A.D.TEJPAL
adtp at airtelbroadband.in
Fri Sep 7 14:21:19 CDT 2007
Evidently, for an access application, where all users have to be able to selectively read/write/edit the source table, mere dependence upon user level security can not suffice. It becomes virtually redundant as table level permissions for all users look alike. Dynamic creation of varying number of new tables with different permissions does not afford a practicable alternative. In such a situation (requirements outlined in my previous post, in the context of sample db named NotesHierarchical), the optimum solution involves enforcement of rules at the interface level. Simultaneously, all possible safeguards should be incorporated for preventing direct user access to tables. Though not completely proof against some one with malafide intentions having necessary skill, it should take care of normal users. A.D.Tejpal -------------- ----- Original Message ----- From: Drew Wutka To: Access Developers discussion and problem solving Sent: Friday, September 07, 2007 20:29 Subject: Re: [AccessD] Transactions It is possible, but not feasible. User level security only goes to table level, so to do what you want you would need to create new tables for the records you want protected with different permissions. You can create tables, and set their permissions on the fly, but honestly, with that level of security, it makes more sense to go with a more robust security system. Drew -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of A.D.TEJPAL Sent: Friday, September 07, 2007 9:02 AM To: Access Developers discussion and problem solving Cc: A.D.TEJPAL Subject: Re: [AccessD] Transactions Drew, It needs to be examined whether user level security, applied at table level, can handle conditional rights at record level. Let us consider the following situation, where a finer control is needed as compared to conventional permissions for table as a whole. Given: Common data table where all executive level officers in the organization (including the top boss) enter / save / edit periodical performance notes for employees under their respective chains of command. Powers bestowed upon various executives are governed by the assigned level. For example, assigned level for top boss (say president) is 1, while that for each of the vice presidents (two or more) it is 2, for senior managers it is 3 and so on. There is no limit to the number of levels that could possibly exist in an organization. Objectives: (a) Each executive can enter and save periodical notes for all employees under his direct chain of command. (b) Each executive can edit the notes already entered & saved by him/her, provided the given record has not yet become history. (c) A record becomes history when the note is marked as having been sent. Once a record becomes history, it can not be edited and can not be reset as active record (by marking as not sent). (d) Each executive can view the notes recorded by all those below him in his direct chain of command. For example if Vice President 1 (VP1) has Mark as a senior manager directly under his control, he can view the notes recorded by Mark as well as by all those under Mark's direct chain of command. However VP1 can not view the notes recorded by Mary and those under her chain of command, if Mary is a senior manager working under VP2. Of course VP1 can not view the notes recorded by VP2 (and those below him) and vice-versa (being at same level). (e) Though in a position to view, no senior can alter the notes recorded by his juniors. Only the person who recorded the original note, can edit it (if not yet history). As supplementary action, the senior can record his own notes as required. (f) Once a note pertaining to a particular employee becomes history, no fresh back dated note for this particular combination of employee & noting official can be recorded. In view of what you have stated, could you kindly examine whether you are in a position to suggest a solution meeting the listed objectives, based purely upon user level security as applied to the above table. In this case, all users have to be able to selectively read/write/edit the said table. Best wishes, A.D.Tejpal -------------- ----- Original Message ----- From: A.D.TEJPAL To: Access Developers discussion and problem solving Sent: Thursday, September 06, 2007 23:25 Subject: Re: [AccessD] Transactions Thanks Drew! I agree. This being a sample db, full access is available to all objects. For regular use, it will have to be converted to mde along with safeguards preventing direct user access to tables. Best wishes, A.D.Tejpal -------------- ----- Original Message ----- From: Drew Wutka To: Access Developers discussion and problem solving Sent: Thursday, September 06, 2007 20:48 Subject: Re: [AccessD] Transactions A.D., I took a look at your sample. It's nice, but the 'rules' you mentioned are only enforced at the interface level. Hitting F11 let's you go make any change to the table that you want. You could prevent that with User Level security on the tables. Drew -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of A.D.TEJPAL Sent: Thursday, September 06, 2007 12:03 AM To: Access Developers discussion and problem solving Cc: adtejpal at gmail.com Subject: Re: [AccessD] Transactions Arthur, My sample db named NotesHierarchical might be of interest to you. It is available at Rogers Access Library (other developers library). Link - http://www.rogersaccesslibrary.com/OtherLibraries.asp#Tejpal,A.D. In this db, meant for recording employee's performance notes, the notes table, has a Yes/No field named Sent. Once Sent is set to true, the note in question can no longer be edited, even by the person who recorded it originally. More-over, once set to True, it can no longer be re-set to False and no back dated note can be created. The sample is in Access 2K file format. Reference: DAO 3.6 Best wishes, A.D.Tejpal ---------------