[AccessD] Access security integration with NT security groups

Stuart McLachlan stuart at lexacorp.com.pg
Wed Mar 19 17:33:12 CST 2003


I've looked into doing this with API calls a few times and have decided it wasn't worth the effort every time.  The security APIs are VERY tricky.

I have "futzed" it in the past by using folders :-)

Set up a series of sub-folders below your application directory, each one containing a simple text file.
Apply group rights to each folder.
In Access, try to read the file in each folder. If you can, you are a member of the group.
You can then use that information to control access to various parts of your access application.



> Thanks for the response Charles.  I guess I worded my question incorrectly.
> 
> 
> I do realize that Access security does not integrate directly with NT
> security, and I do assign my permissions by group.  Doing this purely with
> Access security would just be too easy, and is sparking some ideas :)
> 
> I'm looking to accomplish 1) centralized Access application security by the
> network admins and 2) remove the need for a logon by the users for Access.
> 
> The vision I have is for the Network Admin to simply have to add users to
> the NT group.  When the Access app is opened by a user, the user is
> authenticated through code (their NT groups are evaluated), and are given
> access based on these NT group associations.  
> 
> The Administrator would not have to individually add personnel to each
> Access app, and the users would not have to have a separate logons for each
> app.  
> 
> For this app and environment it's a no-brainer, I'll do straight Access
> security.  They have 25 static users, 3 user groups and only one Access app.
> However I've been in environments with dozens of secured Access apps across
> the enterprise (and each user may use 5 or more) where this type of security
> schema would be very handy.
> 
> Doable?  Feasible?  Any ideas on how to implement?
> 
> Mark
> 
> 
> -----Original Message-----
> From: Wortz, Charles [mailto:CWortz at tea.state.tx.us]
> Sent: Wednesday, March 19, 2003 4:18 AM
> To: accessd at databaseadvisors.com
> Subject: RE: [AccessD] Access security integration with NT security
> groups
> 
> 
> Mark,
> 
> Access does not use NT Security, it has its own security.  Access
> security came into being long before M$ developed WinNT and WinNT
> Security.  It would be nice if a future version of Access did allow
> integration with NT Security, or whatever version of Windows Security is
> in place then.
> 
> If you read the Access Security FAQ 
> http://support.microsoft.com/default.aspx?scid=%2Fsupport%2Faccess%2Fcon
> tent%2Fsecfaq%2Easp (watch for line wrap)
> you will see it is recommended that you set up security for groups and
> then assign individuals to groups.  Thus you, or whoever you appoint as
> security administrator of the application, only has to add and delete
> individuals from groups.
> 
> Charles Wortz
> Software Development Division
> Texas Education Agency
> 1701 N. Congress Ave
> Austin, TX 78701-1494
> 512-463-9493
> CWortz at tea.state.tx.us
> 
> 
> 
> -----Original Message-----
> From: Porter, Mark [mailto:MPorter at acsalaska.com] 
> Sent: Tuesday 2003 Mar 18 16:40
> To: 'accessd at databaseadvisors.com'
> Subject: [AccessD] Access security integration with NT security groups
> 
> 
> An old client would like to secure their mdb and I'm wondering how easy
> it would be to integrate Access security with NT security (ala SQL
> Server). I'd like to focus on security groups, not individuals.
> 
> Does anyone have experience with this and can point me in the right
> direction?  Or is it more trouble than it's worth?
> 
> (Win2k server, Win2K Pro desktops and Access 2000 mdb files.)
> 
> Thanks,
> 
> Mark Porter
> _______________________________________________
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
> 
> 
> This transmittal may contain confidential information intended solely for
> the addressee. If you are not the intended recipient, you are hereby
> notified that you have received this transmittal in error; any review,
> dissemination, distribution or copying of this transmittal is strictly
> prohibited. If you have received this communication in error, please notify
> us immediately by reply or by telephone (collect at 907-564-1000) and ask to
> speak with the message sender. In addition, please immediately delete this
> message and all attachments. Thank you.
> _______________________________________________
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com


-- 
Lexacorp Ltd
http://www.lexacorp.com.pg
Information Technology Consultancy, Software Development,System Support.






More information about the AccessD mailing list