Hi,
Acess2003
Multiuser enviroment
Objective:
Maintain an Access database, which is highly secured for normal users, while still having admin possibilities. Single sign-on would be nice, but I guess not absolutely necessary.
Being quite new on Access, but with some experience with VB, I choose this concept when designing the security for my first bigger Access DB (I've later learned that it's probably a bit unconventional):
* MDB-file is pwd-protected (this is Admin login I suppose), known by all user that have read/write access to the folder where the DB-file is located.
* I have no MDW-file -> no groups or users maintained in the DB.
* I've unchecked everything possible in the startup options (and disabled the shift key),. and a switchboard form opens on startup.
* Upon opening DB, function checks the Active directory, and depending on which group the user is in assigns a "Userlevel" to the session.
* Depending on userlevel, different buttons are shown on main switchboard, leading to different reports and forms.
* If admin userlevel, button is visible that can enable the shift-button, thus enabling editing forms and such.
Questions:
* Does this sound like a reasonably good concept or not?
* If no, what should I absolutely do differently?
* What possibilities does there exist to access the data in the DB even though you're not in the correct group? Example: Table A has three columns. Form B displays some records in this table. If user has userlevel=1, all columns are shown. If userlevel=2, column C is hidden. Do you see any ways the user in userlevel 2 can work around this limitation?)
* Is the database secured against external connects? (Example: Can someone create another DB, that connects to my DB (with VB for example) and extract information to his unsecured DB? - if yes, how do I protect against it)
Thank you very much in advance!
Acess2003
Multiuser enviroment
Objective:
Maintain an Access database, which is highly secured for normal users, while still having admin possibilities. Single sign-on would be nice, but I guess not absolutely necessary.
Being quite new on Access, but with some experience with VB, I choose this concept when designing the security for my first bigger Access DB (I've later learned that it's probably a bit unconventional):
* MDB-file is pwd-protected (this is Admin login I suppose), known by all user that have read/write access to the folder where the DB-file is located.
* I have no MDW-file -> no groups or users maintained in the DB.
* I've unchecked everything possible in the startup options (and disabled the shift key),. and a switchboard form opens on startup.
* Upon opening DB, function checks the Active directory, and depending on which group the user is in assigns a "Userlevel" to the session.
* Depending on userlevel, different buttons are shown on main switchboard, leading to different reports and forms.
* If admin userlevel, button is visible that can enable the shift-button, thus enabling editing forms and such.
Questions:
* Does this sound like a reasonably good concept or not?
* If no, what should I absolutely do differently?
* What possibilities does there exist to access the data in the DB even though you're not in the correct group? Example: Table A has three columns. Form B displays some records in this table. If user has userlevel=1, all columns are shown. If userlevel=2, column C is hidden. Do you see any ways the user in userlevel 2 can work around this limitation?)
* Is the database secured against external connects? (Example: Can someone create another DB, that connects to my DB (with VB for example) and extract information to his unsecured DB? - if yes, how do I protect against it)
Thank you very much in advance!