A
Alan Cossey
Hi folks,
A couple of us (Brent Spaulding and I, Alan Cossey) have been trying
to find a way of generating an equivalent of the old User Level
Security (ULS) with the new Access 2007 file format. We've come up
with a framework that we think is worthwhile. We've called it Virtual
Password Protected Connection (vPPC) and it works by
1) Using a back end with database password and encryption.
2) Opening a connection to the data from the front end using code
(which includes the back end password).
3) Opening up our form or report in the front end. Because there is a
connection already open to the back end, it is not necessary to
provide the back end database password again).
4) At a suitable point, closing the connection opened in 2).
We have two levels, which we have called vPPC Standard and vPPC
Enhanced. I have written up vPPC Enhanced at
www.pdtltd.co.uk/pdtl/Access2007/Access%202007%20vPPC.pdf
though it is still a work in progress. The document gives links to
some sample files in both Access 2007 and 2003 format. vPPC Enhanced
gives, we believe, the better security because it moves the queries
and linked tables out of the front end (out of harm's way) into a
database-password-and-encryption-protected mid-tier database and bases
the forms and reports on those queries and/or tables in the mid-tier,
but still without needing any database password. The effect, if the
connection is a Private connection, is that the user cannot open forms
or reports in the front end using the Navigation Pane. Thus the
developer is in control.
So far it has been just Brent and yours truly trying it out. That is
not sufficient to determine whether this is going to really be a
useful concept, so we would be most appreciative if some other people
were to give it a go and let us know how they get on. If there are any
major weaknesses, we need to know before we go relying on it big time.
Note that vPPC Enhanced is designed to:
1) Stop users from accessing tables and queries directly.
2) Only open forms and reports that the developer decides they can
open.
At present, this is not fully a replacement for ULS on its own; it
requires a further mechanism to allow the developer to distinguish
between users. Since this could be done using any number of different
mechanisms, e.g. based on the users' Windows ID's or by getting them
to log in in some manner, we have kept that bit out of the write up
and demos in the hope of keeping things as simple as possible.
Alan Cossey
A couple of us (Brent Spaulding and I, Alan Cossey) have been trying
to find a way of generating an equivalent of the old User Level
Security (ULS) with the new Access 2007 file format. We've come up
with a framework that we think is worthwhile. We've called it Virtual
Password Protected Connection (vPPC) and it works by
1) Using a back end with database password and encryption.
2) Opening a connection to the data from the front end using code
(which includes the back end password).
3) Opening up our form or report in the front end. Because there is a
connection already open to the back end, it is not necessary to
provide the back end database password again).
4) At a suitable point, closing the connection opened in 2).
We have two levels, which we have called vPPC Standard and vPPC
Enhanced. I have written up vPPC Enhanced at
www.pdtltd.co.uk/pdtl/Access2007/Access%202007%20vPPC.pdf
though it is still a work in progress. The document gives links to
some sample files in both Access 2007 and 2003 format. vPPC Enhanced
gives, we believe, the better security because it moves the queries
and linked tables out of the front end (out of harm's way) into a
database-password-and-encryption-protected mid-tier database and bases
the forms and reports on those queries and/or tables in the mid-tier,
but still without needing any database password. The effect, if the
connection is a Private connection, is that the user cannot open forms
or reports in the front end using the Navigation Pane. Thus the
developer is in control.
So far it has been just Brent and yours truly trying it out. That is
not sufficient to determine whether this is going to really be a
useful concept, so we would be most appreciative if some other people
were to give it a go and let us know how they get on. If there are any
major weaknesses, we need to know before we go relying on it big time.
Note that vPPC Enhanced is designed to:
1) Stop users from accessing tables and queries directly.
2) Only open forms and reports that the developer decides they can
open.
At present, this is not fully a replacement for ULS on its own; it
requires a further mechanism to allow the developer to distinguish
between users. Since this could be done using any number of different
mechanisms, e.g. based on the users' Windows ID's or by getting them
to log in in some manner, we have kept that bit out of the write up
and demos in the hope of keeping things as simple as possible.
Alan Cossey