Write access without read access

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

All-

I am running Access 2003 on Windows XP. I have a database that tracks staff
incident reports for a school. I would like for anyone to be able to add a
record to a table, but then have only a select few be able to review old
records. As far as I know you aren't able to give a user write access
without also giving that user read access. My database is designed well
enough that only certain forms show old records and then I can restrict who
can see those forms, but if a person were savvy enough with access, they may
be able to open a table/query and read all the dirt about other staff. There
is probably a simple solution under my nose, but I just can't seem to find
it. Thanks in advance.

Adam Milligan
 
Adam Milligan said:
My database is designed well
enough that only certain forms show old records and then I can restrict
who
can see those forms, but if a person were savvy enough with access, they
may
be able to open a table/query and read all the dirt about other staff.
There
is probably a simple solution under my nose, but I just can't seem to find
it. Thanks in advance.

Adam Milligan
Click to expand...

The best you can hope for with Access is to apply user-level security

http://support.microsoft.com/?id=207793

but the bottom line is that it can be broken by a determined hacker with the
right tools, so if you have sensitive data, don't use Access.

Keith.
www.keithwilby.com
 
Break up the back-end into two files. One would be the main where all data
is kept and the other would be where new submittals are added. You'd have a
general user front end that linked only to the file where records are added.
The administrative version of the program would link to both files and would
be used to move data from one file to the other. Apply Access security as
usual and unless a general user knew where the other BE was, or got a copy of
the administrative FE, and knew the the required passwords and had the right
permissions, the data would be pretty safe. There is no way to absolutely
prevent snooping, but this is easy to do and very effective, especially if
the sensitive BE were in a folder where only certain accounts had network
permissions. The one potential drawback is that the administrators would
have to open their program to move new data regularly.
 
Remove permissions on the tables and use RWOP queries - probably separate
queries for the read only vs read/write. You can then put read data
permissions on the query for the read only group and insert/update on the
read/write queries.
 
Back
Top