Access control

[McGeeky]

Hi. A customer of ours wants access control on their Access database;
different user groups should be able to view and edit only the data related
to their job role. Preferably this is linked in to Active Directory so that
Access knows who is logged in (without having to maintain a separate
username/password table in Access), and say, if they are members of a
specific Active Directory group then give them access to forms & data
related to that group only.

Are there any examples/docs available that show how Access can use access
control in this way?

Thanks in advance.

McGeeky

 

[Keith Wilby]

Hi. A customer of ours wants access control on their Access database;
different user groups should be able to view and edit only the data
related to their job role. Preferably this is linked in to Active
Directory so that Access knows who is logged in (without having to
maintain a separate username/password table in Access), and say, if they
are members of a specific Active Directory group then give them access to
forms & data related to that group only.

Are there any examples/docs available that show how Access can use access
control in this way?

Thanks in advance.

McGeeky

Have a look at my web site.

Keith.
www.keithwilby.co.uk

 

[McGeeky]

Hi Keith,

Thanks for your useful article on securing access databases + the link to
the MS FAQ.

Does your approach apply to Windows domain groups as well as local
Workgroups? The database we are developing will be deployed on a shared
folder.

Regards,

McGeeky

 

[Keith Wilby]

Hi Keith,

Thanks for your useful article on securing access databases + the link to
the MS FAQ.

Does your approach apply to Windows domain groups as well as local
Workgroups? The database we are developing will be deployed on a shared
folder.

I'm not sure I understand the question. The users and groups associated
with Access user-level security are completely separate from those
associated with the Windows environment. That said, there is no problem
with deploying your database in a shared folder ... but ... for multi-user
capability you should have a split application, more info on that here:

http://www.granite.ab.ca/access/splitapp/index.htm

Keith.
www.keithwilby.co.uk

 

[McGeeky]

Hi Keith. Thanks for following up. I have done my research on Access
security now (thanks for your article - it was very useful) and have a
clearer picture of what I want to achieve.

My ideal scenario is that users of the Access database don't have to log in
to it otherwise that means another password for the users to remember and
for the administrator to manage. I want access control/authentication to be
managed by Active Directory instead. You log in to your PC and that is all -
Access checks who you are (your Windows accuont) when the database opens and
controls what you can edit/read thereafter.

In effect, I am trying to recreate the same kind of thing you get with an
ASP.Net application; integration with Windows authentication. This is my
background so its probably why I am asking non-Access compatible questions!

I *think* I have found a way to do this with Access using a combination of
Access security and Windows user accounts - but it is a bit tricky and far
from ideal.

Thanks again.

McGeeky

 

[Keith Wilby]

Hi Keith. Thanks for following up. I have done my research on Access
security now (thanks for your article - it was very useful) and have a
clearer picture of what I want to achieve.

My ideal scenario is that users of the Access database don't have to log
in to it otherwise that means another password for the users to remember
and for the administrator to manage. I want access control/authentication
to be managed by Active Directory instead. You log in to your PC and that
is all - Access checks who you are (your Windows accuont) when the
database opens and controls what you can edit/read thereafter.

In effect, I am trying to recreate the same kind of thing you get with an
ASP.Net application; integration with Windows authentication. This is my
background so its probably why I am asking non-Access compatible
questions!

I *think* I have found a way to do this with Access using a combination of
Access security and Windows user accounts - but it is a bit tricky and far
from ideal.

What I have done in the past is to have the username in Access match the
Windows username. If you have only a few users it can work but, as you have
noted, not ideal.

The method I use now is to control permissions at group level and have
generic user accounts, so for example, the group "clericals" would have one
set of permissions and the group "engineers" would have another, and so on.
I usually have a "guest" account too for read-only access. All users are a
member of my "guests" group to ease the setting of permissions on objects -
"guests" have permissions to read everything (where apppropriate) and,
therefore, there's no need to set permissions for any other group on the
database object (open, run) and forms and reports (open).

I'd be interested to hear any other method you develop using Windows
authentication.

Regards,
Keith.

 

[McGeeky]

Hi Keith. Thanks for sharing your approach to permissions management with
Access. If I have any success with my Windows integrated security approach
then I will certainly post back here.

Regards,

McGeeky