Results 1 to 6 of 6
  1. #1
    Join Date
    May 2012
    Posts
    132

    Unanswered: logged in person on all forms?

    There is a DB with many forms and reports on which multiple employees are going to work. Is there an easy way to prompt each employee to enter his/her own password to be able to open the database?
    Since it is important to record who has put data in forms, a column is designated to record the name or ID of the employee who is putting data. Is it possible that the logged-in employee name or ID, as the person who enters data, is put automatically in all forms / reports, etc. since he/she has already logged in?
    thank you
    ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
    I asked god to please give me everything to enjoy the life, God said: i gave you the life to enjoy everything.

  2. #2
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    Depends
    in my view the best solution to this is to use the windows api call to find the current user logon. Google dev ashish api for details.
    but it does mean that each user must authenticate themselves whilst logging on to a windows session and they must log out after completing whatever they need to. The network api reflects the user account of the computers current logon session. If multiple users are required within one logon on session then the api fails. Its not a big deal in my books to force a user to switch userids.
    any other security procedures especially hand written are prone to spoofing or a false sense of security.
    because the network api is based on a userid your network trolls can control who can log on, where, how often the password is changed, how many concurrent sessions and so on.
    relying on the access function currentuser returns the userid of the current access session. Its much easier to have multiple access users
    I'd rather be riding on the Tiger 800 or the Norton

  3. #3
    Join Date
    May 2012
    Posts
    132
    Quote Originally Posted by healdem View Post
    Depends
    in my view the best solution to this is to use the windows api call to find the current user logon. Google dev ashish api for details.
    but it does mean that each user must authenticate themselves whilst logging on to a windows session and they must log out after completing whatever they need to. The network api reflects the user account of the computers current logon session. If multiple users are required within one logon on session then the api fails. Its not a big deal in my books to force a user to switch userids.
    any other security procedures especially hand written are prone to spoofing or a false sense of security.
    because the network api is based on a userid your network trolls can control who can log on, where, how often the password is changed, how many concurrent sessions and so on.
    relying on the access function currentuser returns the userid of the current access session. Its much easier to have multiple access users
    thank you,
    i hope i could understand you well.
    well, it is not on a network. so there is a single file, to which users are supposed to log in though an " access log in" system, if such a thing is possible.
    morover, when a user is logged in, how come every document is recorded and issued in the name of that user?
    i googled " dev ashish api ", thank you. where shall this code be put?
    thank you
    ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
    I asked god to please give me everything to enjoy the life, God said: i gave you the life to enjoy everything.

  4. #4
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    in a public coded module, as the instructions say.

    http://access.mvps.org/access/api/api0008.htm
    API: Get Login name

    Author(s)
    Dev Ashish


    (Q) How do I retrieve the UserName with which the user is logged into the network?

    (A) Paste the following code in a new module and call the function fOSUserName.
    I'd rather be riding on the Tiger 800 or the Norton

  5. #5
    Join Date
    May 2012
    Posts
    132
    Quote Originally Posted by healdem View Post
    in a public coded module, as the instructions say.

    http://access.mvps.org/access/api/api0008.htm


    thank you,
    well, please imagine there is a table named "students_scores" where we record students exam courses, exam dates, scores and etc. it is also important to know which faculty employee has put such data. because of that we have made another column in the above table named: recorderID.
    we have also built a form to ease of data entry.
    Q: using the "Dev Ashish" code will put the logger ID in the forms automatically? if this is yes. is it enough to make the "fOSUserName function" or do we also have to make some codes in the forms?
    thank you
    ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
    I asked god to please give me everything to enjoy the life, God said: i gave you the life to enjoy everything.

  6. #6
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    no
    DEv Ashish has provided various snippets of code, loosely labelled API calls, which retrieve data from the Windows API.
    one returns the current netwrok logon user id
    another returns the computer name running the code

    nothing happens 'automatically'
    you have to expressly set whatever column you want to record the userid to the return value of the function
    whether you do that as a default value int he table
    or assign the return value to a control in a bound recordset prior to updating
    or set the value explicitly when you update the underlying table using a recordset
    ...depends on your applciaiton and how you do it.

    the point is
    1) the code goes into a public code module (not a form or report code module)
    2) that makes that code visible to any objects in your current Access application (whether thats a query, form, report, macro, VBA code)
    3) that code, function call can be used like any other function in Access..
    its a function that takes no parameters and returns a value

    as said in my initial post it works PROVIDING each user logs on to their own windows session with a unique user id.
    if you store the computer name, the user id and timesatmp of the evenjt then you have a areasonable audit trail.
    better yet to store who did waht in a separate audit log. Its rather like playing cluedo except you knwo in advance who did the dirty deed, with waht computer and at what time.
    dong as you are propisng isn't neccesarily that useful, as all it records is who made the last change to that row...... its OK possibly, but an audit trail (google 'allen browne audit trail log' for a far better solution to playing cludoe with the cards stacked in your favour

    if this application uses a single instance of Access on the same computer, or allows multiple users to use the same network logon user account then it fails. Ever site Ive worked on in the last god knows how many years has strict policies on user accounts
    one account per person
    leaving your computer logged on (and unlocked) whilst away from your desk is a disciplinary

    rolling your own security (logons, passwords, logon code invariably creates a flase sense of security. its pretty near impossibel in my books to truly tie donw security on an Access application talking to an JET (Access) datastore. it can be done when usign a server backend, but I doubt many Access applciation will get past your security audits if you have them

    usign the network logon + computer ID + timestamp, properly designed is robust enough for a legal disiciplinary. its can prove who did waht (or more accurately whose computer id did what). and if your policies insist computers cannto be left logged on an unattended then its as good as it gets. but you have to demoinstrate that
    A) you've captured the data correctly (Access password are not exclusive),
    B) there is only the specific way of entering data (havign a read/write database (but no deletes nor edits) for your audit log is the only way to go. otherwise you have no way of knowing who did what where and when.

    when I tend to write an audit log, one technique I've used is to write each audit event as a SQL atatement. that way round if your main tables get corrupted your have the SQL to go back to the last known good copy of the data and then roll those sql statements forward getting the data back into step. It is a thing of joy when a customer is tearing their hair out fearing they have got all this months end data to re-enter after a corruption, when instead you go back to the last backup an d the run every SQL statement they have done from that time point...
    I'd rather be riding on the Tiger 800 or the Norton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •