How best to do row level security

  • Thread starter Thread starter A C
  • Start date Start date
A

A C

Hello

I am new to this area, thanks to all the people who have offered advice so
far!

The question is:
What is the way to do row level security.

By that I mean I have x users who are all adding data to the same table. I
want them to be able to view/edit/delete their records but not be able to
view/edit/delete anyone elses.

Currently I was planning to make them log in, and then filter based on their
login name the records in the table so they can only see their records. I
am forcing them to use my form for adding and editing (by making them modal,
is there ways they can get around this???), and they will not be allowed to
open the table directly because they wont be able to select the database
object selector as my forms are modal (correct?)

BUT, is there an easier way whereby the users can "own" their records and
Access only display records they own?

I guess that if they can access the database some other way and get around
my forms then I am stuffed, but lets ignore that for now... And if not
ignoring it, how do I stop it? As they know the pw to login, how can I
prevent them from getting all records by connecting some other way (eg
linking to the table from another dbase) given i have to give them
permission on the table as they need to add and edit the records?

Thanks
Andrew
 
Doing the filtering at the form level is easy, and might be enough in
some cases. However, anyone can easily get around this method. They
just create a new database & link directly to the tables in yours. Then
they can view & edit the tables directly, bypassing all your forms
completely. Or they can disable your forms & redisplay the database
window using other methods.

The other way to do it is by using Run With Owner Permission (RWOP)
queries. However, this requires that you have secured your database
using user-level security (ULS), & that you have a good understanding
of ULS in general, and RWOP queries in particular. Using an RWOP query,
you could ensure that /no/ users could go directly to the tables, at
all. They could only get at them via an RWOP query, and that query
would only let them see "their own rows" (however you chose to define
that).

Whichever method you choose, you'll need to have your forms tag each
record with some identifier to determine who can look at that record.
Perhaps the user's logon name, as returned by the CurrentUser()
function. You might choose to get that working, before you decide
whether to use form-level filtering, or RWOP queries, to enforce
restricted viewing.

HTH,
TC
 
Back
Top