Results 1 to 5 of 5
  1. #1
    Join Date
    Jun 2006
    Posts
    13

    Unanswered: Workgroup Security/Electronic Signature (PW *after* logon)

    I'm new to the forum (and I read the FAQ first!!!).

    I have a db (Access 2002) that I have applied workgroup security to. Users login initially with their username and password. Once in the db, I can call their logon with the [CurrentUser] function, but I also need to require a password for data entry (e.g., when a record is added, the user must correctly enter their password again, even though they are already logged in.) Is this possible?

    Thanks,
    Michelle
    thx,
    mlt

  2. #2
    Join Date
    Apr 2006
    Posts
    157
    you may plug this into a small message box

    DBEngine(0).Users(StrUsername).NewPassword PasswordEntry, _
    PasswordEntry

    trap error 3033: exit sub and abort the data entry operation
    Only quitters quit!

  3. #3
    Join Date
    Jun 2006
    Posts
    13
    Awesome! Thank you. You're my hero.
    thx,
    mlt

  4. #4
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    Im glad you've found a solution, but Im curious why would you want to request a password once they have been authenticated?

    Is this a cunning policy to stop users usign the system? and thus reduce the applications support costs over the life time of the project

    BTW currentuser() isn't neccessarily the 'smartest' way of getting the current user - its too easily spoofed/faked. A smarter solution would be to use either an API Call, or (I think) the system object.

    For further information as to why you might want to bin currentuser: do an 'Advanced Search' in this forum limiting your results to Access and search for currentuser or Asish API
    I'd rather be riding on the Tiger 800 or the Norton

  5. #5
    Join Date
    Jun 2006
    Posts
    13
    Thank you for your suggestions!! I think I'll be okay, though. The electronic signature on data entry is an FDA requirement (Code of Federal Regulations 21, Part 11-Electronic Signatures). Per regulations, this is the way to eliminate the need for printing out reports and applying handwritten signatures. I'm not really concerned about fooling the CurrentUser feature because the point is that the password has to match the user. If someone were cunning enough to fool the current user function into thinking they were someone else, they still would have to match that someone else's password before data entry is accepted. Additionally, these are not IT personnel, they are Quality Assurance, and the electronic signature is considered binding like a handwritten signature, which can be forged more easily than this security could be bypassed. By "electronically signing" the user is giving their word that they are the user indicated on the screen and are subject to termination is caught falsifying documents. This is acceptable to the FDA.

    Another alternative is to have the system time out after a certain period of inactivity - and actually, I would be interested in supplementing with that if anyone knows of a way to do it.

    Thanks again for all your help!
    thx,
    mlt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •