Permissions and security within program

GBalcom

Much to learn!
Local time
Today, 14:24
Joined
Jun 7, 2012
Messages
460
I have a program I made that has morphed into two versions; One for the office, one for the shop floor. I've been maintaining these separately, but for the sake of maintenance, I'd like to pull them together again.

They are very similar; The office version sees a bit more information that is sensitive.

What is an easy way to handle this?

I've considered a registry Key, a function to find the computer name and reference a hidden table, or simply using a constant in my VBA code of the master development copy, and toggling that back and forth before I make a new .accde version for each FE.

Any thoughts appreciated!
 
I have a tUsers table, with userID, Name, and Level
bob12, bob smith, M
pam4, pam jones, U

when user opens the db, the main menu form will open and read the userID. Then lookup that persons rights in order to enable/disable controls.
Code:
sub form_load()
dim vUserID, vLevel

   vUserID =  Environ("Username")      'get userID

'get level from user table
   vLevel = Dlookup("[Level]","tUsers","[userID]='" & vUserID & "'")

'now, enable/disable items on form
   select case vLevel
         case "A"  'admin 
             'all is enabled

         case "U"  'normal user
             txtBox1.enabled = false
             txtManager.enabled = false

         case "M"  'manager
             txtBox1.enabled = false
   end select
end sub
I grab the userID when they open the main menu
gvUser = Environ("Username")

Then lookup their user level in the tUsers table
 
Ranman's suggestion is good. As long as your users need to log in to the terminal (perhaps because it is in a domain environment), and as long as they remember to log out when they are finished doing what they do, this would work.

The alternative is that Environ("Computername") will tell you the name of the computer as it appears on the network. Again, in a domain environment, all computers log in TWICE - once for the machine itself and once for the user. The machine's login simply identifies network settings by group policy downloads (usually). If you can identify the names of the shop floor machines, you could restrict their functions that way.

I've run across smaller or less formal shops where the workstations were always enabled. If your machines stay logged in and enabled because users don't log in separately, you could have a HOSTMACHINE table that lists some level of abilities allowed and disallowed for that machine. That DOES, however, mean that a supervisor would not be able to perform supervisory functions from a shop-floor machine. Which is why you would really want the ability to have individual users log in.
 

Users who are viewing this thread

Back
Top Bottom