Adding Permissions to custom security setup

[Mr.Kane]

I have an access tool with a simple login form.

There is a "Security" table associated to the form with User_Name and
Password.
(fairly simple approach, but effective based on my users)

I am interested in attributing permissions to each user in this
"Security" table
Admin, Update (Add, Edit, Read) and "Ready-Only"

Any suggestions would be appreciated.


-M

 

[TonyT]

Hi Kane,

I use something like this in one of my programmes and it works just fine, I
have a 3 tables set-up, Employees table, Access level table
(view/edit/delete/edit this list etc) 10 different levels, and a 3rd table
User Access, which acts as a link table with a child field from the other 2
tables and a boolean yes/no for permission on each level.
Splitting into 3 tables makes it easy to add different levels at a later
date should you require it.
Then I have a further table which is un-linked and randomly named with the
password data *encrypted* in it by a simple algorithm, just to make it
slightly harder for casual prying eyes to determine other passwords.

Having said all that, this programme is for small businesses that are after
particular things, providing security against rogue employees is not high on
their agenda, useability and simplicity is.

Plus it's always worth remembering that the data that they are storing is
theirs and theirs alone.

TonyT..

 

[Mr.Kane]

Tony,

Thanks for the input. After setting up the tables, how would I go about
writing code to grant access based on the specific Boolean values
assigned to a particular User.

Since at this point the security component would be driven by Access
itself, from within the tool it brings added complexity since I am not
incorporating Network IDs are part of the Login process.

Users just look up their name in a drop down menu or enter it and enter
their password, (the password is stored along with the related user
name in a separate "Security" table.

A simple validation script checks the password using DLookup again the
correllating values in the "Security" table. At the moment this is my
entire security config. I would like to add permissions to it to
further strengthen this component of my app

Any thoughts are appreciated.
Marc

 

[TonyT]

Hi again Mr Kane,

Again, very similar to my setup, however I have a couple of public functions
(CallUser & UserPerm), the first checks the password against the *security*
table when they enter it and decodes the algorithm used to hide the values in
the security table, and sets a public variable - CurrUser - to their current
userID. The second function checks the current user against the permissions
table to check they have the required permission to edit / delete a record,
at returns a message if they do not. So the OnClick event of each *secure*
command button starts with;
If UserPerm(CurrUser, LevelRequired(long value)) Then
rest of code here
Else: "msgBox"No permission"
End If
If the boolean is true, they can carry on without even knowing the check has
been made, else it fires the message.

As a side note, I also have a timer event on the main menu form (which never
closes) which resets the CurrUser back to default user with minimal
permissions, after a given time period, incase the user forgets to log-off.

TonyT..