Access Database Security

[cantona]

HELP!!
I would like to secure my access 97 database, without using the security wizard and .mdw files.I want to simply create a users table which includes basic information, such as user name, password, name etc..
I would like to create a form which would open using an autoexec macro, where the user enters their username and password, i then require some code to check what has been entered on the form against information held in the users table. If there is a match i would direct them to the main menu form, if there was no match bring them back to the login form. Is this possible? and has anyone got any suggestions on how to code it?? as im very new to vba.

 

[GDGarth]

Your database won't be really secure if you do it that way. Use the User-Level Security Wizard, and make sure you follow all the steps. It works pretty well, is quite flexible, and will leave your database pretty well secured (of course, hackers may be able to get in, but they will with almost any system).

Make sure you understand how to set up security, or your database still won't be secure. Here's the basic steps (this is not a substitute for reading the instructions):

1. Create a new workgroup, with a different name and ID that the default "system.mdw".
2. Join the new workgroup.
3. Create a new user name for yourself, making it part of the "Admins" group.
4. Remove the default "Admin" user from the "Admins" group, but leave it in the "Users" group.
5. Set a password for your administrator's user name.
6. Log onto the database as the administrator.
7. Run the user-level security wizard.
8. Set user and group permissions on the new, secured, database.

Use group permissions where possible - it's a lot easier to maintain.

 

[cantona]

Thanks for your help!
i know it probably sounds silly, but i dont really need that level of security. I just really want to check that the user exists, so that i can personalise information that appears on forms. The database is quite small and aimed at only a small number of users. its not a corporate system, therefore, im not too concerned about security issues. Has anybody got any suggestions on the original post??

 

[GDGarth]

You can set up user names even without using the User-Level Security Wizard (even using the default "System.mdw&quot. Put a copy of System.mdw in the same directory as the database, so everyone is using the same one.

If you put in a password for one username, everyone will be prompted for their name and/or password (they don't have to actually have a password). Then you can use the CurrentUser() function to find out who they are, and do the rest of your customization. That way, you don't have to write a bunch of code just to assign user names.

I'd still set up security, if it was me. You can always give everyone full rights, if you want.

 

[LittleSmudge]

The thing about implementing Access's own user level security is that :-

* It WILL do everything that you want it to do.

* It WILL be more secure than anything else you are likely to come up with

* YOU have the control of how TIGHT you make the restrictions

* There are plenty of people around here with Access Security Model experience to give you a hand along the way.
( As soon as you do something custom - you are the expert and you're on your own. )

* YOU will end up with portable experience that can usefully appear on your CV


IMO. Custom solutions are a dead end path.


'ope-that-'elps.


G LS
accessaceNOJUNK@valleyalley.co.uk
Remove the NOJUNK to use.

Please remember to give helpful posts the stars they deserve!
This makes the post more visible to others in need! :-D