R
RipperT
I have a table to which I have denied all permissions to my (custom) users
group. I designed a query based on the table that returns only 2 fields: an
identifying field and a checkbox that the users need to check or uncheck;
they therefore need update permission to the table thru the query. However,
I don't want them to be able to change the identifying field. The field is
part of a unique index so I can limit what they can do with it, but not
entirely. They are able to change some values to other values and it will
accept them. I have everything secured thru the forms, but I don't want
users to be able to open the query by using bypasskey and then accessing and
changing the value that way. SECFAQ explains that I must omit the column
from the query to restrict users from accessing the field, but if I remove
the field, users won't know what record they're checking/unchecking. How can
I work around this except for denying the bypasskey? And by the way, if I
deny bypasskey, how will I get in?
Rip
group. I designed a query based on the table that returns only 2 fields: an
identifying field and a checkbox that the users need to check or uncheck;
they therefore need update permission to the table thru the query. However,
I don't want them to be able to change the identifying field. The field is
part of a unique index so I can limit what they can do with it, but not
entirely. They are able to change some values to other values and it will
accept them. I have everything secured thru the forms, but I don't want
users to be able to open the query by using bypasskey and then accessing and
changing the value that way. SECFAQ explains that I must omit the column
from the query to restrict users from accessing the field, but if I remove
the field, users won't know what record they're checking/unchecking. How can
I work around this except for denying the bypasskey? And by the way, if I
deny bypasskey, how will I get in?
Rip