Let me preface this with the fact that I don't know much about VBA. I have created a database that will be split and the front end will be distributed to 14 different project managers. The database is intended to allow users to enter bi-weekly updates to their projects. I hope to get some guidance on creating usernames and passwords so that PMs can only access their project data.
I don't mind creating and issuing usernames and passwords to each user, but I am trying to avoid creating 14 copies of the database. That would make providing updated databases a nightmare.
Hopefully this isn't too basic of a question for this group.
yes, you can control users access, you need to create a user table in your backend database that will hold their firstname, surname, password, and any other user specific data that you might need, e.g. department, access level, etc.
In your front end, you need a login form and you make that the Display Form for your fe (set in the access options menu). You check the username and password entered matches what is held in your database, and if it's correct, you load the appropriate form, usually a main menu, and show them the appropriate data based on the login they used. You may need to hold the login they used in a TempVar, so you can access it from any form, report, query etc in your frontend.
You will need something like LASsie (Light Application Security) or program a similar solution yourself.
Also, you may enjoy my article Deploy and update a Microsoft Access application with one click.
(If you don't have an account, browse for the link: Read the full article.)
Related
I'll summarize the operation to give you a background.
I've an Access database in place with forms wherein a user inputs with diverse fields. This file is hosted on a shared network for my organization. The database is split between backend and frontend.
Issue(s):
- Multiple user cannot access a single form and simultaneous entries are not allowed.
- In case, if the file is opened by mistake it will prevent to enable submissions for other users on the network.
I am not sure if this will work as I am a newbie in Access. But can we create a HTML based form which will fill the tables in Access? If yes, kindly help in creating one. If not, kindly suggest an alternative.
Sample table attributes:
Date Name Type Remark
This is the same type of setup I use at my company. We have one backend (all the tables) and a frontend (queries, forms, reports, etc). The way to allow multiple users to work with the database is to have each user run their own instance on their computer ie have them copy/paste the frontend to their local desktop. Another thing to keep in mind is that the tables must be set up with primary key and autonumber field to prevent users from accessing and editing the same record.
I have a business case where I am developing a simple search UI, I would like to link it to our SQL Server as the performance is pretty fast when I test it. My plan is to create a few linked tables and create a tidy search form for each linked table (different datasets).
UPDATE, here is a better description of my plan
I have a single user ID / Password that I want to use in each ODBC connection on 4 linked SQL tables (its considered an APP ID at my company, the PW never changes). There will be 4 forms that link to each of the tables and each user will have their own accde db with a launch file that places a copy on the users profile drive and opens it from there. This allows each user to have their own copy of the accde file and everyone to have only one "launch" file.
This search UI, will have upwards of 2000 users, who knows how many actually executing a search at any given time. Security is not a concern as it is a DB on an internal SQL Server which is managed by our IT area. The end users are all internal employees.
Will using just the one ID potentially lock out my APP ID and cause major issues?
Will MS Acess no longer be a major choke point if each user has their own accde file?
Thank you and sorry that my first version of this question was not 100% clear, thanks!
So, I figured I would circle back and post up what I did. While providing a singular app ID with a File DSN in a shared location for the Access Front end would have worked, it was ultimately not the most stable solution.
Since I am in a large corporate environment, my options were extremely limited. That said, I was able to have a read only role added to the database I manage, sourced an "Active Directory Group" that had the membership I needed (as a bonus, the membership was managed at the corporate level!) and I added the AD Group to the read only role.
I then created a File DSN using windows authentication security, placed it in a shared folder location (where I also added the same AD Group to a read only role on the folder) and emailed out a shortcut to a simple batch file launcher that copies an ACCDE database to the users profile drive.
The accde houses all the necessary search forms, logic and linked tables needed for the end user. I even build in a back door that crashes out the end users (with a warning) with a simple file rename. The front end runs surprisingly fast with the test group of 100 individuals and is rolling out to 500 next week.
Viola. Hope this helps someone trying to do something similar.
I've already created a Welcome page where a user chooses amongst 3 user types (buttons). Each button takes the user to their own login forms. After they login they are each taken to their own switchboard.
The problem is they can still see the options on the left. I "unchecked" the option in options menu, but they can just check those if they wanted to, to see them.
I want some users to be locked out from accessing those navigation options permanently because there's sensitive information in some of the tables.
Is there any way to do that?
If you want to accomplish your objective using just Access then you'll need to store the tables in an .mdb file and configure it to use user-level security. However, that approach has at least two significant disadvantages:
User-level security can be a nuisance to set up and maintain, and
That security model (encrypted .mdb files and associated .mdw "workgroup" files) is deprecated.
If you're serious about your security requirements then you'd be better off using something like Microsoft SQL Server (perhaps the Express Edition) for your back-end data store.
We have a collection of reports on our JasperReports Server right now, most of which have input controls.
I recently implemented Roles, adding a specific role for the users of these reports (with the intention of adding additional roles in the future for other reports, not associated with this specific group).
All of the reports, some with, some without input controls are working with the exception of one that has a single input control (multi select query tied to a dropdown) that does not work for the users assigned to the role I just put in. I can access it normally as admin user.
I have checked to make sure that the role has Execute only for the Queries and for that specific query, and for the actual Input Control and the report.
If I can post something that will help troubleshoot this issue, I'm happy to do so...looking for any ideas that might help...
At this point we have not found a solution, however, I did delete the report from the server, and re-upload it from iReport, and reconnected the Input Control. After that little exercise, everything is back to working normally, and the user with the assigned role has access to everything she needs.
We have a Power User who knows the database very well and has become a great asset since we gave him access with SQL Server Management Studio. Unfortunately, we also gave him a user/pwd used by all Development which carries ability to change data.
Without going into all the wrongs behind having such a privileged db-user and giving such access an end user, is there a tool that would give the user ability to query without any ability to update/insert/drop/ or anything else?
My guess is that the user probably does not want to change the database -- for his/her protection as well as yours.
Just enable this user's login using Window to have read-only access. Or, set up another read-only user and give it to the power user. At the extreme, you may need to change the password of your super user account.
I would recommend in the mean time that you set up a development group, give the group privileges, and assign the developers to the group. They can then login through that id. Perhaps one day, you'll be able to disable your super user account. For now, you should think about ways to work around it.