|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Allowing User Permissions to a ControlHello, Community!
I've created a database that will be used by about six people - three of them will be main Data Entry Users at best. Currently, there is no security on the dbase and I think it should be fine as the Users will not go into the backend tables. (I'm also hesitant to start applying security because I'm really green and don't know its 'inner workings'.) The only item that really needs to be secured is the "Delete Record" button. We do not want the Data Entry Users to delete records accidentally. Is there a way to allow "Delete Record" to function for three of the six Users? Many thanks! ssignore On Wed, 15 Apr 2009 08:39:01 -0700, ssignore
<ssign***@discussions.microsoft.com> wrote: Sure there is a way. Many ways, in fact. First off, kudos for being cautious about security. Access' user-level security is indeed an advanced topic you should not get into until you first download, study, and fully understand the Security FAQ from microsoft.com. As my friend Larry says: 30-some pages, no filler. Here is a simpler approach. First ask Windows who is logged in: http://www.mvps.org/access/api/api0008.htm , and if it is other than some list of users, you set Me.AllowEdits to false: dim strUser as string strUser = fOSUserName() if strUser = "my_first_user" or strUser = "my_second_user" or strUser = "my_third_user" then Me.AllowDeletes = True else Me.AllowDeletes = False (change myObjectNames to yours) -Tom. Microsoft Access MVP Show quoteHide quote >Hello, Community! >I've created a database that will be used by about six people - three of >them will be main Data Entry Users at best. Currently, there is no security >on the dbase and I think it should be fine as the Users will not go into the >backend tables. (I'm also hesitant to start applying security because I'm >really green and don't know its 'inner workings'.) >The only item that really needs to be secured is the "Delete Record" button. > We do not want the Data Entry Users to delete records accidentally. > >Is there a way to allow "Delete Record" to function for three of the six >Users? > >Many thanks! >ssignore Tom,
Many thanks for the instructions; I guess I should have mentioned that I also don't speak VB? (I was able to get guidance on restricting fields data from being wiped out using a BeforeUpdate event and writing in code and I thought I was a VB genius - for a half-second!) I do understand the logic. The first set of code tells you who is using and then the second set that you generously provided limits who can delete; however, I'm muddled on where to insert this and what to change. I have a 'delete record' button. I guess I can look at the VB and see what the string (?) is for the name. Where does one insert the first set of code on User login? The more important question is does one need to be an official "DBA" to get this info? I'm not an administrator - I'm simply in a functional analysis unit and we're doing this to help another unit try to go electronic and get rid of their paper. Many thanks for any additional guidance you can give me (if you have the bandwidth!) Thanks, Simone Show quoteHide quote "Tom van Stiphout" wrote: > On Wed, 15 Apr 2009 08:39:01 -0700, ssignore > <ssign***@discussions.microsoft.com> wrote: > > Sure there is a way. Many ways, in fact. First off, kudos for being > cautious about security. Access' user-level security is indeed an > advanced topic you should not get into until you first download, > study, and fully understand the Security FAQ from microsoft.com. As my > friend Larry says: 30-some pages, no filler. > > Here is a simpler approach. First ask Windows who is logged in: > http://www.mvps.org/access/api/api0008.htm , and if it is other than > some list of users, you set Me.AllowEdits to false: > dim strUser as string > strUser = fOSUserName() > if strUser = "my_first_user" or strUser = "my_second_user" or strUser > = "my_third_user" then Me.AllowDeletes = True > else Me.AllowDeletes = False > (change myObjectNames to yours) > > -Tom. > Microsoft Access MVP > > > > >Hello, Community! > >I've created a database that will be used by about six people - three of > >them will be main Data Entry Users at best. Currently, there is no security > >on the dbase and I think it should be fine as the Users will not go into the > >backend tables. (I'm also hesitant to start applying security because I'm > >really green and don't know its 'inner workings'.) > >The only item that really needs to be secured is the "Delete Record" button. > > We do not want the Data Entry Users to delete records accidentally. > > > >Is there a way to allow "Delete Record" to function for three of the six > >Users? > > > >Many thanks! > >ssignore > On Fri, 17 Apr 2009 06:15:02 -0700, ssignore
<ssign***@discussions.microsoft.com> wrote: I should have written: ....and if it is other than some list of users, you set Me.AllowDeletes to false... The code from the article goes in a Standard Module. Anyone can call this. Apps do this all the time. You don't have to be an Administrator. Yes, you will need to experiment a bit with what this function returns. On my work computer (we're in a domain) it's different then at home (in a workgroup). Simply set a breakpoint on the "if ..." line and inspect the value of strUser. The rest of the code goes in the Click event of the button. -Tom. Microsoft Access MVP Show quoteHide quote >Tom, >Many thanks for the instructions; I guess I should have mentioned that I >also don't speak VB? (I was able to get guidance on restricting fields data >from being wiped out using a BeforeUpdate event and writing in code and I >thought I was a VB genius - for a half-second!) > >I do understand the logic. The first set of code tells you who is using and >then the second set that you generously provided limits who can delete; >however, I'm muddled on where to insert this and what to change. I have a >'delete record' button. I guess I can look at the VB and see what the string >(?) is for the name. >Where does one insert the first set of code on User login? The more >important question is does one need to be an official "DBA" to get this info? > I'm not an administrator - I'm simply in a functional analysis unit and >we're doing this to help another unit try to go electronic and get rid of >their paper. > >Many thanks for any additional guidance you can give me (if you have the >bandwidth!) >Thanks, >Simone > >"Tom van Stiphout" wrote: > >> On Wed, 15 Apr 2009 08:39:01 -0700, ssignore >> <ssign***@discussions.microsoft.com> wrote: >> >> Sure there is a way. Many ways, in fact. First off, kudos for being >> cautious about security. Access' user-level security is indeed an >> advanced topic you should not get into until you first download, >> study, and fully understand the Security FAQ from microsoft.com. As my >> friend Larry says: 30-some pages, no filler. >> >> Here is a simpler approach. First ask Windows who is logged in: >> http://www.mvps.org/access/api/api0008.htm , and if it is other than >> some list of users, you set Me.AllowEdits to false: >> dim strUser as string >> strUser = fOSUserName() >> if strUser = "my_first_user" or strUser = "my_second_user" or strUser >> = "my_third_user" then Me.AllowDeletes = True >> else Me.AllowDeletes = False >> (change myObjectNames to yours) >> >> -Tom. >> Microsoft Access MVP >> >> >> >> >Hello, Community! >> >I've created a database that will be used by about six people - three of >> >them will be main Data Entry Users at best. Currently, there is no security >> >on the dbase and I think it should be fine as the Users will not go into the >> >backend tables. (I'm also hesitant to start applying security because I'm >> >really green and don't know its 'inner workings'.) >> >The only item that really needs to be secured is the "Delete Record" button. >> > We do not want the Data Entry Users to delete records accidentally. >> > >> >Is there a way to allow "Delete Record" to function for three of the six >> >Users? >> > >> >Many thanks! >> >ssignore >> Tom,
I don't speak VB so I'm not sure what needs to be swapped out to make sense for my database. Firstly, does the code from the article need to be edited in anyway to make sense for a specific dbase? It look as if it does not, but again, I don't speak this language. I think I can figure out where to change your recommended script to accommodate my users and we use the Windows NT ID for user name. Second, Would your recommended script look like the following if the Managers' NT IDs were ssignoretto, jgutierrez, and jsottile? dim strUser as string strUser = fOSUserName() if strUser = "ssignoretto" or strUser = "jgutierrez" or strUser = "jsottile" then Me.AllowDeletes = True else Me.AllowDeletes = False Again, your guidance is much appreciated. Thanks, Simone Show quoteHide quote "Tom van Stiphout" wrote: > On Fri, 17 Apr 2009 06:15:02 -0700, ssignore > <ssign***@discussions.microsoft.com> wrote: > > I should have written: > ....and if it is other than some list of users, you set Me.AllowDeletes > to false... > > The code from the article goes in a Standard Module. Anyone can call > this. Apps do this all the time. You don't have to be an > Administrator. > Yes, you will need to experiment a bit with what this function > returns. On my work computer (we're in a domain) it's different then > at home (in a workgroup). Simply set a breakpoint on the "if ..." line > and inspect the value of strUser. > > The rest of the code goes in the Click event of the button. > > -Tom. > Microsoft Access MVP > > > >Tom, > >Many thanks for the instructions; I guess I should have mentioned that I > >also don't speak VB? (I was able to get guidance on restricting fields data > >from being wiped out using a BeforeUpdate event and writing in code and I > >thought I was a VB genius - for a half-second!) > > > >I do understand the logic. The first set of code tells you who is using and > >then the second set that you generously provided limits who can delete; > >however, I'm muddled on where to insert this and what to change. I have a > >'delete record' button. I guess I can look at the VB and see what the string > >(?) is for the name. > >Where does one insert the first set of code on User login? The more > >important question is does one need to be an official "DBA" to get this info? > > I'm not an administrator - I'm simply in a functional analysis unit and > >we're doing this to help another unit try to go electronic and get rid of > >their paper. > > > >Many thanks for any additional guidance you can give me (if you have the > >bandwidth!) > >Thanks, > >Simone > > > >"Tom van Stiphout" wrote: > > > >> On Wed, 15 Apr 2009 08:39:01 -0700, ssignore > >> <ssign***@discussions.microsoft.com> wrote: > >> > >> Sure there is a way. Many ways, in fact. First off, kudos for being > >> cautious about security. Access' user-level security is indeed an > >> advanced topic you should not get into until you first download, > >> study, and fully understand the Security FAQ from microsoft.com. As my > >> friend Larry says: 30-some pages, no filler. > >> > >> Here is a simpler approach. First ask Windows who is logged in: > >> http://www.mvps.org/access/api/api0008.htm , and if it is other than > >> some list of users, you set Me.AllowEdits to false: > >> dim strUser as string > >> strUser = fOSUserName() > >> if strUser = "my_first_user" or strUser = "my_second_user" or strUser > >> = "my_third_user" then Me.AllowDeletes = True > >> else Me.AllowDeletes = False > >> (change myObjectNames to yours) > >> > >> -Tom. > >> Microsoft Access MVP > >> > >> > >> > >> >Hello, Community! > >> >I've created a database that will be used by about six people - three of > >> >them will be main Data Entry Users at best. Currently, there is no security > >> >on the dbase and I think it should be fine as the Users will not go into the > >> >backend tables. (I'm also hesitant to start applying security because I'm > >> >really green and don't know its 'inner workings'.) > >> >The only item that really needs to be secured is the "Delete Record" button. > >> > We do not want the Data Entry Users to delete records accidentally. > >> > > >> >Is there a way to allow "Delete Record" to function for three of the six > >> >Users? > >> > > >> >Many thanks! > >> >ssignore > >> > Tom,
I hit "Post" too soon - sorry. So, I do have to change the code from the article, but I don't understand what you mean by the following statement: "Simply set a breakpoint on the "if ..." line and inspect the value of strUser." Can you advise? Thanks again, Simone Show quoteHide quote "Tom van Stiphout" wrote: > On Fri, 17 Apr 2009 06:15:02 -0700, ssignore > <ssign***@discussions.microsoft.com> wrote: > > I should have written: > ....and if it is other than some list of users, you set Me.AllowDeletes > to false... > > The code from the article goes in a Standard Module. Anyone can call > this. Apps do this all the time. You don't have to be an > Administrator. > Yes, you will need to experiment a bit with what this function > returns. On my work computer (we're in a domain) it's different then > at home (in a workgroup). Simply set a breakpoint on the "if ..." line > and inspect the value of strUser. > > The rest of the code goes in the Click event of the button. > > -Tom. > Microsoft Access MVP > > > >Tom, > >Many thanks for the instructions; I guess I should have mentioned that I > >also don't speak VB? (I was able to get guidance on restricting fields data > >from being wiped out using a BeforeUpdate event and writing in code and I > >thought I was a VB genius - for a half-second!) > > > >I do understand the logic. The first set of code tells you who is using and > >then the second set that you generously provided limits who can delete; > >however, I'm muddled on where to insert this and what to change. I have a > >'delete record' button. I guess I can look at the VB and see what the string > >(?) is for the name. > >Where does one insert the first set of code on User login? The more > >important question is does one need to be an official "DBA" to get this info? > > I'm not an administrator - I'm simply in a functional analysis unit and > >we're doing this to help another unit try to go electronic and get rid of > >their paper. > > > >Many thanks for any additional guidance you can give me (if you have the > >bandwidth!) > >Thanks, > >Simone > > > >"Tom van Stiphout" wrote: > > > >> On Wed, 15 Apr 2009 08:39:01 -0700, ssignore > >> <ssign***@discussions.microsoft.com> wrote: > >> > >> Sure there is a way. Many ways, in fact. First off, kudos for being > >> cautious about security. Access' user-level security is indeed an > >> advanced topic you should not get into until you first download, > >> study, and fully understand the Security FAQ from microsoft.com. As my > >> friend Larry says: 30-some pages, no filler. > >> > >> Here is a simpler approach. First ask Windows who is logged in: > >> http://www.mvps.org/access/api/api0008.htm , and if it is other than > >> some list of users, you set Me.AllowEdits to false: > >> dim strUser as string > >> strUser = fOSUserName() > >> if strUser = "my_first_user" or strUser = "my_second_user" or strUser > >> = "my_third_user" then Me.AllowDeletes = True > >> else Me.AllowDeletes = False > >> (change myObjectNames to yours) > >> > >> -Tom. > >> Microsoft Access MVP > >> > >> > >> > >> >Hello, Community! > >> >I've created a database that will be used by about six people - three of > >> >them will be main Data Entry Users at best. Currently, there is no security > >> >on the dbase and I think it should be fine as the Users will not go into the > >> >backend tables. (I'm also hesitant to start applying security because I'm > >> >really green and don't know its 'inner workings'.) > >> >The only item that really needs to be secured is the "Delete Record" button. > >> > We do not want the Data Entry Users to delete records accidentally. > >> > > >> >Is there a way to allow "Delete Record" to function for three of the six > >> >Users? > >> > > >> >Many thanks! > >> >ssignore > >> > On Fri, 17 Apr 2009 09:47:01 -0700, ssignore
<ssign***@discussions.microsoft.com> wrote: No, the code from the article works as-is. All it does is call Windows to ask for the name of the logged-in user, and it returns that name. On the breakpoint: set your cursor on the line: if strUser = "ssignoretto" (etc.) and then hit F9 to set a breakpoint (F9 again clears it). Then run the app and it will stop at that line. Then you can hover over strUser and a tooltip will show the value, i.e. the name of the logged in user. If I do that at work, it will say "kinetik-it\tvanstiphout", so I would adjust my code accordingly. If hovering does not work, there are at least two other options to find out the value of strUser: * Menu option View > Locals Window * Hit Ctrl+G to get to the Immediate window, and type: ? strUser -Tom. Microsoft Access MVP Show quoteHide quote >Tom, >I hit "Post" too soon - sorry. > >So, I do have to change the code from the article, but I don't understand >what you mean by the following statement: >"Simply set a breakpoint on the "if ..." line and inspect the value of >strUser." > >Can you advise? >Thanks again, >Simone > > > > >"Tom van Stiphout" wrote: > >> On Fri, 17 Apr 2009 06:15:02 -0700, ssignore >> <ssign***@discussions.microsoft.com> wrote: >> >> I should have written: >> ....and if it is other than some list of users, you set Me.AllowDeletes >> to false... >> >> The code from the article goes in a Standard Module. Anyone can call >> this. Apps do this all the time. You don't have to be an >> Administrator. >> Yes, you will need to experiment a bit with what this function >> returns. On my work computer (we're in a domain) it's different then >> at home (in a workgroup). Simply set a breakpoint on the "if ..." line >> and inspect the value of strUser. >> >> The rest of the code goes in the Click event of the button. >> >> -Tom. >> Microsoft Access MVP >> >> >> >Tom, >> >Many thanks for the instructions; I guess I should have mentioned that I >> >also don't speak VB? (I was able to get guidance on restricting fields data >> >from being wiped out using a BeforeUpdate event and writing in code and I >> >thought I was a VB genius - for a half-second!) >> > >> >I do understand the logic. The first set of code tells you who is using and >> >then the second set that you generously provided limits who can delete; >> >however, I'm muddled on where to insert this and what to change. I have a >> >'delete record' button. I guess I can look at the VB and see what the string >> >(?) is for the name. >> >Where does one insert the first set of code on User login? The more >> >important question is does one need to be an official "DBA" to get this info? >> > I'm not an administrator - I'm simply in a functional analysis unit and >> >we're doing this to help another unit try to go electronic and get rid of >> >their paper. >> > >> >Many thanks for any additional guidance you can give me (if you have the >> >bandwidth!) >> >Thanks, >> >Simone >> > >> >"Tom van Stiphout" wrote: >> > >> >> On Wed, 15 Apr 2009 08:39:01 -0700, ssignore >> >> <ssign***@discussions.microsoft.com> wrote: >> >> >> >> Sure there is a way. Many ways, in fact. First off, kudos for being >> >> cautious about security. Access' user-level security is indeed an >> >> advanced topic you should not get into until you first download, >> >> study, and fully understand the Security FAQ from microsoft.com. As my >> >> friend Larry says: 30-some pages, no filler. >> >> >> >> Here is a simpler approach. First ask Windows who is logged in: >> >> http://www.mvps.org/access/api/api0008.htm , and if it is other than >> >> some list of users, you set Me.AllowEdits to false: >> >> dim strUser as string >> >> strUser = fOSUserName() >> >> if strUser = "my_first_user" or strUser = "my_second_user" or strUser >> >> = "my_third_user" then Me.AllowDeletes = True >> >> else Me.AllowDeletes = False >> >> (change myObjectNames to yours) >> >> >> >> -Tom. >> >> Microsoft Access MVP >> >> >> >> >> >> >> >> >Hello, Community! >> >> >I've created a database that will be used by about six people - three of >> >> >them will be main Data Entry Users at best. Currently, there is no security >> >> >on the dbase and I think it should be fine as the Users will not go into the >> >> >backend tables. (I'm also hesitant to start applying security because I'm >> >> >really green and don't know its 'inner workings'.) >> >> >The only item that really needs to be secured is the "Delete Record" button. >> >> > We do not want the Data Entry Users to delete records accidentally. >> >> > >> >> >Is there a way to allow "Delete Record" to function for three of the six >> >> >Users? >> >> > >> >> >Many thanks! >> >> >ssignore >> >> >> Tom,
I've added the code from the article into a new module as you advised. I'm sorry, but I'm lost on the rest of it (well, I don't even understand the module, to be honest - I'm a fairly green Access user.) I think you're telling me that as an Admin, it's advantageous to be able to hover over a strUser to tell whether they are in the database? However, the syntax eludes me. There is an [Event Procedure] on the "delete record" button, which obviously is for people like me who do not know how to code. So how do I get the user Identification code of: dim strUser as string strUser = fOSUserName() if strUser = "ssignoretto" or strUser = "jgutierrez" or strUser = "jsottile" then Me.AllowDeletes = True else Me.AllowDeletes = False to work with the actual Delete Record code of: Private Sub delete_record1_Click() On Error GoTo Err_delete_record1_Click DoCmd.DoMenuItem acFormBar, acEditMenu, 8, , acMenuVer70 DoCmd.DoMenuItem acFormBar, acEditMenu, 6, , acMenuVer70 Exit_delete_record1_Click: Exit Sub Err_delete_record1_Click: MsgBox Err.Description Resume Exit_delete_record1_Click End Sub When I try to put these together on the Click of delete_record, I get an error. Again, many thanks for all the help. Regards, Simone Show quoteHide quote "Tom van Stiphout" wrote: > On Fri, 17 Apr 2009 09:47:01 -0700, ssignore > <ssign***@discussions.microsoft.com> wrote: > > No, the code from the article works as-is. All it does is call Windows > to ask for the name of the logged-in user, and it returns that name. > > On the breakpoint: set your cursor on the line: > if strUser = "ssignoretto" (etc.) > and then hit F9 to set a breakpoint (F9 again clears it). Then run the > app and it will stop at that line. Then you can hover over strUser and > a tooltip will show the value, i.e. the name of the logged in user. > If I do that at work, it will say "kinetik-it\tvanstiphout", so I > would adjust my code accordingly. > If hovering does not work, there are at least two other options to > find out the value of strUser: > * Menu option View > Locals Window > * Hit Ctrl+G to get to the Immediate window, and type: > ? strUser > > -Tom. > Microsoft Access MVP > > > >Tom, > >I hit "Post" too soon - sorry. > > > >So, I do have to change the code from the article, but I don't understand > >what you mean by the following statement: > >"Simply set a breakpoint on the "if ..." line and inspect the value of > >strUser." > > > >Can you advise? > >Thanks again, > >Simone > > > > > > > > > >"Tom van Stiphout" wrote: > > > >> On Fri, 17 Apr 2009 06:15:02 -0700, ssignore > >> <ssign***@discussions.microsoft.com> wrote: > >> > >> I should have written: > >> ....and if it is other than some list of users, you set Me.AllowDeletes > >> to false... > >> > >> The code from the article goes in a Standard Module. Anyone can call > >> this. Apps do this all the time. You don't have to be an > >> Administrator. > >> Yes, you will need to experiment a bit with what this function > >> returns. On my work computer (we're in a domain) it's different then > >> at home (in a workgroup). Simply set a breakpoint on the "if ..." line > >> and inspect the value of strUser. > >> > >> The rest of the code goes in the Click event of the button. > >> > >> -Tom. > >> Microsoft Access MVP > >> > >> > >> >Tom, > >> >Many thanks for the instructions; I guess I should have mentioned that I > >> >also don't speak VB? (I was able to get guidance on restricting fields data > >> >from being wiped out using a BeforeUpdate event and writing in code and I > >> >thought I was a VB genius - for a half-second!) > >> > > >> >I do understand the logic. The first set of code tells you who is using and > >> >then the second set that you generously provided limits who can delete; > >> >however, I'm muddled on where to insert this and what to change. I have a > >> >'delete record' button. I guess I can look at the VB and see what the string > >> >(?) is for the name. > >> >Where does one insert the first set of code on User login? The more > >> >important question is does one need to be an official "DBA" to get this info? > >> > I'm not an administrator - I'm simply in a functional analysis unit and > >> >we're doing this to help another unit try to go electronic and get rid of > >> >their paper. > >> > > >> >Many thanks for any additional guidance you can give me (if you have the > >> >bandwidth!) > >> >Thanks, > >> >Simone > >> > > >> >"Tom van Stiphout" wrote: > >> > > >> >> On Wed, 15 Apr 2009 08:39:01 -0700, ssignore > >> >> <ssign***@discussions.microsoft.com> wrote: > >> >> > >> >> Sure there is a way. Many ways, in fact. First off, kudos for being > >> >> cautious about security. Access' user-level security is indeed an > >> >> advanced topic you should not get into until you first download, > >> >> study, and fully understand the Security FAQ from microsoft.com. As my > >> >> friend Larry says: 30-some pages, no filler. > >> >> > >> >> Here is a simpler approach. First ask Windows who is logged in: > >> >> http://www.mvps.org/access/api/api0008.htm , and if it is other than > >> >> some list of users, you set Me.AllowEdits to false: > >> >> dim strUser as string > >> >> strUser = fOSUserName() > >> >> if strUser = "my_first_user" or strUser = "my_second_user" or strUser > >> >> = "my_third_user" then Me.AllowDeletes = True > >> >> else Me.AllowDeletes = False > >> >> (change myObjectNames to yours) > >> >> > >> >> -Tom. > >> >> Microsoft Access MVP > >> >> > >> >> > >> >> > >> >> >Hello, Community! > >> >> >I've created a database that will be used by about six people - three of > >> >> >them will be main Data Entry Users at best. Currently, there is no security > >> >> >on the dbase and I think it should be fine as the Users will not go into the > >> >> >backend tables. (I'm also hesitant to start applying security because I'm > >> >> >really green and don't know its 'inner workings'.) > >> >> >The only item that really needs to be secured is the "Delete Record" button. > >> >> > We do not want the Data Entry Users to delete records accidentally. > >> >> > > >> >> >Is there a way to allow "Delete Record" to function for three of the six > >> >> >Users? > >> >> > > >> >> >Many thanks! > >> >> >ssignore > >> >> > >> >  
Other interesting topics
Password question
Re: Access to DB lost How can I prevent user from adding table Workgroup file connection problem!!! User Permissions Securing Form Entries Password form to unwanted Print Screen Multiple Users - Update capacity How do I change the user logged into MS Access? Access 2007 System.mdw Default Location |
|||||||||||||||||||||||
