hassan.khalifeh10@outlook
New member
- Local time
- Tomorrow, 01:57
- Joined
- Aug 30, 2024
- Messages
- 6
Kindly, What are the required steps to specify access for different users over a certain program and DB access mode?
I need to specify access over a program in access (Reports, Forms, level of access in a specific form such as allow to edit or add or just view)Hi. Welcome to AWF!
That's a very broad question. Consider providing more details about your situation.
thanks, I want to give access over some reports, & Forms. where a user can edit or export, while other user should not.I believe you need to search this forum for topics including the phrase "role-based security". This question is also tied into "securing a database".
The overview - VERY high-altitude overview - is that ...
- You must set up forms to do everything for you, including a dispatcher or switchboard form that can launch other forms.
- You need a table of users and their roles (or their abilities) and a reasonably secure method of login. The structure required for this will highly depend on what you intend for each role to do (or not do), so I can't give you a structure to consider.
- Every form should be aware of the user roles being present and significant in deciding what to do (or not do).
- There can NEVER be a time when an ordinary user (specifically, not the developer) can see any structural elements like tables, queries, or form and report design view.
- NO DIRECT DATA ENTRY OR MODIFICATION TO TABLES!
- You have to do "evasion" things like hiding the ribbon and blocking off some of the shortcuts that would get you inside the architecture.
This is NOT a trivial process and you should expect it to take a while to implement. Many of us have published short articles on these subjects, but our member isladogs has several extensive articles on the subject. MajP has also offered some guidelines. I have written a few posts on these subjects myself, but the last time I dealt with this in detail was over 8 years ago, and I have retired since then so I'm a little bit rusty on the details.
One detail I am certain is still a requirement is that you MUST perform a detailed "requirements analysis" because otherwise you will end up having to go back and fix things A LOT. We call that "retrofitting" and it is the easiest way I know to break things you though were fixed already. Usually, retrofitting means you didn't get it right the first time.
There is a software engineering rule that says "If you didn't have enough time to do it right, how will you EVER find enough time to fix it?" My dad was a do-it-yourself carpenter and my father-in-law was a carpentry contractor. They both said that the rule for building ANYTHING had to be "Measure twice, cut once." If you plow into the implementation without having a good design document as a reference, ... it's like going on a trip without a road map. How will you ever know you have arrived if you weren't sure where you were going?
Even that distinction may be difficult. Setting a form to "allowed edits = false" may prevent you changing values in combo boxes for instance, and I'm sure that's not what you want.I need to specify access over a program in access (Reports, Forms, level of access in a specific form such as allow to edit or add or just view)
There are other ways that allow you to lock/unlock specific controls if you insist. Since I rely on the BeforeUpdate event to enforce security, I almost never actually lock forms. When I do, I use the tag property of the form to identify the controls that have a fixed property of locked or unlocked. For example, controls used for searching are always set to NOLOCK. Controls like the PK are always set to LOCK. Then you call the code passing in the form object and a lock or unlock command.Even that distinction may be difficult. Setting a form to "allowed edits = false" may prevent you changing values in combo boxes for instance, and I'm sure that's not what you want.
Public Sub LockControls(frm As Form, bLock As Boolean)
Dim ctl As Control
For Each ctl In frm.Controls
Select Case ctl.ControlType
Case acTextBox, acComboBox, acListBox, acCheckBox
Select Case ctl.Tag
Case "NoLock"
ctl.Locked = False
Case "Lock"
ctl.Locked = True
Case Else
ctl.Locked = bLock 'toggle locks
End Select
Case acOptionGroup, acOptionButton, acCheckBox ''not working ---- try adding acObjectFrame
Select Case ctl.Tag
Case "NoLock"
ctl.Locked = False
Case "Lock"
ctl.Locked = True
Case Else
ctl.Locked = bLock 'toggle locks
End Select
Case acCommandButton
Select Case ctl.Tag
Case "NoLock"
ctl.Enabled = True
Case "Lock"
ctl.Enabled = False
Case Else
ctl.Enabled = Not bLock 'toggle locks
End Select
End Select
Next ctl
Set ctl = Nothing
End Sub
Thanks, but where to specify the access for a specific user?There are other ways that allow you to lock/unlock specific controls if you insist. Since I rely on the BeforeUpdate event to enforce security, I almost never actually lock forms. When I do, I use the tag property of the form to identify the controls that have a fixed property of locked or unlocked. For example, controls used for searching are always set to NOLOCK. Controls like the PK are always set to LOCK. Then you call the code passing in the form object and a lock or unlock command.
This procedure goes into a standard module so it can be used by ALL forms. Do NOT put it in the class module of a specific form.
Code:Public Sub LockControls(frm As Form, bLock As Boolean) Dim ctl As Control For Each ctl In frm.Controls Select Case ctl.ControlType Case acTextBox, acComboBox, acListBox, acCheckBox Select Case ctl.Tag Case "NoLock" ctl.Locked = False Case "Lock" ctl.Locked = True Case Else ctl.Locked = bLock 'toggle locks End Select Case acOptionGroup, acOptionButton, acCheckBox ''not working ---- try adding acObjectFrame Select Case ctl.Tag Case "NoLock" ctl.Locked = False Case "Lock" ctl.Locked = True Case Else ctl.Locked = bLock 'toggle locks End Select Case acCommandButton Select Case ctl.Tag Case "NoLock" ctl.Enabled = True Case "Lock" ctl.Enabled = False Case Else ctl.Enabled = Not bLock 'toggle locks End Select End Select Next ctl Set ctl = Nothing End Sub
Did you look at my example? Did you see the table where users are assigned values for view, add, change, delete? Did you look at the code in the four relevant events (Current, BeforeUpdate, BeforeInsert, BeforeDeleteConfirm) where the user's security level value is compared to the security level value assigned to the form?Thanks, but where to specify the access for a specific user?
Thanks, but where to specify the access for a specific user?
We haven't heard from @hassan.khalifeh10@outlook in a week. He seems to have lost interest.Pat just showed a way to use the "tag" property, but then you have do decide all the special actions to want to allow/restrict, and then for every form, consider which controls you want to manage in this way. It's very laborious, and as soon as you do it, some users will request equally complicated amendments.