 zmbd  5,501
Expert Mod 4TB
For establishing user "rights" in the past, I've use a ton of different methods: user security model, tables and related tables, and so forth
The ms access user-level security had the advantage that the user couldn't just easily bypass things and elevate privilege. To do so took some effort and some extra-know-how to get around the workgroup restrictions. I do miss that in some ways; however, it was a pain to maintain.
However, using the table/table-related_table methods I've had users find the table(s) (even the hidden/system tables!) and find a way to alter the user table so that they would have the desired role and then alter it back once done.
However, this time I was thinking about using Binary Flags to check for "rights." This is something I used to use in other codes a lot (especially back in the old CBM-Vic20 and machine level code – 5K was a lot of memory back then!); however, I've not used the method in VBA or a database.
I was considering that a 8-Bit set of flags would work just fine and I could store just the one number with the employee's information and get rid of one table and the associated look-ups, codes and the like. Maybe create one class module to pull the current windows user from advapi32.dll and then set the flags and allow admins to alter user’s rights by tweaking which flags were set. To make things fun, I would really only need 5 of the 8 bits, I could use the unused bits to mess with what values correspond to what rights.... say, as far as user rights would be concerned: 00011011 would be the same as 10011011 as well as =01011011 because I wouldn't be checking the first three (left to right) unused bits and it'd make the users scratch their heads. – Perhaps use a SHA digest to validate… or maybe use the “rights” as a password against their password. I was already considering using a SHA digest to store the user names…
or am I over thinking things?
7 1945  NeoPa 32,556
Expert Mod 16PB
Using bit-flags within a numeric (or even character/string) variable can certainly work. It makes sense to store such binary options that way (Various items within Access use a similar approach). What I'm really not getting here is what the question is supposed to be?
zmbd 5,501
Expert Mod 4TB
I guess the question comes down to is this a reasonable method or is there a better way?
In this case, I'm actually going to use the bits to set the form's "allow... edit/addition/etc..." properties based on a few things.
NeoPa 32,556
Expert Mod 16PB
It's a good way to store such information. That's a general comment. We still have little information as to exactly what is being stored, but I would hazard that this approach is sensible.
I would point out that checking such flags is somewhat clumsy in all languages, but especially so in VBA. You may want to provide routines (maybe even a class) to allow saving and querying such data.
Ultimately, only a good understanding of exactly how you expect to be using this can tell you whether it makes sense for you. Now everything has so much more in the way of resources the need to compact memory usage is much much less than it was. What works for you is hard for anyone else to say easily, but it would certainly be a way to obfuscate your settings - especially if you used five bit-flags and stored the result within an ASCII character for instance. A class could ensure that the three MSBs of the byte were set most appropriately for the value of the five LSBs.
zmbd 5,501
Expert Mod 4TB
Ah... finally a moment to address this:
I would point out that checking such flags is somewhat clumsy in all languages, but especially so in VBA.
Yes. The class module was where I was going with this as I had/have (if I can find it again) some example code that I've planed to base the setting/retrieval.
Ultimately, only a good understanding of exactly how you expect to be using this can tell you whether it makes sense for you.
So my thoughts, a flag(s) to set the user level, and flags to set edit/add/delete.
I may also use the Tag property to store some information such as the user level that can open and then what right are available at the form level.
Say I want a form to open only for DBA and Supervisor; however, I only want read, no add, or edit (say it's an audit log) So the form will have the flags set for the two user levels and the then the remaining flags cleared. The user's flag set for their user level and then general rights...
One of the issues I've ran into is the cascading combo boxes within a single form. I like to use the header/footer section of the form for the CBOs and then build my filters against the bound form; therefore, the edit property has to be set to true and I have to trap the beforeupdate event and check for user rights. Guess could get around this with the form/subform wherein the parent allows the edit to be true and the subform has edit set to false - but I think I would loose the ease of two/multi stage filter (I have three CBO in one form to help with reports - thus the user can have a full report on the unfiltered (yuck) the first level... down to reports on specific type of product, as the records filter after each CBO is set.)
As I said, it's a work in progress. I do like the single ASCII thought...
NeoPa 32,556
Expert Mod 16PB
I don't believe I would consider using such an approach unless I were needing to obfuscate the data myself. It's possible, but I believe even a class implemented routine would be easier and more efficient (that bit probably miniscule/unimportant) if done using discrete memory locations (or variables if you prefer).
That said, there's no reason not to take that route if you like the idea.
zmbd 5,501
Expert Mod 4TB
And there you have it.
My goal was to make things a tad easier for me and more difficult for the user to elevate privlages.
In the past I've used a varity tables and forms approach... none of these really very, well, satisfying in impelementation and worse, because some users have that special little humph, they've been able to get at the tables either adding or changing the form name to their account or elevate their user status. Very Annoying. However, when the front end is set to MDE (or now ACCDE) altering the forms isn't a possiblity and with flags idea I thought a simple flaging scheme might work. Even if I used a decimal/hex numeric... each supervisor would could a different numeric and yet have the same user rights and I could set something within the forms themselves.
Just can't seem to figure out the right solution to the user rights - I work with too many people that are too smart for their own good.
:-)
NeoPa 32,556
Expert Mod 16PB
Ah, Clearly the obfuscation is a real issue for you. Go for the bit flags. No question.
If obfuscation is a very important issue then you could also use reversible encryption. Unfortunately, clever users could simply take the value stored against a know admin/super user and apply it to their own record. I can't think of a better approach off hand though. Certainly, it would make fiddling with the data orders of magnitude more complex.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Mark1 |
last post by:
Hi,
as I did not find a group for MySQL I try my luck here. Plz tell me,
if there is a better cathegory for MySQL...
I´ve got several MySQL Databases running on a Linux 8.1 Server. User...
|
by: simo sentissi |
last post by:
Hello
I have a vb.net app from where I send emails using the smtp .net class.
I was developping it under my user rights (admin), but when I run it as a
normal user it faces an error of the sort...
|
by: Quentin Huo |
last post by:
Hi:
I am working in win 2003 and ASP.NET. I tried to modify the user rights from
an ASPX (writen in C#) page through running xcacls. But failed. What I did
is:
Process myProcess = new...
|
by: Andy |
last post by:
Hi
What user rights are necessary to run Vb.net 2005? I've tried to have only
ordinary user rights when I start VB.net the first time and get some strange
messages.
/A.
|
by: poli |
last post by:
Hi,
I have a urgent problem. I want to end a running application before I start another one (in c# code). I see that all these function GetProcesses() ,GetProcessesByName(), run only if I have...
|
by: Mitul |
last post by:
Hello everybody,
I am developing a community site and almost all works are competed.
There is major issue that I am facing is how to track user's online
status. I am using session data to save...
|
by: Keita |
last post by:
Hi everyone. I'm using a socket-based application for Windows platforms (using winsock). Everything works fine when trying to connect in Administrator mode, but when I'm in User mode no communication...
|
by: nabilj45 |
last post by:
Does anyone have a query that will list all the users and user rights for a sqlserver database.
Thanks so much!
|
by: yellowblueyellow |
last post by:
Hey ,,
I wanted to List user rights assignment programmatically using c#..
the function should list the privilege and the user it has been
granted to. I think it can be done using PInvoke . Is...
|
by: Jassim Rahma |
last post by:
I have an application in C# and I want to assign rights based on the user
login. I have users table in the database and I wnat to know what is the
best way to manage the user rights?
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
