[AccessD] Lightweight security

John Colby jcolby at colbyconsulting.com
Sat Oct 18 10:27:28 CDT 2003


Folks,

I am working on my Light Weight Security system and am looking for beta
testers, i.e. people who would like an interface level security system such
as I am designing.  This email will briefly outline how things work so that
you can decide whether you would like to test it.  I am looking for
PROGRAMMERS as beta testers.  LWS is currently a "monitor" only system, i.e.
it doesn't directly affect the form or control, it only allows the developer
to ask questions like "should this user (belonging to this set of groups) be
allowed to open the form, see this control" etc.  Thus the developer needs
to be capable of writing code to query the classes and apply the answer as
(s)he sees fit.  I may, at a later date, add the ability to have LWS
actually set the properties discussed below which would allow use with less
programming but for now that isn't in place.

LWS is designed to restrict basic operations on forms and controls.  The
form operations / properties that it will affect are Open form, Edit record,
Delete record and Add record.  The control properties affected are Enabled,
Locked, and Visible.

LWS is NOT designed to replace Access' (or SQL Server's) security.  LWS is
designed to allow the developer to restrict operations at the INTERFACE
level, i.e. who can open forms, who can edit records in a given form, who
can SEE a given control on a given form, who can EDIT data in a given
control on a given form.  These are fundamentally different issues than the
built in DATA security that Access and SQL Server provide.  I designed LWS
because my clients asked for things like "only allow certain users to be
able to see (or use) this control" or "only allow certain users to be able
to open this form" etc.

As an example I occasionally have controls that reassign child records to
parent records (change the parent).  This is a "Supervisor only" operation
and requires either going directly into tables, or building specific forms
if I don't have a system like LWS.  with LWS I can set the control Invisible
as the form opens unless the user belongs to the Supervisor (or
Administrator) group.

LWS is designed around a Users / Groups metaphor similar to Windows NT/2K/XP
etc.  Users exist but don't directly have any innate abilities.  Users
belong to Groups.  Groups can do things.

There are a set of tables that support the LWS system:

uSysLWSUsers contains user information - Name, PEID (mapped to your
Personnel ID if you desire) and password hash (MD5).
usystblLWSGroup contains group information - Name and the 2^x bit that is
used for mapping it's abilities later.
usystblLWSGroupUser contains mappings of users to groups.  A simple m-m
uSysLWSUsers and usystblLWSGroup.
MsysForms contains form security information - Form ID, Form name, Open,
Edit, Add and Delete maps.
MsysControls contains control security information - Form ID, Control name,
Enabled, Locked and Visible maps

There are a handful of forms to support LWS:

usysfrmLWSLogin - The login form.
usysfrmLWSUsers - The form for setting up users.
usysfrmLWSGroups - The form for setting up groups.
usyssfrmLWSGroupUser - The form for mapping groups to users.
usyssfrmLWSUserGroup - The form for mapping users to groups.
usysfrmLWSSetupFrmSecurity - The form that assists the developer in setting
up form security

LWS is NOT finished, but all of the basic tables are in place, I am using
the login in my apps, and the code to monitor forms is up and functioning.
The code to monitor controls follows the same form and will be available
within the next week or two.

LWS will be a library (MDA for now) with full source code available to beta
testers.  Please remember, I am looking for "code jocks" for now.    You
should be comfortable instantiating classes, calling class methods and
setting class properties, manipulating form and control attributes via VB
etc.

I will ask for a NDA since ya never know...

Beta testers will be given a single developer license to use the finished
product, which is more than MS gives you!

I think this should give enough information to allow you to decide whether
you are interested.  If you are interested, please contact me OFF LIST at
LWS at colbyconsulting.com.

John W. Colby
www.colbyconsulting.com




More information about the AccessD mailing list