Wrox Programmer Forums
|
Access Discussion of Microsoft Access database design and programming. See also the forums for Access ASP and Access VBA.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Access section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old July 30th, 2008, 01:34 AM
Authorized User
 
Join Date: Feb 2005
Posts: 47
Thanks: 2
Thanked 0 Times in 0 Posts
Default Access security question

Hi all,

I have a quick question. Basically I have built all of my tables for my application. What I need to know is how do I make so that say a certain person is logged in and they belong to a certain group that they can only edit records that have the department name which is the group name in the record? Should I roll my own security or use ULS? Any ideas would be greatly appreciated.

Thanks
Chris
 
Old August 4th, 2008, 01:17 PM
Friend of Wrox
 
Join Date: Mar 2004
Posts: 3,069
Thanks: 0
Thanked 10 Times in 10 Posts
Default

Normally I would check the user name and group and hide them in a hidden form, and then check them whenever I opened a form for editing or record entry, or runa report, and limit the user that way. Depending on the number of groups, that can be pretty quickly done.

If you want to use departments, then just change all your user queries to "SELECT * FROM MyTable WHERE [Department] = '" & [Forms]![frmHiddenForm].[Group] & "'" That way the user only ever sees their own department information. You would also need to limit data entry to their own department, but that is only a matter of auto filling the department field using the same method.

I don't use Access Security since I am in a NetWare environment. What are you laughing at!?! =)

Did that help?

mmcdonal

Look it up at: http://wrox.books24x7.com
 
Old August 4th, 2008, 01:22 PM
Friend of Wrox
 
Join Date: Mar 2004
Posts: 3,069
Thanks: 0
Thanked 10 Times in 10 Posts
Default

While I am thinking about it, another method I use is to limit a user's access with WHERE clauses that I store in the user information table (which can be in another database back end, so the user's can't mess with it).

For a Human Resources Director, for example, their WHERE clause would be "". For an IT Director, their WHERE clause would be "WHERE [Department] = 'Information Technology'"

Then the SQL string would be: "SELECT * FROM MyTable " & [Forms]![frmHiddenForm].[WhereClause]

In the first case, the string becomes: "SELECT * FROM MyTable "

In the second case the string becomes: "SELECT * FROM MyTable WHERE [Department] = 'Information Technology'"

There may be some fiddling with that closing paren, but I don't think so.

Did that help?


mmcdonal

Look it up at: http://wrox.books24x7.com





Similar Threads
Thread Thread Starter Forum Replies Last Post
Code Access Security & Role Based Security robzyc C# 6 April 11th, 2008 02:31 AM
Security question Grafixx01 Access 5 April 18th, 2007 11:24 AM
Security Question jezywrap ASP.NET 1.0 and 1.1 Professional 4 December 13th, 2006 10:39 AM
Ajax Security Question! evogli Ajax 1 November 2nd, 2006 05:46 AM
Web Services Security Question Wee Bubba .NET Web Services 0 September 15th, 2005 07:54 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.