login screen with password

[aspnetuser]

I need to develop a username and login screen that assigns some type of variable that I can use to query off of.

I need to login and have a user only access certain records from a table ?

How can I do this, many users will access this at once but query a different number based on the userid?

i am using access project 2002.

regards,

 

[JeremyNYC]

What back end are you using? Jet (native access tables) has security built into it, as does sql server and just about any other back end you might want to use.

It's always best to use what's built in, otherwise you end up attempting to recreate something that a serious development team has put together over the course of many years.

Jeremy

---
Jeremy Wallace
METRIX Project Coordinator
Fund for the City of New York

 

[aspnetuser]

I am using sql as a backend. What I need to do is assign session variables to users logging in. I am more familar with ASP web programming so i am assuming when i say session variables in access it would be a userID?

How can I approch this, basically the users loggin into the adp should only be able to see records tagged with their userid number? does that make sense, is that a good way to design the backend db? suggestions on that or how to approch the login would be greatlty appreciated.

regards,

 

[txaccess]

I have written a similar security function. I built a login screen and a sub-form that uses the UserName & Login name to get the data from the M_tblUser table. Once a valid UserName & Password are entered, the Login form is set to Sys_frmLogin.Visible = False

When a user accesses a screen I interrogate the Login form to see their access level. They may be able to view all data, groups of data or only the records tagged as owned by that user.

Your idea works fine for me. Hope it works for you too.

I haven't failed, I have just found 10,000 ways that it won't work!

 

[aspnetuser]

txaccess, sounds great. I am stuggling with implementing mine. Is their any way I could see a sample of it. Maybe by email or some code?

please let me know.

I can share with you what i have done to day. Login code using user tables, but nothing like a subform and user level.

thanks.
regards,

 

[txaccess]

I am busy this morning, but I will get some details to you this afternoon

I haven't failed, I have just found 10,000 ways that it won't work!

 

[txaccess]

Okay, let me try to explain how I did this.

Firstly, I have an unbound form names Sys_frmLogin. The user types in their User Name and Password (txtUserName & txtPassword). These two fields are linked to a sub form which is set to Visible = False. The subform is bound to the Sys_tblUser table which records all active users, user names, passwords and access rights etc.

txtUserName & txtPassword are the master fields to the linked child fields in the sub form. Therefore, if the user types in the correct UN and Pwd, then the subform will populate. If the subform recordset is 0, I display a message box informing the user that their UN and/or Pwd is wrong & increment a counter - at a system defined number, the user is locked from further login attempts to prevent a hacker from guessing all day!!!

The <Login> command button then enables, the user clicks the cmdLogin button and this sets the form to Visible = False. This means that the form is active and that the fields can be referenced.

Sys_frmLogin references certain fields from the subform such as;

UserAccessLevel (all records, owned records etc)
ModuleAccessRights
UserRole (Admin, user, developer etc)

Each main level screen interrogates Sys_frmLogin to check what options to display and what query to execute. E.g.

Attached to the OnOpen Event
Dim Whatever needs dimming

Select Case UserAccessLevel

Case 1
Me.ResourdSource = “Insert SQL Query here;”
Me.Module1.Visible = True
Me.Module2.Visible – False
Etc.

Case 2

Me.ResourdSource = “Insert SQL Query here that queries only the records owned by the user;”
Me.Module1.Visible = False
Me.Module2.Visible – True
Etc.

End Select

Hope that this helps explain. I am playing with creating a global class module that takes the login variables and these are referenced rather than the invisible form. It just sounds more efficient that way, but the first model works great for me.

I haven't failed, I have just found 10,000 ways that it won't work!