Security Issue

S

Sandpiper

Registered User.
Local time
Today, 14:31
Joined
Feb 21, 2006
Messages
55
Hi

I have been asked to write a database that holds sensitive information (as many do) where different people have different accesses to tables/back end etc. This isn't a problem, and I can set up user groups etc. However, I've never done this on a network before.

The users already log into thier network and so have a user name and password.

How can I get access to recognise their network login, and use those details for setting access rather than having to log in to the database again. So basically it is bypassing the log in screen.

Any help would be much appreciated

Thanks
 
This will give you the current username
Code: 
Environ("Username")

I don't know how to get the password they logged on with, although I think there is an example of it on the sample databases bit of the forum.

I've made a Users table with usernames and yes/no fields saying which parts of the database theyve got access to.
You can use DLookup to see if they have access and if not then show a message or something.

Code: 
   Dim uName as String
   uName = Environ("Username")
   If DLookup("[Secure]", "Users", "[UserName] = '" & uName & "'") Then
      MsgBox "Congrats"
   Else
      MsgBox "BYE"
   EndIf

Hows that?
 
What you are doing when you look up the username from the environment is to "trust" the O/S login. Not always a good idea.

To bypass the Access Login Screen is to invite problems. You have to work much harder in this environment because folks can work a little nasty trick to become administrators.

I strongly urge you to search this forum for topics such as Workgroup Security and really look at the methods people use to secure databases. I cannot urge you strongly enough that trusting Windows Login is a total mistake because there is no guarantee that your user's login involved a password. Windows (for private shops with local networks) allows logins without passwords. Unless you are the domain admin for the network, you have NO guarantee of the accuracy of the user's login.

Then there is the "security in layers" approach. (... spoken with Scottish accent: Security is like an onion. It's got layers. ... spoken with a donkey accent: But I like parfait!) Use Access login to assure that you do not have a spoofing user. This is because Windows security is far from parfait... (sorry for the bad pun).

Some time ago I posted some articles about workgroup security. Find them and see what I wrote about how to protect yourself - and WHY.
 
You must log in or register to reply here.

Similar threads

8
Improve FE - BE performaces on LAN
2
Replies
26
Views
1,022
amorosik
amorosik
D
Darshan Hiranandani : How to Access a Password-Protected MDB Database with an MDW File and Unknown User Password?
Replies
3
Views
540
Isaac
Isaac
A
Solved Access Security Notice
Replies
17
Views
1,006
Isaac
Isaac
J
How to see the UN and PC Name of locked Records
Replies
14
Views
470
jmark@stayintouch.us
J
P
Access 2021 setup
Replies
15
Views
643
Pat Hartman
P

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom