In a multi-user database, how to restrict access to records

Guest · Jul 7, 2004

Problem
In a multi-use database, how do I restrict a user from having access to certain records and allow it for others.
The scenario is as follows:
The database handles records for a mental health organization.
According to HIPPA regulations (new law passed about security of medical records), a clinician should only have access to those clients assigned to him/her.
How do I allow this clinician to have access to his/her clients records while blocking access to those clients not assigned to him/her.

Rick B · Jul 7, 2004

If the clinician logs in to the database using a userid and password, then
this would be fairly simple. Do the patient records have a field where the
cinician's userid is entered? If so, just base your forms on a query and in
the criteria under the clinician field, put...

=CurrentUser()

This will only pull records assigned to the currently signed on user.

This will not prevent them from simply opening the table and seeing all
records, or running any reports or queries that you have built that might
show them all records. There is much more to be done for that. You would
need to take away all table, query, and report access. Then let them have
access only to the forms and reports they would need to run. The queries
upon which the tables and reports were based, would need to be set to run
using the owner's permissions.

Post back with more detailed questions as you run into them.

Adn yes, please just post to one group, or copy the same message to multiple
groups. You don't need multiple people answering your questions.

Thanks,

Rick B

Problem
In a multi-use database, how do I restrict a user from having access to
certain records and allow it for others.
The scenario is as follows:
The database handles records for a mental health organization.
According to HIPPA regulations (new law passed about security of medical
records), a clinician should only have access to those clients assigned to
him/her.
How do I allow this clinician to have access to his/her clients records
while blocking access to those clients not assigned to him/her.

Tim Ferguson · Jul 7, 2004

In a multi-use database, how do I restrict a user from having access
to certain records and allow it for others.

The standard answer to this is to use Access user security.

You remove all permissions from the tables for the users, but control read/
write access to the data with RWOP queries. What this means (Run With Owner
Permission) is that the you (as Admim) have permission to see the tables,
and you grant the users permission to see the data through those queries.
Thus, you can restrict which fields and which records they can have access
to. It's easier to understand than to explain!

Access security is admittedly not for the faint-hearted, and you need to
understand the processes involved (worst case scenario is to lock yourself
out of your own data!) but is pretty secure and very flexible. More details
in help files, or on MSDN site.

Hope that helps

Tim F

Guest · Apr 20, 2005

just read this and it seems almost exactly like what I need for my database

however, how do you set it up to have multiple users so that they need to
log on when opening the database/form?

Rick B · Apr 20, 2005

You would have to implement user-level security. This is no simple task
(the first few times). I'd suggest you read the following links several
times and make a backup or two before you start.

Rick B

Security
Security FAQ

http://support.microsoft.com/?id=207793

The Security Whitepaper is also worth reading to help you understand.

http://support.microsoft.com/?id=148555

Joan Wild:

www.jmwild.com/AccessSecurity.htm

Lynn Trapp

http://www.ltcomputerdesigns.com/Security.htm

Tim Ferguson · Apr 20, 2005

just read this and it seems almost exactly like what I need for my
database

Sorry I missed the original post. The answer to this is to use proper
database security.

1) Access user-level security can completely tie up the data so that
individuals can only see what you want them to, down to row and field
level. The idea is to remove _all_ privileges from the base tables, then
use Queries with RWOP to provide all access: as long as you can define
the query that selects the correct records, then you can restrict the
user to those records and fields.

2) You may well feel that the prevalence of security-busting utilities on
the Net makes Access an unsuitable container for highly confidential
data. Most civilised countries have serious laws about data protection
and you could be looking at a big chunk of your life sowing mailbags if
it goes wrong. Rightly so, too, in my view. Your organisation would be
well advised to look at a properly-administered DBMS like SQL Server etc
for the back end, in order to save itself a lot of money.

Hope that helps

Tim F

In a multi-user database, how to restrict access to records	1	Jul 7, 2004
In a multi-user database, how to restrict access to certain record	1	Jul 7, 2004
Multi-User Database	3	Jan 29, 2008
Make an Access Database multi user	7	Jun 10, 2009
{Q} How to modify record in M Access database?	0	Jul 26, 2014
Autonumber in two copies of database to be combined	1	Mar 19, 2008
Designing a multi-tier (downline) database	3	Jul 15, 2008
FrontEnds with "filtered" access to records in backend tables	2	Jan 27, 2009

In a multi-user database, how to restrict access to records

Guest

Rick B

Tim Ferguson

Guest

Rick B

Tim Ferguson

Ask a Question

Similar Threads