Results 1 to 5 of 5
  1. #1
    cantankerousoldyankee is offline Novice
    Windows 7 64bit Access 2010 64bit
    Join Date
    Sep 2014
    Posts
    2

    Very confused about restricting access to select data in a table

    I'm working on an .mdb in 2010 given the built-in security that 2k7 and later abandoned (sadly). What I'd like to do seems rather rudimentary for a database suite that would bother to include "user-level" permissions functionality at all. In a nutshell:



    * Create a table of records
    * When any one of the above records is edited such that field_2 is changed from a value of "no" to "yes", only select users can see them now

    Not simple, apparently. I thought perhaps that I could permit-all on a query that only sought the "no" records, and permit-elite on a query for the yes's. Nope. Folks can gleefully and at will just open the underlying table in datasheet view and snoop away. Lock down that table? Nope--what applies to the table applies to the query by extension, so there's no virtual difference between them in permissions.

    Hide the fields in table view? Nope--users can just unhide them, since "hide" isn't part of the table design and again, users can chuckle away as they strip the veil from the table with ease.

    I can't use two separate tables either, because the application is an incident ticket application. Thus one user with low entitlements might create, and even assign a ticket, while the assignee might then take custody of that ticket and proceed to write confidential things in it. This is akin to email, where all the world has write access to your inbox, and no read access.

    What the...? Really?

    Sure could use help--or a sanity check.

    Thanks.
    Last edited by cantankerousoldyankee; 09-19-2014 at 01:14 PM. Reason: Clarity, and remediation of terrible grammar.

  2. #2
    June7's Avatar
    June7 is offline VIP
    Windows 7 64bit Access 2010 32bit
    Join Date
    May 2011
    Location
    The Great Land
    Posts
    52,815
    Don't let users interact with tables and queries. Set database properties to hide the navigation pane and disable shortcut menus and hide the ribbon. I also have a customized ribbon so users don't even have any of the intrinsic Access tools.

    However, any user who knows the shift key bypass can override most of the project settings.

    Another option is to deploy an executable (mde/accde) frontend.

    If users know the location of backend they can just go open it directly.
    How to attach file: http://www.accessforums.net/showthread.php?t=70301 To provide db: copy, remove confidential data, run compact & repair, zip w/Windows Compression.

  3. #3
    cantankerousoldyankee is offline Novice
    Windows 7 64bit Access 2010 64bit
    Join Date
    Sep 2014
    Posts
    2
    Hey, thanks for a quick reply.

    I've tried the mde, but that doesn't seem to stop them from using the "customize quick access toolbar" at the top left (in the titlebar of the whole window) and just unhiding the navigation and ribbon views. Did I miss something in the options?

    As far as the "backend" goes: are you referring to the original .mdb whence the .mde came? If so, my plan would be to store that in a folder that only I can access. If that breaks the .mde, then I'm not sure what I can do to avoid "security in obscurity".

    Thanks again.

  4. #4
    June7's Avatar
    June7 is offline VIP
    Windows 7 64bit Access 2010 32bit
    Join Date
    May 2011
    Location
    The Great Land
    Posts
    52,815
    I've never used mde/accde. I thought it did not display navigation pane and I also thought the ribbon could not be customized. I did not think these settings were available for change by user. What good is executable if users can modify?

    Oooops, I took for granted this is a split database. If this is a multi-user db, really should be split with each user running their own copy of frontend which links to common backend on server.

    I have code that customizes the ribbon and the "Customize" option is not available to users. I have not disabled the shift key bypass since my users don't have any interest in going in the 'backdoor' anyway.

    Review:

    http://forums.aspfree.com/microsoft-...tc-324677.html
    http://forums.aspfree.com/microsoft-...ue-323364.html
    How to attach file: http://www.accessforums.net/showthread.php?t=70301 To provide db: copy, remove confidential data, run compact & repair, zip w/Windows Compression.

  5. #5
    qa12dx is offline Competent Performer
    Windows 7 64bit Access 2007
    Join Date
    Nov 2012
    Location
    india
    Posts
    112
    it is very easy to get to access tables. if you have a spare machine, and all the comps are on the same network as in workgroup, dont worry about domain, then id suggest;have the tables in MYSQL and odbc to access. MYsql is free and very easy to setup. the spare machine is really for blocking internet access to that machine while allowing intranet traffic. Look at the software XAAMP. If you know access, you'll be able to google and get mysql up and running. if not, msg me. i have it running on my LAN

Please reply to this thread with any new information or opinions.

Similar Threads

  1. Replies: 7
    Last Post: 08-20-2013, 06:03 AM
  2. I am so confused on how to normalize the data? please help???
    By coffayndtea in forum Database Design
    Replies: 2
    Last Post: 03-28-2012, 07:52 PM
  3. Restricting User Access
    By WayneSteenkamp in forum Security
    Replies: 23
    Last Post: 03-14-2012, 03:32 AM
  4. Select Data from SQL into an Access table
    By MichaelC in forum Programming
    Replies: 4
    Last Post: 07-28-2010, 04:10 PM
  5. access restricting users
    By jmskms in forum Access
    Replies: 2
    Last Post: 03-05-2010, 08:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Other Forums: Microsoft Office Forums