Hi!
I'm using access 2000 (version 9.0.270) and I have to add user login to my application.
I have a table from which rights od log on user is defined, and all rights are stored there.
Meaning, I have first table named User and second table named Job, there is many-to-many connection between them and another table named UserJob is created (this is the table mentioned in the beginig)
for example:i want my user John, who has rights to open certain form and add data, but not to delete them to be recognized trough the application based on his log in name and privilegies that he has
i have logon form but when I log on and pass this form my application doesn't recognize who is logged. How do I keep the information about logged user trough the whole application until the app is shut down?
I want to give access to certain controls only to certain users, others have to see a msg box informing them that the do not have the needed privilegies.
what i have to do to make this work?
Thanx in advance
To treat the security aspect of your application
properly (
or at least within the best intentions of those who created the Access security model) you should be at least looking at, or seeking to understand Access's very own security model that is to say logging into Access using a 'secure' .MDW workgroup file.
The default MDW file that Access performs under is called SYSTEM.MDW which by default is insecure. Learning 'how' to implement Access security is not the most friendly of things to get to know, but once you 'do' know you will find it caters for what you require without you having to re-invent the wheel creating your own tables of users and passwords and seeking to control SELECT permissions on 'this' table or 'edits' on that table yourself
Using Access's own security model you can define what your users CAN and CANNOT do within GROUPS that you also define all of which, including logins and passwords, are stored within a secured MDW file. Once invoked you will automatically have your ready made login box. You will have your users identified from username and password. and will be able to allow or deny the usual SELECT permissions or deny EDITS based on which group they belong to and so on.
Once logged in you can identify the user merely by calling to the inbuilt function
CurrentUser() and controlling any program flow based on that.
If secured properly then another person using Access (ie: from another machine on your network) would not be able to open your database by using a standard retail 'Access' installation unless they are part of your workgroup file and for that they have to have permissions and so on. (
unless they are an ardent hacker of course andI won't go into the in and outs of total access security or insecurity as can be argued) suffice it to say this 'the average user would be prevented'
If you have a look at a file that will be on your computer called WRKGADM.EXE generally located in C:\Program Files\Microsoft Office\Office\1033 (depending on your installation path) double click it and you will see a dialog screen inviting you to create or join an existing workgroup.
This utility allows you to create and or join existing MDW files that you wish to use as the default for logging into Access.
Frankly.... to go into the in and outs of the security model in this thread would require extensive work by me (you could write a small book) whereas you can simply google a lot of it yourself and if you get stuck feel free to ask
To help you along here are a couple of links that illustrate what I am talking about
Gives a concise step by step with pics
http://www.databasedev.co.uk/access_security.html
A retail book pertinent sections of which are readable as pdf
http://books.google.com/books?id=qZq...CH8#PPA1088,M1
Regards
Jim :)
3
