Limit users (after Login) permissions.

[emihir0]

I have a DB with user Login forms and everything works fine (ie. they login, have unique ID etc).

However, the difficult part is actually limiting their permissions.

For example, some buttons should not be visible for some users, some forms should not be available, some forms should be available only in read-only mode and so on.



What is the standard procedure to do this? Currently I kind of hardcoded what each user should see, but that is not really a scalable method into the future when I expect my DB will be used by multiple users (50+) at different permission levels (5-10).

[NTC]

well it is all custom so there is no 'standard' in the sense of the database brand; with that many users the only sane way is to assign them into classes. Generally this is implemented with a table that has User ID and Security Class..... then for each class one must implement the features you seek. I recommend clients to try to avoid more than 3 classes just because to nuance such code features so finely begins to involve lots of code maintenance down the road.

another thing to consider is a separate front end; generally this is to be avoided since maintaining 2 front ends is twice the development. However if your design is mature and you have a large group of users that are 'read only' - then to make a front end with all the forms locked is fairly straight forward...and one doesn't have to even use any sort of log in for this audience.....

[emihir0]

Thanks. I was thinking more of a many-to-many relationship between "Users" and "Permission class".

However, how would you implement this? I have not tested this but can you change some control's attribute (e.g. "visible") value when the form is closed?

Ideally after user logs in, the following pseudo will kick in:

Code:

For each class the user is in
    setRestrictions(class)
Loop

Where we can have SELECT CASE depending on Class in the setRestrictions. If you can set here that on 'someForm' a specific button is .visible = False then that is great, but can you do that without opening the form, and can you save it so that it remains that way for the duration of when the DB is opened? I'm guessing that some "Before Quit" application code would set all these properties back to the 'standard' setting.

[NTC]

It is implemented with a User table. The db must know what users to expect, and each user must be assigned to a Security Class. So this part is a simple table.

The log in must compare the log in field that the user just entered, with the log in table - and at the same time most likely the passwords. This is implemented with queries that do, or do not, return a valid record.

Once the User is established, then so it of course their Security Level - - and then thru out the database one manages features and record sets consistent with the security level.

It is not novice stuff. It takes a good bit of work and experience to make it all work together. This topic is not specific to Access per se - this is true of any brand database.

[alansidman]

Here is a link to a tutorial on permissions based upon a categorization, ie. type of user.

I have used this in the past and it works really well

http://www.mrexcel.com/forum/microso...ns-system.html