Password trick

[Derek Brown]

Hi all

I need a simple (very simple) way of allowing 2 levels of access to data. If
I had in the on open event of a PopUp Form :
If [PasswordField]= "Paris" Then
Open Form 1 (Form 1 has access to all employee info)
End If
If [PasswordField]= "NewYork" Then
Open Form 2 (Form 2 has access limited to employee info)
End If
If [PasswordField]<> "NewYork" Or "Paris" Then
MsgBox("Password incorrect please try again")
End If

The database will be distributed as an MDE File so access to code should not
be possible.
Will it work and is it secure?

If I have to, I will try the Access security stuff, but people tell me it's
a nightmare! Is it?

 

[TC]

Just quickly (cos I have other problems at this time) :

- Your method does not stop someone linking to the database from
another database that they create for that purpose. So anyone can see
all the data, without having any passwords.

- "Generic" passwords (as opposed to "personal" ones) are, by
definition, shared between many people. This inevitable means that each
group of people, soon learn all the other groups' passwords.

- Access security can be very tough to learn initially. You'd need to
obtain & follow a specific list of written instructions; eg. the Access
Security FAQ, often referenced in this newsgroup. You'd need to
allocate weeks - maybe /months/ - to understand it sufficiently.

Personally, I feel the better approach would be to implemebnt security,
then choose the form depending on which individual user logged-on. But
that would require a substantially greater learning curve, than the
simple method that you propose. "Horses for courses" ...

Cheers,
TC

 

[Derek Brown]

Ah... Yes of Course. Thank yuu

 

[Chris Mills]

If I have to, I will try the Access security stuff, but people tell me it's

a nightmare! Is it?

No it's not <keeps straight face>. Perhaps I've been using it too long.

Few parts of Access have as thorough documentation as the Security FAQ, as
well as MS documentation.

Using the Security Wizard IS a nightmare (I'm told). You use it and think it
will do everything for you, and learn nothing about the where's and whyfor's.
The trouble here is, you need to understand it and the Wizard tries to hide
that.

User Level Security requires testing by attempting to open your database by
invalid means, which should fail. Certainly it is easy to make a mistake, and
this will find them.

The real nightmare, is that you have to set up permissions for every Object
for every Group/User. That's a lot of permissions!

Think of it this way. If you want password security, you really have no
choice. "Database Password" only has ONE level of security-either in or out.
Personalised security systems like your suggestion, still require to be
additional to MS-Access security, IMHO.

-All the comments by TC

To limit employee info (and this is pretty serious-I always wanted to know
what my peers were earning!), you must use RWOP queries (Run With Owner
Permission) to make sensitive fields unavailable in the first place. And you
will need a lot more than just in-built User Level Security, coz I Really
Really want to know what my peers earn!

MDE file is not of itself secure. For example, the Recordsource property of a
form can be exposed by hacking, though if the recordsource is set in code,
then less-so. Unless you encrypt the MDE or database (Tools, Security,
Encrypt/Decrypt), then any dump utility can read things like stored strings.

Chris