temporary directory. But with the MBS FileMaker Plugin (and other plugins) you can access other places on the server.

A common use case is to put a second hard disk on the server, create a backup folder there and have a scheduled script copy over some files regularly from the documents folder to the external hard disk. You may get a permissions errors. But you can simply solve this by explicitly giving right permissions to the folder to make it accessible for FileMaker server scripting process executing plugin functions.

So let's talk about those accounts. There are various accounts used on a FileMaker Server when working with network shares or folders on disks.
  1. The account your script is logged in to the FileMaker Server, e.g. admin account. Or let's say better a limited account named "backup", which may not need to access all tables in all files. You can query this name with Get(AccountName) in your script.
  2. The account the FileMaker server runs on the system. For MacOS this is usually a separate user named fmserver. You can query this name with MBS( "SystemInfo.UserName" ) function.
  3. The account you login to a remote file server to mount the network share. This may just be a normal login name or with a domain controller something like "SRV2012\bob".
  4. The account of the local admin, who logs into the server to see the desktop.
Now the admin on the machine may use his account (4) to login and see the desktop. He can use FileMaker admin console in the browser and use his account on the file server (3) to mount a network share and optionally attach it to a local drive letter, e.g. Z.

If a script running under the account "backup" (1) on the FileMaker server tries to write to the network share, it only has the permissions of the FileMaker Server scripting process (2). Access is denied as the network share is mounted exclusively for the local admin (4).

There are two solutions:
  1. You can mount a network share both on MacOS and Windows to allow access for all users. This can be tricky and there are various tutorials on the web.
  2. You can use MBS Plugin with Files.Mount function to have your script mount the network share itself, do its business and then unmount it via Files.Unmount function.
We do prefer the second way as it's more secure. The network share is only mounted for a short time period and only accessible to the FileMaker server while mounted. Even if someone is using the computer, they may see the drive letter, but not access it.

If you have questions, please do not hesitate to contact us.
08 11 19 - 08:22