473,434 Members | 1,430 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > microsoft access / vba > questions > the age old question of security

Join Bytes to post your question to a community of 473,434 software developers and data experts.

The age old question of Security

I have created an Access-based "tool" used by the Project Management
Team on a PeopleSoft CIS implementation.

Anyway the initial approach to security is to have a "Security" table
listing the UserID And Password. On Open of the "Tool" there is a
login form with a drop menu where the "User" selects their name and
inputs their Password and upon authentication is granted access to the
"Tool".

I have added several more fields to the table. Checkboxes listed as
"Read-Only', "Read-Write" and "Full Access".

My goal is to have some code that upon authentication of the User,
Access checks this table for permissions and grants or revokes the
appropriate actions to the various forms within the "Tool".

Any thoughts would be appreiated. I know that this sort of question
has been asked several time over in various iterations and so I
apologize

May 1 '07 #1
4 1357
Greetings,

Security comes in layers. The database security model is one of the
lower levels of security (closer to the source). I don't like to
surprise users by letting them have the ability to enter data into a
front end application - enter data into textboxes, which on updating
they get a nasty message that they are not authorized to
enter/update/delete data. So I make the front end ReadOnly in addition
to implementing database level security. When users see that they
cannot enter data into a textbox or click on a checkbox they will get
the idea that they don't have the correct permissions on that
application or login without having to bring up an annoying message.

Rich

*** Sent via Developersdex http://www.developersdex.com ***
May 1 '07 #2
An Access front-end can be opened to the database window with relative ease,
making any "Security" table visible. It's only value is to control normal
report and form access. If that is all you need, get the user ID from
windows, decide for yourself if a password is needed.

"Mr.Kane" <ka*******@gmail.comwrote in message
news:11**********************@h2g2000hsg.googlegro ups.com...
I have created an Access-based "tool" used by the Project Management
Team on a PeopleSoft CIS implementation.

Anyway the initial approach to security is to have a "Security" table
listing the UserID And Password. On Open of the "Tool" there is a
login form with a drop menu where the "User" selects their name and
inputs their Password and upon authentication is granted access to the
"Tool".

I have added several more fields to the table. Checkboxes listed as
"Read-Only', "Read-Write" and "Full Access".

My goal is to have some code that upon authentication of the User,
Access checks this table for permissions and grants or revokes the
appropriate actions to the various forms within the "Tool".

Any thoughts would be appreiated. I know that this sort of question
has been asked several time over in various iterations and so I
apologize

May 1 '07 #3
On May 1, 2:16 pm, "paii, Ron" <p...@packairinc.comwrote:
An Access front-end can be opened to the database window with relative ease,
making any "Security" table visible. It's only value is to control normal
report and form access. If that is all you need, get the user ID from
windows, decide for yourself if a password is needed.
Werd. We had a pow-wow today with some end users who want us to
create logging tables that track changes made to any one of 50+ tables
and all this junk. If anyone has that much free time that they can go
sabotage data, their manager should be sniffing that out and cutting
their dead weight off the payroll. Keep it simple, pull their
username off the server and bounce it against a permissions table to
see if they should have access to the form or report.
May 1 '07 #4
On 1 May 2007 09:24:56 -0700, "Mr.Kane" <ka*******@gmail.comwrote:

Others have already commented on the wisdom of the Security table and
the U/PW.
Personally I would use the Windows login.

To restrict access to a form, write this in the Form_Open event (NOT
in the button_click or menu event):
Cancel = HasAccess(Me)

The public function HasAccess(frm as Form)
would figure out if the user (obtained from Windows login or
otherwise) has access to this form, most likely by inspecting a table
with permissions.

If Cancel is True, then the form will not be opened, so the user does
not have access.

-Tom.
>I have created an Access-based "tool" used by the Project Management
Team on a PeopleSoft CIS implementation.

Anyway the initial approach to security is to have a "Security" table
listing the UserID And Password. On Open of the "Tool" there is a
login form with a drop menu where the "User" selects their name and
inputs their Password and upon authentication is granted access to the
"Tool".

I have added several more fields to the table. Checkboxes listed as
"Read-Only', "Read-Write" and "Full Access".

My goal is to have some code that upon authentication of the User,
Access checks this table for permissions and grants or revokes the
appropriate actions to the various forms within the "Tool".

Any thoughts would be appreiated. I know that this sort of question
has been asked several time over in various iterations and so I
apologize
May 2 '07 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
row level security
by: robert | last post by:
well, talk about timely. i'm tasked to implement a security feature, and would rather do so in the database than the application code. the application is generally Oracle, but sometimes DB2. ...
DB2 Database
116
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
Microsoft Access / VBA
4
Error using WS-Security
by: Ashish | last post by:
Hi Guys I am getting the following error while implementing authentication using WS-security. "Microsoft.Web.Services2.Security.SecurityFault: The security token could not be authenticated...
C# / C Sharp
0
Error while executing .NET remoing security dlls
by: prithvi g via .NET 247 | last post by:
Hi I am a newbie to .NET remoting, I am trying to implementauthorization using SSPI example provided by Michael Barnett. Ihave included the required dll(Microsoft.Samples.Security.SSPI.dll...
C# / C Sharp
1
Design Issue: Separating Application Security Model from the Application (Custom or User) Controls
by: Earl Teigrob | last post by:
Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
ASP.NET
7
IIS / Web Services Security threats
by: Magdelin | last post by:
Hi, My security team thinks allowing communication between the two IIS instances leads to severe security risks. Basically, we want to put our presentation tier on the perimeter network and the...
.NET Framework
0
Referenced security token could not be retrieved
by: Jay C. | last post by:
Jay 3 Jan. 11:38 Optionen anzeigen Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements Von: "Jay" <p.brunm...@nusurf.at> - Nachrichten dieses Autors suchen Datum: 3 Jan...
.NET Framework
3
FxCop App Security
by: Velvet | last post by:
I ran FxCop on one of the components for my web site and the security rules what me to add " tags like the ones listed below: This breaks my ASP.NET application. So my question is,...
ASP.NET
1
Code Access Security - General Question
by: Jeremy S. | last post by:
..NET's code Access Security enables administrators to restrict the types of things that a .NET application can do on a local computer. For example, a ..NET Windows Forms application can be...
.NET Framework
2
Embedding Windows Form Control to ASP .NET Security Problem
by: Budhi Saputra Prasetya | last post by:
Hi, I managed to create a Windows Form Control and put it on my ASP .NET page. I have done the suggestion that is provided by modifying the security settings. From the stack trace, I would...
ASP.NET
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!