Hi all,

I have a quick question. Basically I have built all of my tables for my application. What I need to know is how do I make so that say a certain person is logged in and they belong to a certain group that they can only edit records that have the department name which is the group name in the record? Should I roll my own security or use ULS? Any ideas would be greatly appreciated.

Thanks
Chris

Normally I would check the user name and group and hide them in a hidden form, and then check them whenever I opened a form for editing or record entry, or runa report, and limit the user that way. Depending on the number of groups, that can be pretty quickly done.

If you want to use departments, then just change all your user queries to "SELECT * FROM MyTable WHERE [Department] = '" & [Forms]![frmHiddenForm].[Group] & "'" That way the user only ever sees their own department information. You would also need to limit data entry to their own department, but that is only a matter of auto filling the department field using the same method.

I don't use Access Security since I am in a NetWare environment. What are you laughing at!?! =)

Did that help?

mmcdonal

Look it up at: http://wrox.books24x7.com

While I am thinking about it, another method I use is to limit a user's access with WHERE clauses that I store in the user information table (which can be in another database back end, so the user's can't mess with it).

For a Human Resources Director, for example, their WHERE clause would be "". For an IT Director, their WHERE clause would be "WHERE [Department] = 'Information Technology'"

Then the SQL string would be: "SELECT * FROM MyTable " & [Forms]![frmHiddenForm].[WhereClause]

In the first case, the string becomes: "SELECT * FROM MyTable "

In the second case the string becomes: "SELECT * FROM MyTable WHERE [Department] = 'Information Technology'"

There may be some fiddling with that closing paren, but I don't think so.

Did that help?


mmcdonal

Look it up at: http://wrox.books24x7.com