Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > Microsoft Office > Access and Access VBA > Access
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Access Discussion of Microsoft Access database design and programming. See also the forums for Access ASP and Access VBA.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Access section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old May 2nd, 2008, 11:07 AM
Authorized User
 
Join Date: May 2007
Location: , , .
Posts: 85
Thanks: 0
Thanked 0 Times in 0 Posts
Default Security Design

Hey All,

New design project trying to get grips with and wanted to pick people's brains as to best way to do it.

Trying to find a way to have a navigation menu which alters according to the role of the user logged in rather than the individual login.

The reason for the choice is that someone may alter job however their new role will mean they should not have access to information any more that their old role did even though they may actually be more senior in the company, or their role may mean they need to access the system design (inc tables) just not the data itself, or they may need to be able to see the data is there and that is shown on a form just with the password input mask over the top.

The only design schema to code that I can find use the concept of if level is above or below x then they have access which wouldn't work here.

I've thought about a global recordset of the role permissions as yes and no with one huge form to control the role permissions.

Reply With Quote
  #2 (permalink)  
Old May 2nd, 2008, 12:28 PM
Friend of Wrox
Points: 9,611, Level: 42
Points: 9,611, Level: 42 Points: 9,611, Level: 42 Points: 9,611, Level: 42
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Mar 2004
Location: Washington, DC, USA.
Posts: 3,069
Thanks: 0
Thanked 10 Times in 10 Posts
Default

That middle paragraph is one sentence!

Have the application open a hidden form on start up, and run these events from the On Load event of the hidden form.

Create a table, perhaps in another database, that has the user name and role. When the application opens, have it take the username from the person's computer:

sUser = (Environ$("Username"))

Then have it open the crendentials database (I use a SharePoint site for this purpose so I can manage user levels there) and find the user.

If the user is not in the database, then Application.Quit.
If the user is in the database, take their username, maybe first and last names (I like to display them so the user knows the app knows who they are) and the group name.

Take these credentials and put them in unbound text boxes on the hidden form. Then open your main form.

I generally use a main navigation page, and if the user is allowed to see the admin forms, the button to those forms is visible. If not, then the button is invisible. The forms check the hidden form like this:

If [Forms]![frmHiddenCreds].[GroupName] = "Admin" Then
   Me.btnAdminForm.Visible = True
Else
   Me.btnAdminForm.Visible = False
End If

Also put an event on the forms themselves on their on load event, to close the form if the user is not in the admin group.

I set all the forms and tables to Hidden, as well. The only way around that is to move data in and out as the user opens forms and reports they are allowed to see. There are lots of kludges. Then turn your database into an MDE so the users can't modify your code and get access, etc.

Did any of that help?

mmcdonal

Look it up at: http://wrox.books24x7.com
Reply With Quote
  #3 (permalink)  
Old May 2nd, 2008, 12:49 PM
Authorized User
 
Join Date: May 2007
Location: , , .
Posts: 85
Thanks: 0
Thanked 0 Times in 0 Posts
Default

It helps to a degree, however don't have sharepoint to use that option.

Think having a blonde moment in regards to the groups bit as not getting that.

Reply With Quote
  #4 (permalink)  
Old May 5th, 2008, 06:57 AM
Friend of Wrox
Points: 9,611, Level: 42
Points: 9,611, Level: 42 Points: 9,611, Level: 42 Points: 9,611, Level: 42
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Mar 2004
Location: Washington, DC, USA.
Posts: 3,069
Thanks: 0
Thanked 10 Times in 10 Posts
Default

I was thinking you would have groups of users. Like this:

tblUser
UserID
Username
FirstName
LastName
etc
Group - like Admin, User, SuperUser, etc.

This way you can do your code like this:

Dim sGroup as String

sGroup = [Forms]![frmHidden].[txtGroup]

If sGroup = "Admin" Then
   ...Visible = True
Else
   ...Visible = False
End If

instead of:

Dim sUser As String

sUser = [Forms]![frmHidden].[txtUser]

If sUser = "jdoe" Or sUser = "jsmith" Or sUser = "moe" Then
   ...Visible = True
Else
   ...Visible = False
End If

If you manage users in groups, then you don't have to change your code every time you want to grant or deny rights. Just move the user between groups.

You can use a separate database to keep all your user rights in, and then look up each user as they log in.

Access has its own security features, but I don't use them because of my network environment.

Did that help?


mmcdonal

Look it up at: http://wrox.books24x7.com
Reply With Quote
  #5 (permalink)  
Old May 8th, 2008, 11:26 AM
Authorized User
 
Join Date: May 2007
Location: , , .
Posts: 85
Thanks: 0
Thanked 0 Times in 0 Posts
Default

yes its what i was thinking of it was just the sheer number of groups that was running into.

Currently at over 60000 combinations to code in that way. Access security isn't going to work for this, looked at it too long and its not flexible enough.

Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Code Access Security & Role Based Security robzyc C# 6 April 11th, 2008 02:31 AM
IS-A , not CONTAINS-A design possible? LawrenceHickey XML 3 May 16th, 2007 03:34 PM
Design patterns for web design ceadge HTML Code Clinic 0 June 19th, 2006 11:26 AM
System.Security.SecurityException: Security error coolcatjk Pro VB.NET 2002/2003 4 March 2nd, 2006 06:00 PM
Java Design issue with UML and Design Patterns the_logical_way Apache Tomcat 0 May 31st, 2004 04:02 AM



All times are GMT -4. The time now is 04:33 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.