use password prompt for editing form

[Peter De Tender]

Hi,

In my application I created a user login form with username and password.
Data is retrieved from a user table using listview control and Dlookup
functions.

So far so good.

Because my application is used by both administrators (the guy who puts in
all data) and sales employees (counter helpers in the shop) the
administrator wants to avoid that the employees can change the data.
I was wondering if it is possible to create some kind of loginprompt based
on the username & password from my table. When login is OK, forms should be
editable.

In the first scenario, full read/write or only read is fine; maybe
afterwards I can alter it to make only some fields "administrative users
only" eg. price, margins,...

Regards,

peter

 

[Lynn Trapp]

Don't reinvent the wheel. Access User Level security was developed for just
such a situation. Get a copy of the Security FAQ (there's a link on the
Security page of my website), read it several times, and follow it to the
letter.

--
Lynn Trapp
MS Access MVP
www.ltcomputerdesigns.com
Access Security: www.ltcomputerdesigns.com/Security.htm
Jeff Conrad's Big List: www.ltcomputerdesigns.com/JCReferences.html

 

[Rick B]

Whoa....

Why are you reinventing the wheel?

You need to use the built-in user-level security that comes with Access.
Don't make a table. Don't make a form. What would keep the user from
simply opeining the table and changing the data using your scenario?

You should use the tools built-in.

I'd suggest making a backup copy of your file, then reading the following
liks several times from start to finish before you begin the process of
securing your database. It is very important that you follow every single
step in order.

Good Luck, Rick B




Security FAQ

http://support.microsoft.com/?id=207793



The Security Whitepaper is also worth reading to help you understand.

http://support.microsoft.com/?id=148555



Joan Wild:

www.jmwild.com/AccessSecurity.htm



Lynn Trapp

http://www.ltcomputerdesigns.com/Security.htm

 

[Rick B]

WOW! Lynn were you reading my mind when you posted, or was I reading
yours?!?!?!!?

 

[Peter De Tender]

Rick, Lynn,

I appreciate your fast replies on my question.

However, I have the following additional info and doubts...

a) I wonder if the build in Access Security is something which can be
administered by my "customers" by themselves. Is it to be allowed that a
non-technical user is configuring this ? (my customers are in the retail
business, so IT knowledge is mostly zero)...

b) The security I was talking about is based on employees working at the
organization; if busy times, temporary workers are hired with all their
"human resources" information is stored in the database. They receive a
username and password which they have to select also when doing "sellings"
in the POS system. As such, sales are tracked per employee.

About your last remark, Rick, concerning entering data in the tables
directly : I disabled the database window using code and blocked the
shift-key bypass access...
Normally, it is not possible to open and edit the tables directly.

Could you please give me your advise on this if another option is possible
besides the built-in security ?

Regards,

Peter

 

[Rick B]

I have seen posts on "remote adminitrator" do some searches. There are
posts out there on how to make a customer-level password administrator.

Rick B

 

[Lynn Trapp]

;-) Must have been one way or the other.

--
Lynn Trapp
MS Access MVP
www.ltcomputerdesigns.com
Access Security: www.ltcomputerdesigns.com/Security.htm
Jeff Conrad's Big List: www.ltcomputerdesigns.com/JCReferences.html

 

[Lynn Trapp]

a) I wonder if the build in Access Security is something which can be

administered by my "customers" by themselves. Is it to be allowed that a
non-technical user is configuring this ? (my customers are in the retail
business, so IT knowledge is mostly zero)...

Yes, your customers will be able to administer the security. They would also
have to administer any "home grown" security model that you provide them
with. The built-in security form is probably no more difficult to learn than
anything you provide for them.

b) The security I was talking about is based on employees working at the
organization; if busy times, temporary workers are hired with all their
"human resources" information is stored in the database. They receive a
username and password which they have to select also when doing "sellings"
in the POS system. As such, sales are tracked per employee.

That's easy enough to set up using the built-in system.

Could you please give me your advise on this if another option is possible
besides the built-in security ?

The time and effort you will have to go to in order to get any other system
implemented will probably not be worth it. Also, no system that you provide
will be any where near as secure as Access User Level security will provide
you.

 

[Peter De Tender]

Lynn, Rick,

Thank you very much for your feedback again on my doubts.

You convinced me to go and investigate this topic further in detail.

I'll have a look at it during the weekend to study focused on this one.

Regards,

Peter