[AccessD] SPAM-LOW: Re: 2 Questions

Rocky Smolin rockysmolin at bchacc.com
Wed Mar 10 10:22:06 CST 2010 

Regarding access restrictions I tell users there are two approaches - one in
an environment where people might want to do mischief or go around the
rules, and one where people behave according to the rules.  Because my
restrictions are easily overcome - the passwords and access levels can be
changed just by opening the user table in the back end. 

In every one of my clients' cases, the open easily defeated access
restrictions are fine because everyone 'follows the rules'.  If they only
have read/write and need admin access, they won't change their level in the
back end just to get something done - they'll ask an admin level person to
do it.

In a large user environment like your insurance app, I'm sure this would not
be adequate protection against people who might want to cover their
mistakes, their tracks, or their ass.

R

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
Sent: Wednesday, March 10, 2010 7:46 AM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] SPAM-LOW: Re: 2 Questions

 > SO she deleted the ones from the query that she didn't want and printed
the rest - not knowing that when you delete records from a query you're
actually deleting them from the tables. A little knowledge...

ROTFLMAO!  That is one worth retelling.

I had a user discovered how to add fields to the table.  I found her adding
fields to the table. 
The hilarious part is that she was in the FE trying to add fields to the
table in the BE.

I quietly informed her that she is not allowed to do such things - that she
needs to ASK... , then I quietly informed her manager that she was trying to
do this and that she is not allowed to do such things.

It certainly sounds like you handle the "who is authorized" issue.

John W. Colby
www.ColbyConsulting.com


Rocky Smolin wrote:
> I routinely put login name and password in an app and each user has 
> read only, read/write, or administrator access.  So it's easy to 
> restrict specific functions to admin levels.  However, most of my 
> clients are small -
> 2-6 users, and I have not had anyone call up crying in their beer 
> about delete errors.
> 
...


> Rocky

--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.733 / Virus Database: 270.14.129/2605 - Release Date: 03/09/10
23:33:00

More information about the AccessD mailing list