[AccessD] Access 2013 -- MDB Back Ends Dead?

Arthur Fuller fuller.artful at gmail.com
Tue Jul 24 07:45:09 CDT 2012


I think that I disagree on that point, JC. I much prefer to assign users to
Roles on the database level. I have even found that Roles are additive, or
perhaps cumulative is a better word. For example, within a given database,
you could create a Role called Sales, with just enough rights to create new
sales orders and look up existing sales. Above that, you could have another
Role called SalesManager, with all the Sales rights and some additional
ones such as the ability to view the performance reports on all Sales
people. And above that, a SeniorManagement Role that can do everything
Sales and SalesManager can do, plus some additional stuff.

The main reason I like to do it this way is

In a multi-company scenario, Company A's Roles could be restricted
completely to that company's database, and similarly for Companies B and C.

And meanwhile, godlike being that you are, you can do Anything.

A.

On Mon, Jul 23, 2012 at 9:07 PM, jwcolby <jwcolby at colbyconsulting.com>wrote:

> Not so fun however when you are giving unknown / barely known users /
> machines access to your business server.  Better to have an Access Fe
> installed on the user's machine coming in under a single SQL Server user /
> group which is precisely controlled what it is allowed to do.
>
>
>


More information about the AccessD mailing list