in message:
Thanks, Rick. I think I need to do some experimenting. I agree that one
login should do anything you are allowed to do. It is just that I have seen
people having a lot of problems trying to get it implemented correctly.
Implementing Access User Level Security (ULS) *IS* a complicated process
until you get the hang of it. Diligent study of the topic from various sources
and practicing on dummy databases until you "got it down" is really the
best advice. Once you understand ULS it becomes a very valuable tool
in your arsenal. You have more control over the application and what
people can and cannot do.
Quite often people just jump into the subject without study by using the
Security Wizard. Although the wizard is a very useful tool, it takes away
the *knowledge* out of the equation. When something does not quite work
properly (and most often something will) then the user is left with, "Now
what did I just do?" And more importantly, "How do I fix this?!"
Even worse off some people just jump into the Security menus and screens
and start "playing" with things, not even realizing they are messing up their
default system workgroup file! I think it would be great if Access could
automatically detect if you are modifying the system.mdw and just pop
up a warning message box saying something like:
"You are about to modify the system workgroup file. This will affect
all databases you use on this machine. Are you sure you wish to proceed
with these changes?"
Also, the first screen of the Security Wizard should present a form that
has links to the Microsoft security information articles and some text about
*suggesting* reading up on the subject if you are a first time security user.
Just my 2 cents.
What I have been doing for the back end is putting in a startup that does nothing
but a docmd.quit. Of course, if a user knows about the Shift key, they can
get around that. Usually they do not. My problem is that all my users are
in IT, so it will take something pretty tricky to keep them out.
I always distribute mde's to limit what a user can do. It is almost
impossible for them to do anything that is not in my App. If they try to
close the main form, it quits the app.
I fall somewhat on the fence on this issue. I believe that one should first
analyze *what* they are trying to protect and from *whom.* I have used
all three types of security and each worked just fine for the project
requirements.
- Database-level password
I used this for an app that had no sensitive data AND the users were very
low tech. This was MORE than adequate to keep lurkers out.
- Home-grown security system.
I have in the past created a login-type system with user information stored
in a table. I further protected the passwords by incorporating some KB
article techniques. The app needed just a little more control over who
can do what. I assigned users to various groups and everything worked
just fine. The users were a bit more sophisticated and might play around
with things they should not be so I controlled where they could go with code.
Was I re-inventing the wheel? Perhaps, but at the time I had not begun to
use ULS. I had glanced at various technical articles and saw that it was a
VERY complex task so I decided to put it off for future study. Was it a
waste of time to make something myself? I do not believe so. I learned
a lot of new coding techniques so I came away from it with new-found
knowledge. What better way to understand how the "wheel" works than
to take it apart? Any time you learn something new I believe time is not
wasted.
-User Level Security
I needed to implement full ULS with all the bells and whistles for a personal
complex application that required really tight control over where and what
users can have access to. It took quite a while to really understand how
the whole process works, but it was needed.
Now understanding how ULS works, I can actually set up some type
of security on a database much faster with ULS than by making something
myself. That, however, comes from the experience and knowledge.
I would recommend ALL of the following reading material before
jumping into ULS if you want to pursue this topic:
http://www.ltcomputerdesigns.com/JCReferences.html#Security
Do not expect to master the subject in an hour, give yourself time.
It can fulfill all your security needs, but many steps need to be
taken before that can happen. Just remember too that ULS has
its own limitations.
Good luck,