Network ID ans user level security

  • Thread starter Thread starter Gasman
  • Start date Start date
G

Gasman

Hi,

I would like to use the built in Access user-level security to secure
my multi-user database, but would prefer to simply take the users
windows logon rather than requiring them to remember a separate Access
username and password.

I have the vba code to get the ID of the user currently logged into
windows, but can I now pass that to the access user-level security
somehow?

Thanks,

Martin
 
Gasman said:
Hi,

I would like to use the built in Access user-level security to secure
my multi-user database, but would prefer to simply take the users
windows logon rather than requiring them to remember a separate Access
username and password.

I have the vba code to get the ID of the user currently logged into
windows, but can I now pass that to the access user-level security
somehow?

No.

You could create a shortcut that would automatically supply the UserName
from the network logon, but that has little utility since the Access logon
will default to the last logon used anyway. That would only be useful if
you had multiple network accounts logging onto the same PC.

There is no way to pass the password from the network credentials so unless
you set up all users with a blank password in Access security (which would
be pointless) it won't work.

The code you have for getting the network user name is useless in this
regard. You need to be in your app before you can run code and then it is
too late to be of any use for Access Security which must be given
credentials before your file even opens.
 
Thanks for the reply Rick.

It looks like I either need to get users to login to Access or build
my own security around the network login. I may go for the latter as I
want to keep the database as easy as possible for people to use and I
don't need mission critical security, just enough to stop people
accidentally changing things they shouldn't.

Martin
 
Gasman said:
Thanks for the reply Rick.

It looks like I either need to get users to login to Access or build
my own security around the network login. I may go for the latter as I
want to keep the database as easy as possible for people to use and I
don't need mission critical security, just enough to stop people
accidentally changing things they shouldn't.

I use a permission codes table to provide what I call "guidance security". It
is not real security but it does provide a way to display "you have no
permissions to this area" messages. The table contains login names and
permission codes.

I then have a function named Permission(PermCode) that returns true/false. It
looks up in the table described above to see if the current user logon has an
entry matching the desired permission code. If not then it returns false. Then
(for example) I can put the following in the Open event of a form...

If Permission("SomeCode") = False Then
MsgBox "As If!"
Cancel = True
End If

This allows you to have as many codes assigned to each user as you like.
Effectively the codes represent groups. My custom function always returns True
if a login name has a code "X" which I use to create admin users that can go
anywhere and do anything.
 
Hi Martin

There is a way you can do this. You must ensure that everybody who needs
access to your application has their own network usernames registered in the
application's MDW file. They should not have passwords. Set up user-level
security as you would normally.

Now, in the startup code for your application, add a simple check:

If NetworkUser() <> CurrentUser() Then
MsgBox ....
Application.Quit
End If

Finally, add the following switch to the command line in the shortcut that
is used to start the application:
/user:%Username%
 
You can restrict access to the MDB to Users using NTFS permissions. This
means that, in order to access the MDB, the users must have had a valid
network login. Then, if you store their network login, along with the
permisions they have, in a table, and write code that restricts access to
whatever relevant forms/reports/queries etc using code (pretty easy to do)
based on network login, you have what would resemble user level security,
without the need to login to the database.

It's not secure in the truest sense (any) of the word, but 99.9% of users in
most businesses can only perform rudimentary tasks with a PC. They wouldn't
know where to begin to get around even the simplest of security measures. In
my business, simply disabling the database window and showing a switchboard
is secure enough, but then, most users here struggle to do basic sums in
Excel.

As with any security, it's a balance between sensitivity, threat level, and
convenience.

Dave
 
Thanks everyone for the replies.
I seem to have to have a few options to think about.

Martin
 
Back
Top