Lost in security




I've 1 admin (admin password) and 3 restricted users (same password for all
of them).

I've 3 copies of the same table for each user and a few basic tables used
for relationships with them.

Admin must see all tables, but restricted user can see only his own table as
well as basic tables.

I’ve set (at “User and Group Permissionsâ€) that admin can access all tables,
while restricted users could access basic and only their own table. All
“Permissions†for the tables that aren’t their own are deselected. (I’m not
sure is that set up correctly)

I’ve one form for all users (hm, maybe I should make more?).

Well, I’ve worked (struggled) there with owner fields (owner=CurrentUser(),
then hiding that field, etc. – something I’ve read at other posts) hoping
that when I log in as any kind of user, that form will be only mine, that I
will fill only my own table and that if I’m not admin I won’t be able to see
other peoples tables.

After all of that I should send copy of the database to each user, and after
they fill their databases, they should send them back to me (admin) and when
I receive them, all databases should “melt†in one.

I’m lost in Security. In top of it all, when I make a new database and want
to open it, it requires user names and passwords from former created database
+ everyone sees every ones tables regardless to restriction.

I’ve been reading something about mdw files and how to perform joining, but
didn’t understand it completely. So, I didn’t mess with it. I just saw that
that I’ve System, System1 and System2.mdw files.

I don’t know would it be a good idea, but should I (and how should I do it)
hide the form, so the Access window (database) won’t be open in the back (my
users are afraid of new things, and I’m not sure how would they act if
multiple windows would open)

Rick B

Just a quick note. It is not normal to create a separate table for each
user. They should be adding records to one common table. You can still
secure this. To do so, you would give the restricted users NO access to the
tables at all. You'd also give them no access to the queries at all. You'd
build your forms and base them on queries that were set to "run with owner
permission". In that query, you'd specify to pull all the records from the
table, but you'd use criteria to pull only records where the "Author" or
"AddedBy" field is the current user. You could do that by putting criteria
under that field such as...


In your form, you'd code it to write the CurrentUser() in that field when
saving a new record.

This is the more normalized way to do what you desire.

As far as merging data, if your users have access to your LAN, don't send
them copies of the database, have them access the table on your LAN. Each
user could be sent a front-end where the queries and forms live and linked
to the common back-end file on the LAN.

For more details, read back through previous posts on similar issues. This
is a pretty common way to handle this. Read previous posts containing
keywords like "their own records" "no access to tables" "run with owner"

Just a little hint - anytime you find yourself building more than one table
with the exact same structure, you are on the wrong track. Anytime you find
yourself entering duplicate data in more than one record, you are most
likely on the wrong track.


I know it's not quite normal sepataing table for each user. I was misguided
in the effort to solve my problem. Good remark.

About merging data: my users don't have access to my LAN. How could I
then (and can I) solve that problem?

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question