Hi,
A user logs on to the application. When the password is checked in the table
Users I use the field user_id from that table to determine his rights in my
application. So I display only those records of a table WHERE RelationOf
LIKE user_id.
Can I use this method safely? What if 3 or 4 users are using the application
simultanuesly? Can Access 2003 keep them apart or is it possible that
user_id 3 gets the data of say user_id 2 ?
I tested it and didn't get errors so far which doesn't mean it's OK though.
Does anyone has any experiance or knoledge about this topic?
Sorry for my english.
Thanks,
Susan
8  1250 
"susan" <vd*@hotmail.comwrote in message
news:ac***************************@cache1.tilbu1.n b.home.nl...
Hi,
A user logs on to the application. When the password is checked in the
table Users I use the field user_id from that table to determine his
rights in my application. So I display only those records of a table WHERE
RelationOf LIKE user_id.
Can I use this method safely? What if 3 or 4 users are using the
application simultanuesly? Can Access 2003 keep them apart or is it
possible that user_id 3 gets the data of say user_id 2 ?
I tested it and didn't get errors so far which doesn't mean it's OK
though.
Does anyone has any experiance or knoledge about this topic?
Sorry for my english.
Thanks,
Sounds perfectly fine to me Susan but bear in mind that a home-grown
security solution may likely be weaker that the built-in solution. Depends
how Access "savvy" your users are and whether or not they'd be inclined to
try to defeat your security.
Keith. www.keithwilby.co.uk
"susan" <vd*@hotmail.comwrote:
>A user logs on to the application. When the password is checked in the table
Users I use the field user_id from that table to determine his rights in my
application. So I display only those records of a table WHERE RelationOf
LIKE user_id.
Rather than logging into the application I would use the network user id
API: Get Login name http://www.mvps.org/access/api/api0008.htm
>Can I use this method safely? What if 3 or 4 users are using the application
simultanuesly? Can Access 2003 keep them apart or is it possible that
user_id 3 gets the data of say user_id 2 ?
Yes that works. However all your permissions are in the Access database somewhere.
Therefore someone could, for example, take the database home with them, open it up in
retail version of Access, figure out how it works and look at other peoples data.
Finally they could write their own little database that allows them to muck with
their permissions, bring it to the office and run it.
You must never assume that the users can't do this because they may very well know
someone who does. And if there's a reason for doing this, especially in dealing with
personal or financial data, then you have to use better security.
Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
"Tony Toews [MVP]" <tt****@telusplanet.netschreef in bericht
news:k0********************************@4ax.com...
"susan" <vd*@hotmail.comwrote:
>>A user logs on to the application. When the password is checked in the
table
Users I use the field user_id from that table to determine his rights in
my
application. So I display only those records of a table WHERE RelationOf
LIKE user_id.
Rather than logging into the application I would use the network user id
API: Get Login name
http://www.mvps.org/access/api/api0008.htm
>>Can I use this method safely? What if 3 or 4 users are using the
application
simultanuesly? Can Access 2003 keep them apart or is it possible that
user_id 3 gets the data of say user_id 2 ?
Yes that works. However all your permissions are in the Access database
somewhere.
Therefore someone could, for example, take the database home with them,
open it up in
retail version of Access, figure out how it works and look at other
peoples data.
Finally they could write their own little database that allows them to
muck with
their permissions, bring it to the office and run it.
You must never assume that the users can't do this because they may very
well know
someone who does. And if there's a reason for doing this, especially in
dealing with
personal or financial data, then you have to use better security.
Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
Thanks Tony,
I am aware of the copying problem. I have to deliver a database where the
owner (super-user) must have the possibility to add, modify and remove
users. Thereby I don't want him (superuser) to view my code, so I deliver my
application as a .MDE. I don't see another possibility to realize this
login-thing (including user-management) in a MDE-file.
Susan
"susan" <vd*@hotmail.comwrote in message
news:77***************************@cache6.tilbu1.n b.home.nl...
>
I deliver my application as a .MDE. I don't see another possibility to
realize this login-thing (including user-management) in a MDE-file.
Susan
The built-in user-level security can be applied to an mdb which can then be
converted to an mde.
Keith. www.keithwilby.co.uk
"Keith Wilby" <he**@there.comschreef in bericht
news:49**********@glkas0286.greenlnk.net...
"susan" <vd*@hotmail.comwrote in message
news:77***************************@cache6.tilbu1.n b.home.nl...
>>
I deliver my application as a .MDE. I don't see another possibility to
realize this login-thing (including user-management) in a MDE-file.
Susan
The built-in user-level security can be applied to an mdb which can then
be converted to an mde.
Keith.
www.keithwilby.co.uk
Does this mean that if you login on the application with the and you have
theproper rights you can add, modify, remove users and change their
passwords? If so, can I put a commandbutton on a form and what action should
it perform?
Susan
"susan" <vd*@hotmail.comwrote in message
news:ee***************************@cache6.tilbu1.n b.home.nl...
>
Does this mean that if you login on the application with the and you have
theproper rights you can add, modify, remove users and change their
passwords? If so, can I put a commandbutton on a form and what action
should it perform?
I would suggest that you, as the developer, have the sole rights to
administer user groups and their permissions. This you would do on your
development copy whilst joined to your custom workgroup. If you're
considering the user-level security option then I would urge you to read the
FAQ from MS, there's a link to it on my web site.
Keith. www.keithwilby.co.uk
Keith Wilby wrote:
"susan" <vd*@hotmail.comwrote in message
news:ee***************************@cache6.tilbu1.n b.home.nl...
>>
Does this mean that if you login on the application with the and you
have theproper rights you can add, modify, remove users and change
their passwords? If so, can I put a commandbutton on a form and what
action should it perform?
I would suggest that you, as the developer, have the sole rights to
administer user groups and their permissions. This you would do on your
development copy whilst joined to your custom workgroup. If you're
considering the user-level security option then I would urge you to read
the FAQ from MS, there's a link to it on my web site.
I disagree somewhat. There have been stories in the past of the
"developer that left and is nowhere to be found" basically locking out
the users from changing permissions. I think there should be some mgr
or owner of the company that is given rights to administer permissions.
Keith.
www.keithwilby.co.uk
"Salad" <oi*@vinegar.comwrote in message
news:fY******************************@earthlink.co m...
Keith Wilby wrote:
>>
I would suggest that you, as the developer, have the sole rights to
administer user groups and their permissions. This you would do on your
development copy whilst joined to your custom workgroup. If you're
considering the user-level security option then I would urge you to read
the FAQ from MS, there's a link to it on my web site.
I disagree somewhat. There have been stories in the past of the
"developer that left and is nowhere to be found" basically locking out the
users from changing permissions. I think there should be some mgr or
owner of the company that is given rights to administer permissions.
Yes, the "sole rights" comment was a little restrictive, what I was trying
to steer away from was the command button option, but I suppose even that is
a personal preference. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Michele |
last post by:
Hi all,
I have a form with 3 combobox whitin a asp page called data.asp, whose
action form is itself; the first combobox drives the behaviour of the other
two.
The onchange event of the first...
|
by: bissatch |
last post by:
Hi,
I have been trying to come up with an idea to reduce double submissions
where a user clicks refresh and, for example, another row is INSERT
into a table.
Originally, I would have a form...
|
by: tencip |
last post by:
Hi everyone,
So, i've got a form that is very simple. It hold three elements:
username, password, and domain. The goal here is to have the form
submit the login to an administrative section...
|
by: SMXSteve |
last post by:
I have a form with several submit buttons. Each one is different. For
instance, one may require the next action window to be a pop up requesting
more data. Another may require it to be normal. And...
|
by: Sameh Ahmed |
last post by:
hello there
need to create an application that checks for a condition every 5 minutes
and performs a certain action depending on whether the condition was met or
not.
what is the best way to do...
|
by: Kevin Blount |
last post by:
bit long winded this one, so stick with me:
I'm trying to create a form that can go to one of 3 places, depending on
various elements. My form control looks like this:
<form runat="server"...
|
by: Benton |
last post by:
Hi there,
I have a UserControl with a couple of textboxes and a couple of buttons
("Save" and "Cancel"). The Click event for this buttons is in the
UserControl's codebehind of course, so here's...
|
by: victoria.rego |
last post by:
Hi there,
My application is generating a "The OpenForm action was cancelled"
error and I can't seem to figure out why. The best part about it is
that it's only one user in the entire building -...
|
by: maralfarshadi |
last post by:
Hello
In my JSP, I have several comboboxes (located in several forms in one JSP). In the onChange event , I have :
onchange="submit()"
My combobox have the values :
Select Item
Action 1...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
