Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Multiple users should not see each others' data

Status
Not open for further replies.
RYankowitz

RYankowitz

Programmer
Jun 13, 2000
27
This is a general, architectural, question...

I have an application used by multiple salespeople, each one writing orders into the database. Allowing them to see each other's orders would be a bad thing, as they are, after all, salespeople, and gunplay would likely break out if they find out how high the commissions are the others are getting.

So, each order record has a Salesperson's ID field, and each user only gets to see his own records.

The question is: Just how reliable and secure is this? I worry that after locking down the tables and forms there may still be some techniques I should apply to make it better.

Are there any resources for this type of application relating to Access you've come across?

Thanks,

Bob
 
Sort by date Sort by votes
Hi Bob!

Since you didn't say exactly what you have done it is hard to tell if it is sufficient or not. But before we continue in this thread, you might want to check the FAQ's here because there are several that apply to security and you will probably find what you want there.

hth
Jeff Bridgham
bridgham@purdue.edu
 
Upvote 0 Downvote
Jeff,

Thanks. I reviewed the FAQ's, and one in particular applied (How can I limit users to seeing only their own data on a form?), but it actually illustrated my question.

The methods it described showed how "loose" Access is in this particular case. For example, while the Jet engine automatically handles referential integrity, and Access' security system handles user-level security, row-level security seems to be entirely up to the database owner/author. And, since that's me, I'd feel better not having to roll my own from scratch.

I'm looking to see if anyone knows of the, dare I use the term, "best practices" method of establishing row-level security, which has the least chance of being hacked.

Bob
 
Upvote 0 Downvote
Bob,

Here's the thing: Access security is great at keeping people from accidentally seeing things they're not supposed to see, it's OK at keeping people from doing a little snooping and seeing what they're not supposed to see, and it is totally unable to keep out a dedicated hacker.

As far as I know, you're pretty much on your own for row-level security (writing queries that get only the records for the user, using RWOP to get at a table for which the user does not have permission).

Let me know if you want me to expand on either or these points.

Jeremy =============
Jeremy Wallace
Designing and building Access databases since 1995.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

atadbitslow
  • Locked
  • Question
how to search data and display matches that include the user's input, but not necessarily match
Replies
5
Views
609
atadbitslow
atadbitslow
MikeRei
  • Locked
  • Question
Help taking horizontal data and displaying it vertically (continuously)
2
Replies
27
Views
2K
dhookom
dhookom
TheresAlwaysAWay
  • Locked
  • Question
Long-established database suddenly giving error Cannot open macro [Name] because it is not valid
Replies
6
Views
799
dhookom
dhookom
v5652
  • Locked
  • Question
Ribbon icons missing each time when MS Windows 10 update
Replies
0
Views
351
v5652
v5652
ameedoo3000
  • Locked
  • Question
switch between two open database
Replies
12
Views
1K
Andrzejek
Andrzejek

Part and Inventory Search

Sponsor

Back
Top