Requirement: managers can login and only see employee data for the
department they manage and any sub-ordinate departments.
The departments are in a table that defines a simple tree structure with
DepartmentID and ParentDepartmen tID.
The Employee table holds the DepartmentID that the employee belongs to.
First issue is how to tie an Access or MSSQL login to an employee
record. In Access this is fairly simple as you just make it part of the
procedure of creating new users to add the login name to a field on the
Employee table. But what about in MSSQL?
I've created Stored Procedures to which I pass the Employee's
DepartmentID. It returns all the employee records for employees
belonging to that department or any sub-ordinate departments. The
problem is a user could pass any value to this stored procedure and get
access to data they should have access to. Any ideas?
Also, I'm wondering what is the best method of applying security. Have a
basic/common MSSQL security level but then use my own username/password
field on the employee table? Or use full MSSQL users/roles? Being able
to add/remove MSQL users from Access would help as is makes it easier to
tie the login to an employee record....
Thanks.
--
regards,
Bradley