|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Network ID ans user level securityHi,
I would like to use the built in Access user-level security to secure my multi-user database, but would prefer to simply take the users windows logon rather than requiring them to remember a separate Access username and password. I have the vba code to get the ID of the user currently logged into windows, but can I now pass that to the access user-level security somehow? Thanks, Martin Gasman wrote:
> Hi, No.> > I would like to use the built in Access user-level security to secure > my multi-user database, but would prefer to simply take the users > windows logon rather than requiring them to remember a separate Access > username and password. > > I have the vba code to get the ID of the user currently logged into > windows, but can I now pass that to the access user-level security > somehow? You could create a shortcut that would automatically supply the UserName from the network logon, but that has little utility since the Access logon will default to the last logon used anyway. That would only be useful if you had multiple network accounts logging onto the same PC. There is no way to pass the password from the network credentials so unless you set up all users with a blank password in Access security (which would be pointless) it won't work. The code you have for getting the network user name is useless in this regard. You need to be in your app before you can run code and then it is too late to be of any use for Access Security which must be given credentials before your file even opens. -- Rick Brandt, Microsoft Access MVP Email (as appropriate) to... RBrandt at Hunter dot com Thanks for the reply Rick.
It looks like I either need to get users to login to Access or build my own security around the network login. I may go for the latter as I want to keep the database as easy as possible for people to use and I don't need mission critical security, just enough to stop people accidentally changing things they shouldn't. Martin On Wed, 11 Oct 2006 12:41:32 GMT, "Rick Brandt" <rickbran***@hotmail.com> wrote: Show quote >Gasman wrote: >> Hi, >> >> I would like to use the built in Access user-level security to secure >> my multi-user database, but would prefer to simply take the users >> windows logon rather than requiring them to remember a separate Access >> username and password. >> >> I have the vba code to get the ID of the user currently logged into >> windows, but can I now pass that to the access user-level security >> somehow? > >No. > >You could create a shortcut that would automatically supply the UserName >from the network logon, but that has little utility since the Access logon >will default to the last logon used anyway. That would only be useful if >you had multiple network accounts logging onto the same PC. > >There is no way to pass the password from the network credentials so unless >you set up all users with a blank password in Access security (which would >be pointless) it won't work. > >The code you have for getting the network user name is useless in this >regard. You need to be in your app before you can run code and then it is >too late to be of any use for Access Security which must be given >credentials before your file even opens. Gasman wrote:
> Thanks for the reply Rick. I use a permission codes table to provide what I call "guidance security". It > > It looks like I either need to get users to login to Access or build > my own security around the network login. I may go for the latter as I > want to keep the database as easy as possible for people to use and I > don't need mission critical security, just enough to stop people > accidentally changing things they shouldn't. is not real security but it does provide a way to display "you have no permissions to this area" messages. The table contains login names and permission codes. I then have a function named Permission(PermCode) that returns true/false. It looks up in the table described above to see if the current user logon has an entry matching the desired permission code. If not then it returns false. Then (for example) I can put the following in the Open event of a form... If Permission("SomeCode") = False Then MsgBox "As If!" Cancel = True End If This allows you to have as many codes assigned to each user as you like. Effectively the codes represent groups. My custom function always returns True if a login name has a code "X" which I use to create admin users that can go anywhere and do anything. -- Rick Brandt, Microsoft Access MVP Email (as appropriate) to... RBrandt at Hunter dot com You can restrict access to the MDB to Users using NTFS permissions. This
means that, in order to access the MDB, the users must have had a valid network login. Then, if you store their network login, along with the permisions they have, in a table, and write code that restricts access to whatever relevant forms/reports/queries etc using code (pretty easy to do) based on network login, you have what would resemble user level security, without the need to login to the database. It's not secure in the truest sense (any) of the word, but 99.9% of users in most businesses can only perform rudimentary tasks with a PC. They wouldn't know where to begin to get around even the simplest of security measures. In my business, simply disabling the database window and showing a switchboard is secure enough, but then, most users here struggle to do basic sums in Excel. As with any security, it's a balance between sensitivity, threat level, and convenience. Dave Show quote "Rick Brandt" wrote: > Gasman wrote: > > Thanks for the reply Rick. > > > > It looks like I either need to get users to login to Access or build > > my own security around the network login. I may go for the latter as I > > want to keep the database as easy as possible for people to use and I > > don't need mission critical security, just enough to stop people > > accidentally changing things they shouldn't. > > I use a permission codes table to provide what I call "guidance security". It > is not real security but it does provide a way to display "you have no > permissions to this area" messages. The table contains login names and > permission codes. > > I then have a function named Permission(PermCode) that returns true/false. It > looks up in the table described above to see if the current user logon has an > entry matching the desired permission code. If not then it returns false. Then > (for example) I can put the following in the Open event of a form... > > If Permission("SomeCode") = False Then > MsgBox "As If!" > Cancel = True > End If > > This allows you to have as many codes assigned to each user as you like. > Effectively the codes represent groups. My custom function always returns True > if a login name has a code "X" which I use to create admin users that can go > anywhere and do anything. > > -- > Rick Brandt, Microsoft Access MVP > Email (as appropriate) to... > RBrandt at Hunter dot com > > > Hi Martin
There is a way you can do this. You must ensure that everybody who needs access to your application has their own network usernames registered in the application's MDW file. They should not have passwords. Set up user-level security as you would normally. Now, in the startup code for your application, add a simple check: If NetworkUser() <> CurrentUser() Then MsgBox .... Application.Quit End If Finally, add the following switch to the command line in the shortcut that is used to start the application: /user:%Username% -- Show quoteGood Luck! Graham Mandeno [Access MVP] Auckland, New Zealand "Gasman" <nob***@elsewhere.com> wrote in message news:foopi295ukuvi5uqepr5sq289k99nnopqm@4ax.com... > Hi, > > I would like to use the built in Access user-level security to secure > my multi-user database, but would prefer to simply take the users > windows logon rather than requiring them to remember a separate Access > username and password. > > I have the vba code to get the ID of the user currently logged into > windows, but can I now pass that to the access user-level security > somehow? > > Thanks, > > Martin Thanks everyone for the replies.
I seem to have to have a few options to think about. Martin  |
|||||||||||||||||||||||
Other interesting topics