Secure via Filter

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have created a timesheet database and would like to set up a system where
each employee can open the database but only see/edit/add his/her own
records. Can I do that from my computer or do I have to set up filters at
each workstation? Or is it possible at all?
 
Do a search. This is asked and answered often. You have to set up
security, take away all the access to the tables and queries, create a new
query set to run with owner's permission, include a filter in that query to
limit records based on the current user's id, then base a form on that
query.

Read the previous posts. That's why they are stored. search for strings
like...

"secure own records"
"view own records"
"only their records"
"RWOP"
etc.
 
Thank you. I appreciate you taking the time to respond. I see it wasn't the
first time you suggested using 'search' and I'm sure it won't be the last!
Especially helpful with ideas for search criteria...RWOP was particularly
good.
--
Poppy
KMB Design Groups


Rick B said:
Do a search. This is asked and answered often. You have to set up
security, take away all the access to the tables and queries, create a new
query set to run with owner's permission, include a filter in that query to
limit records based on the current user's id, then base a form on that
query.

Read the previous posts. That's why they are stored. search for strings
like...

"secure own records"
"view own records"
"only their records"
"RWOP"
etc.
Click to expand...
 
RWOP has particular difficulties, not "as intended" but in terms of "breaking
in".

It seems that any "stored query" is a security risk, because they are easy to
break. Queries should be written in code and NOT stored if possible (even then
there's some risk). I'm surprised "Rick B" didn't mention this.

But if your risk is "inadvertent operators" as against "enemy action", all of
the suggestions are fine. Even so, I'd write code to do a query rather than
RWOP (I think).

Of course, RWOP is incompatible with writing queries in code, because "who is
then the owner?". Just some thoughts on advanced security, which for all I
know probably muddles things but just think about all potential circumstances
for your circumstance.

(In short, forget RWOP just do similar in code?)(???)

Chris

mcrider said:
Thank you. I appreciate you taking the time to respond. I see it wasn't the
first time you suggested using 'search' and I'm sure it won't be the last!
Especially helpful with ideas for search criteria...RWOP was particularly
good.
Click to expand...
 
Goodness, that wasn't even controversial, TC.

I don't know what to say. I think, amongst other sources, QBuilt and others
have some tips on it?

Break means break. As in security. I believe I mentioned that the poster needs
to determine their "level of risk". As you have often mentioned, Access
security works fine provided the level-of-risk is not too high, however this
is the security newsgroup which includes the often statement "don't even think
of using Access".

We all missed you. During your "break". Do you know that the NZ government is
trying to protect the Great White Shark? And only about 3 have been caught
here in the last as many years (excepting commercial nets)
(for others, TC is a diver)
Chris :-)

TC said:
Chris said:
It seems that any "stored query" is a security risk, because they are easy
Click to expand...
to break.


Uh? News to me. What do you mean by "break"?

--
HTH,
TC (MVP Access)
[back from the dead!]
http://tc2.atspace.com
Click to expand...
 
Back
Top