About security in access 2003

[Squik27]

Hi,

This is the requirement of the school/company:

When a user runs the application they will need a password (some password in
which the user would be the system or school, like a generic password) then
whenever the user wants to do stuff that involves money (sales, payments,
etc) they will need a power user password (username and password).

Imagine person 'A' a regular employee or prospect employee in training runs
the application he will be require the generic password, but then when person
'A' wants to make a payment or sale he will need the help of a power user 'B'
because only user's 'B' password has the privileges.

The generic password would be like a guest's password that can only do
certain stuff, but for more delicate stuff only a power user can do it.

so far I haven't gotten into security in access and i read that it's a hairy
business so my question is:

Can MSACCESS 2003 offer such security and if it can, please could i get some
link to how to do it?
If Access can't do this i'll have to build it in my application then would
be the best approach?

Thank you very much for any help.

 

[James A. Fortune]

Hi,

This is the requirement of the school/company:

When a user runs the application they will need a password (some password in
which the user would be the system or school, like a generic password) then
whenever the user wants to do stuff that involves money (sales, payments,
etc) they will need a power user password (username and password).

Imagine person 'A' a regular employee or prospect employee in training runs
the application he will be require the generic password, but then when person
'A' wants to make a payment or sale he will need the help of a power user 'B'
because only user's 'B' password has the privileges.

The generic password would be like a guest's password that can only do
certain stuff, but for more delicate stuff only a power user can do it.

so far I haven't gotten into security in access and i read that it's a hairy
business so my question is:

Can MSACCESS 2003 offer such security and if it can, please could i get some
link to how to do it?
If Access can't do this i'll have to build it in my application then would
be the best approach?

Thank you very much for any help.

Did summer semester start already ? If you only need a little bit of
security you can require a password to use forms that "do stuff that
involves money" and hide the code that checks for the password by
creating an .mde file in Access 2003. Since you want to use the same
password for all such forms, maybe use a separate password form that
gets called before such forms are opened. All the forms should be
hidden and accessed from a switchboard (usually an unbound form) using
something like Albert Kallal's clever technique to hide the database
interface:

http://groups.google.com/group/comp.databases.ms-access/msg/89b7e1dbc1785f18

A Select Case construct can be used from the switchboard code to
determine which forms require the "Power User" password form. You can
even have different passwords for different users by embedding another
Select Case construct based on the UserId in code rather than using a
table to store passwords since the code will disappear, but that
requires more maintenance. In general, if you create an .mde file, be
sure to keep a backup copy of the .mdb file in case a problem develops
with the .mde file. I have other suggestions if your security
requirements are stricter.

James A. Fortune
(e-mail address removed)

 

[James A. Fortune]

A Select Case construct can be used from the switchboard code to
determine which forms require the "Power User" password form. You can
even have different passwords for different users by embedding another
Select Case construct based on the UserId in code rather than using a
table to store passwords since the code will disappear, but that
requires more maintenance. In general, if you create an .mde file, be

I forgot to mention that you can still use a password table by using
special SQL syntax instead of linking to it, but that would require that
table to exist somewhere on the network. I think that the syntax allows
specifying a database password so at least you can password protect the
..mdb file containing that table. The syntax can be found here:

http://groups.google.com/group/microsoft.public.access/msg/c33acc0d39ede4d9

James A. Fortune
(e-mail address removed)

 

[Larry Linson]

You can assign users to Groups with the non-financial permissions; you can
assign the "financial individuals" to Groups which include both those
non-financial permissions plus the financial permissions. That will
accomplish your purpose.

If the school/company is adamant about the individual logging in with the
more general permissions, and then the individual applying yet another
password, they are going too far in trying to tell the developers not "what
security they want" but "how they want it to be implemented".

But, in any case, Access' security is breakable with software that is freely
available on the Internet, if anyone is serious about getting at the
information. And, further, any "security that you can implement in your
application" with Access is going to be even weaker -- that is commonly
referenced as "security lite" in the Access community. (That's why
Microsoft didn't even bother to support the User and Group Level security in
the ACCDB database format of Access 2007.)

If you want to use an Access front end, but secure the data, what you must
do is to keep your data in a server database (e.g., Microsoft SQL Server)
and use the server's security to secure the data... not "secure the forms".
If the _data_ is secure and requires the user log in, then their being able
to open a form does them no good, because they still cannot use it to
display or change the data.

Larry Linson
Microsoft Office Access MVP