Need help securing an application with detail records

[erick-flores]

Hello all

I have an Expense Report Interface for the employees use in the
company. I need to setup the permissions so the user who logon can ONLY
see his records (his employee information and all the reports that he
had submitted so far), also this user should has the ability to fill
out 2 of 3 forms and see 1 of 3 reports. On the other hand I need to
create another group that can do whatever they want in the application.

Basically I need to create two groups, one with full rights (which is
not a problem) and the other with the rights described above.

Right now i have a table call "Employees" here I have all the employees
information (Employee ID, Depart Name, First N, Last N, Notes). The
Employee ID field is setup to AutoNumber. This Employees(Employee ID
PK) table is link to the Expense Reports(EmployeeID FK, ExpenseReportID
PK) table and this is link to Expense Details (ExpenseReportID FK,
ExpenseDetail ID PK).

Basically what I need is to pass the logon username to my employees
table so only that username cann see his records....I dont know how to
do this, I have no clue...I need someody to guide me step by step
pleaseeeeeee

I have already created a security.mdw file. I understand all that
(after two days of reading and a lot of help from this group). I have
the shortcut to my database and all the security is working fine...now
I need to complete the permission part

I need help Pleaseee....Thanks in advance

 

[erick-flores]

Ok, after doing some reading here and there I found a solution. I add a
field to each table to hold the Username. Put [Username]=CurrentUser in
the BeforeUpdate event, and use a query to base my form. The query has
a criteria: =CurrentUser() for the field: Username.

Now it looks good, but I want the Admins group to be able to look at
ALL the records in the database. Because I have the above
implemententation for my forms/tables/queris now the Admins group can
only see his records too, but obviusly I dont want that...I want then
to see ALL THE RECORDS

Can somebody help me here....pleaseee

 

[Joan Wild]

Just FYI, the Username field will be changed any time there is a change to
the record. Not sure if this is what you wanted, or you just wanted the
person who created the record to own it, and not get changed.

For the Admins group, you can set the recordsource at runtime. Using the
faq_IsUserInGroup() function I posted in your other thread, you can
determine what group the current user is a member of and then set the
recordsource.

If faq_IsUserInGroup("Admins",CurrentUser) then
Me.RecordSource = "SELECT * FROM SomeTable;"
Else
Me.RecordSource = "SELECT * FROM SomeTable WHERE [UserName] = " &
CurrentUser()
End If

If you check the current recordsource for your form, you should be able to
adjust the above to suit your tablenames/fields.