Results 1 to 5 of 5
  1. #1
    Join Date
    Oct 2012
    Posts
    20
    Provided Answers: 3

    Unanswered: Custom Security Permissions

    Hello,

    I was wondering if it is possible to create custom security permissions in access. For example I have created an employee database, with security. I would like to have it when a manager logs on, it will only display his employee's information and no other departments. Is this possible?? In one of the tables is a field for the department the employee works on, can it based off of a table field? Thanks in advance.

    Dave

  2. #2
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    yes
    its doable
    there's separate elements to this
    the first is to read the MS Access security FAQ

    before tinkering with the secuirty settings / accoutns permissions ALWAYS take a backup of the application, the workgroup file and so on.

    next read the MS Access security FAQ

    then to work out how you are going to do your security. bear in mind Access security isn't that Secure. its OK, but its not going to deter the serious cracker or someone with a reasonable amount knowledge about Access

    Personally I prefer to use the Network logon as proof of identity (it does mean you need to implement policies to ensure people do not log on and leave their computer unattended. The reason:- it means the user doesn't need to logon to an Access app, there is no need for yet another f)(*&)(*&g password to remember. you can get the code for that from the Code bank on the top of this forum or do a google search for Dev Ashish API

    Add the relevant network logon userids to the workgroup files and assign the permsissions/groups as you would normally do

    You can decide whetehr someone is able to view a form / report by placing some code int he reportsd on open event that cancels the action if they don't have the appropriate permissions. you cna query the permissions using the ADOX security extensions

    then you need to define a mechanism so you know what data someone is allowed to see. I'd suggest in the same form/report on open event.

    deploy your application as a split database
    the data sits in one MDB/MDE, the user itnerface the report in another. If you use MDE/ACDBE then make certain you retain the original *DB's as you will not be abel to recover design data from the*DE once encrypted. if you deploy the back end as a MDE / ACDE then you will only be able to make changes to the live data using SQL DDL queries. Ideally deploy your front end (the user interface oin each persons local hard drive. there is code in the code bank to assist in managing distributed front ends
    I'd rather be riding on the Tiger 800 or the Norton

  3. #3
    Join Date
    Oct 2012
    Posts
    20
    Provided Answers: 3
    We already have a fully secure network, this is just an internal database for employee information. Thank you for your response, I will give it a go. Dave

  4. #4
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    you may well have a fully secured network, however making an Access application secure is tricky, can be complex, can be frustrating and you cna bever be certain it is secure.

    unless you are suisng a server back end which has a well implemented rigorous security model I have my suspiscions that Access using its inbuilt db storage mechanism (JET) can never be said to be secure. your secure network may be effective from outsiders but that doesn't rule out people inside who have a reasonable knowledge of Access/JET of compromising the system.


    just be aware that its tricky to 'secure' and Access / JET system
    I'd rather be riding on the Tiger 800 or the Norton

  5. #5
    Join Date
    Feb 2004
    Location
    New Zealand
    Posts
    1,424
    Provided Answers: 8
    yeap good point Healdem

    some ticks i do are

    make the tables/query/forms hidden

    and in the backend database create a auto macro that closed quick the database when double click

    and other tick I rename the the backend mdb to .sjm and relink all the tables I have vb code that does it for me

    make the backend a hidden file

    link the fe to the be by the server name eg \\server-name\data$\databasename.sjm data$ is a hidden share

    this way when they go to my computer it not map drive
    hope this help

    See clear as mud


    StePhan McKillen
    the aim is store once, not store multiple times
    Remember... Optimize 'til you die!
    Progaming environment:
    Access based on my own environment: DAO3.6/A97/A2000/A2003/A2007/A2010
    VB based on my own environment: vb6 sp5
    ASP based on my own environment: 5.6
    VB-NET based on my own environment started 2007
    SQL-2005 based on my own environment started 2008
    MYLE
    YOUR PASSWORD IS JUST LIKE YOUR TOOTHBRUSH DON'T SHARE IT.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •