Security For Timesheet Application

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We are in a small office, and have never implemented any Access security
features before. I have been asked to implement a Timesheet application,
mostly to simplify adding up the hours to be billed for our principal. It is
currently a nasty manual process from multiple Excel files.

While we don't believe we need protection from purposive, malicious
tampering, I nevertheless wish to limit each user to adding or editing only
his own hours, with the exception of the principal, who should be able to
adjust anyone's hours as he sees fit.

I will certainly read up on Security in my references, but as this is a
relatively broad subject, can anyone conceptually frame what I need to do?

Thank you.
Sprinks
 
Sprinks said:
While we don't believe we need protection from purposive, malicious
tampering, I nevertheless wish to limit each user to adding or
editing only his own hours, with the exception of the principal, who
should be able to adjust anyone's hours as he sees fit.

I will certainly read up on Security in my references, but as this is
a relatively broad subject, can anyone conceptually frame what I need
to do?
Click to expand...

You would implement security (practice on a copy of your database). Once
it's implemented correctly, you'd add a field to your key tables to identify
who 'owns' it. In the before update event for your forms you'd update this
field with the user's name (use the CurrentUser function). You can then use
the CurrentUser() function to retrieve only that user's records.

Since you have an exception, the principal, I'd set the recordsource of the
form in the open event.

If CurrentUser()="principal" then
Me.recordSource = "SELECT * FROM..."
Else
Me.RecordSource = "SELECT * FROM...WHERE OwnedBy = " & chr(34) &
CurrentUser() & chr(34)
end if
 
Thank you, Joan. That sounds doable.

Sprinks

Joan Wild said:
You would implement security (practice on a copy of your database). Once
it's implemented correctly, you'd add a field to your key tables to identify
who 'owns' it. In the before update event for your forms you'd update this
field with the user's name (use the CurrentUser function). You can then use
the CurrentUser() function to retrieve only that user's records.

Since you have an exception, the principal, I'd set the recordsource of the
form in the open event.

If CurrentUser()="principal" then
Me.recordSource = "SELECT * FROM..."
Else
Me.RecordSource = "SELECT * FROM...WHERE OwnedBy = " & chr(34) &
CurrentUser() & chr(34)
end if
Click to expand...
 
Back
Top