Creating Login

[Christy]

Hi,

I am new to AccessVba and was being assigned to complete some security
features for a few database within limited time.

I will need to create secured login for up to 20 users namely in 4 different
groups:

User - only read access
maker - edit, read and delete records only but not able to change any design
or macro or module
checker - only able to authorize what the maker have made also no access to
any design or macro or module
admin - to have all rights

btw, my users are allowed to have 2 different group at the same time. Thus, I
am unable to use the build in security features for access 2003.
My users are able to have maker and checker role at the same time. But some
may only have one role only.
The same checker cannot authorize his/her own record as well.
Those whom are under different user group will see different screens, so for
people with two groups will be able to choose what kind of group they would
like to access in upon login in, something like a switchboard. - so the
usergroup need to be determined upon logging in.

thus, my table will have these fields:
username (textbox)
userid (textbox) - unique
password (textbox)
maker (yes/no)
checker(yes/no)
admin(yes/no)
user(yes/no)

thank you in advance

 

[Rick Brandt]

Hi,

I am new to AccessVba and was being assigned to complete some security
features for a few database within limited time.

I will need to create secured login for up to 20 users namely in 4 different
groups:

User - only read access
maker - edit, read and delete records only but not able to change any design
or macro or module
checker - only able to authorize what the maker have made also no access to
any design or macro or module
admin - to have all rights

btw, my users are allowed to have 2 different group at the same time. Thus, I
am unable to use the build in security features for access 2003.
My users are able to have maker and checker role at the same time. But some
may only have one role only.
The same checker cannot authorize his/her own record as well.
Those whom are under different user group will see different screens, so for
people with two groups will be able to choose what kind of group they would
like to access in upon login in, something like a switchboard. - so the
usergroup need to be determined upon logging in.

thus, my table will have these fields:
username (textbox)
userid (textbox) - unique
password (textbox)
maker (yes/no)
checker(yes/no)
admin(yes/no)
user(yes/no)

Access has built in user level security. While it has a steep learning curve
and can be hacked, it is WAY better then anything "home-grown" you will cook up.
Anyone familiar with Access at all will get past your own system with no trouble
at all.

A home-grown system can be useful if all you want to do is nudge cooperative
people in the right direction. It will not provide much of an actual barrier to
people who want to get past it.

 

[Christy]

But due to the requirements I have, how could I use them in the built in MS
Access Security?

 

[Keith Wilby]

But due to the requirements I have, how could I use them in the built in
MS
Access Security?

You would create your generic accounts, password protect them, assign
permissions, and then distribute the logon credentials to whomever needs
them - you can give more than one account's details to a person, they'd just
need to switch accounts or open more than one instance of your app for their
different permissions.

Keith.
www.keithwilby.com

 

[Christy via AccessMonster.com]

but I need to give them the same id. meaning what my boss wanted is to have
the same login id, and to be able to login, and prompt them to select the
role they want to enter as.

 

[Keith Wilby]

but I need to give them the same id. meaning what my boss wanted is to
have
the same login id, and to be able to login, and prompt them to select the
role they want to enter as.

What you're suggesting isn't logical (to me at any rate). A generic user
account such as "storeman" or "manager" defines the role. I don't see how
you can log in as "jack of all trades" and then choose your area of
expertise without it becoming a huge skills matrix overhead to manage and
maintain.

I'm guessing that your boss knows nothing about Access security or database
design in general

Keith.

 

[Rick Brandt]

But due to the requirements I have, how could I use them in the built in MS
Access Security?

You might need to augment the built in security with some of your own tables to
allow for switching between roles when one person has more than one. My point
is if you do ONLY the home grown stuff then anyone will be able to simply bypass
the system and do whatever they want.

 

[Joan Wild]

You would create your generic accounts, password protect them, assign
permissions, and then distribute the logon credentials to whomever
needs them - you can give more than one account's details to a
person, they'd just need to switch accounts or open more than one
instance of your app for their different permissions.

Unless I'm missing some point, they wouldn't need to switch accounts at all.
She can accomplish everything using the built-in security. Why the need for
separate accounts for one person?

 

[Joan Wild]

User - only read access
maker - edit, read and delete records only but not able to change any
design or macro or module
checker - only able to authorize what the maker have made also no
access to any design or macro or module
admin - to have all rights

You can accomplish this using the built-in user level security features of
Access.

btw, my users are allowed to have 2 different group at the same time.
Thus, I am unable to use the build in security features for access
2003.

I don't follow. There is nothing wrong with a user belonging to more than
one group - happens all the time.

My users are able to have maker and checker role at the same time.

Then they are in both groups.

But some may only have one role only.

Then they are in only one group.

The same checker cannot authorize his/her own record as well.

You can change the recordsource of the form so that only records not created
by that user are shown. You'd need to add a field to each table to identify
who created it. Using CurrentUser() you can assign their login name to that
field in code.

Those whom are under different user group will see different screens,
so for people with two groups will be able to choose what kind of
group they would like to access in upon login in, something like a
switchboard. - so the usergroup need to be determined upon logging in.

Quite doable. You can create a main form and hide buttons that aren't
available to certain groups.

thus, my table will have these fields:
username (textbox)
userid (textbox) - unique
password (textbox)
maker (yes/no)
checker(yes/no)
admin(yes/no)
user(yes/no)

You are far better of implementing security, than attempting to roll your
own.

Study the security FAQ, and post back with specific questions.
http://support.microsoft.com/?id=207793

Be sure to follow every step outlined or your database won't be secure.

 

[Keith Wilby]

Unless I'm missing some point, they wouldn't need to switch accounts at
all. She can accomplish everything using the built-in security. Why the
need for separate accounts for one person?

Well the way I read it Joan there are a number of roles (storeman,
secretary, manager for example) which could equate to accounts, and some
individuals could have more than one role. To me it could get messy having
to manage combined roles/accounts as well. Unless *I'm* missing the point
of course.

Keith.

 

[Keith Wilby]

You can accomplish this using the built-in user level security features of
Access.


I don't follow. There is nothing wrong with a user belonging to more than
one group - happens all the time.


Then they are in both groups.


Then they are in only one group.

Yes, I see your point now Joan. My approach was to create generic *user*
accounts for each role (something I do all the time for my employer because
of the huge number of users - managing indiviual's accounts would be a
nightmare). Your solution is of course the correct one.

Keith.