[AccessD] Transactions

Drew Wutka DWUTKA at Marlow.com
Mon Sep 10 10:32:38 CDT 2007 

Oh, nothing should truly be dependant on user level security.  It is not
complex enough to handle more then the basics in regards to data within
a table.

The main point I have been trying to make in this thread is that the GUI
only method of protecting data integrity is just far too easily
thwarted.  I think part of the debate is that I have a different level
of 'normal user'.  I have several users where I work who are at or
beyond the level necessary to link tables from one database into
another.  

User level security isn't impregnable either, no security system is.
However, if properly implemented, the data within an .mdb can be
protected against normal use (including what I consider the 'power
users' here).  I know how to defeat User Level Security, but it's not as
simple as linking a table. ;)

Drew

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of A.D.TEJPAL
Sent: Friday, September 07, 2007 2:21 PM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] Transactions

    Evidently, for an access application, where all users have to be
able to selectively
read/write/edit the source table, mere dependence upon user level
security can not suffice. It becomes virtually redundant as table level
permissions for all users look alike. Dynamic creation of varying number
of new tables with different permissions does not afford a practicable
alternative.

    In such a situation (requirements outlined in my previous post, in
the context of sample db named NotesHierarchical), the optimum solution
involves enforcement of rules at the interface level. Simultaneously,
all possible safeguards should be incorporated for preventing direct
user access to tables. Though not completely proof against some one with
malafide intentions having necessary skill, it should take care of
normal users. 

A.D.Tejpal
--------------


The information contained in this transmission is intended only for the person or entity to which it is addressed and may contain II-VI Proprietary and/or II-VI BusinessSensitve material. If you are not the intended recipient, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. You are notified that any review, retransmission, copying, disclosure, dissemination, or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited.

More information about the AccessD mailing list