Table Security and Restrictions Problem (1 Viewer)

[April15Hater]

Hello AWF friends-

I have a table (tblContractor) that contains all of the employees for our location and their information such as address, phone, ssn, and salary info. Every week the employee submit a report that calculates what their pay will be. The pay report pulls data from tblContractor because that is where the salary information is located.

My problem is that the salary information and the ssn are sensitive data that we wouldn't want other employees to have access to. Yet it's a double edged sword because in order for their pay report to function properly, they must have full read-access to tblContractor. Is there a way to give access to only one particular record?

Any suggestions?

Thanks,

Joe

 

[DCrake]

If you are using a login screen that determines who is currently logged in you can filter the contractors table to only retreive data associated with that user. Also do not give them access to the control centre make the linked tables hidden if you must.

David

 

[April15Hater]

If you are using a login screen that determines who is currently logged in you can filter the contractors table to only retreive data associated with that user.

I am using ULS and the login screen. In fact, for all users, the db username and the windows domain login are the same. So could I filter this on a global level? So lets say user jdoe opens up the back end and opens tblContractor. Could it automatically filter the table so that jdoe is the only employee shown?

I have already cut off the control center on the front end, but that doesn't stop them from holding the bypass key on the FE or BE. Now I do have a macro function in place to turn the bypass key off on the front end. But on the back end, I don't have any forms, so I don't have a place to put a hidden object to enable the bypass key in the event an admin needs to get in.

I guess the fact that I have to give them full read access to the table just doesn't sit well with me, especially when they can just access the back end and open the table.

 

[DCrake]

With regard to the back end if you open it exclusively and set a password on it to open it. Then in your front end relink your tables.It will ask you for the new password when linking for the first time. It will not ask you again. This will stop unauthorised access to the BE.

The only problem with using Windows Level login credentials is that if Joe blogs logs into the computer and while he is away form his desk Jane Doe accesses the app she will see his data. Also as administrator you will need to be able switch off the limitations so that you can have full control of the application.

David

 

[April15Hater]

I have 3 front ends, so I assume I'd have to do that on all of them. But now I hear that the Access db passwords aren't all that strong... Regardless, I'm sure it's better than nothing.

With respect to the windows level login, I don't use windows for the actual authentication. I just use it to identify the user in the shortcut, and have all the ULS usernames set verbatim to the windows domain login:

"C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE"

"C:\CCE\CCE Services Inc - Contractor Commander.mde" /user %USERNAME% /wrkgrp "J:\Security\ShareWorkgroup.mdw"

They would still have to enter the correct password for access.