Username and Password Login 1

[allenEd]

Hi,

I am trying to make a form which askes for a username and password, (for sales agents, already entered in table). Their usernames and passwords all in a table called tblAgents.

If the username and password is correct, another form will open with a link to the Agent ID...

Can anyone help or give me a clue as to the coding.

Thanks in Advance.
(Access2000)

Allen.

 

[LittleSmudge]

Why 'invent' a security system of your own when Access offers a standard security model that will do everything that you need ( and more ) ?




G LS
accessaceNOJUNK@valleyalley.co.uk
Remove the NOJUNK to use.

 

[allenEd]

Thanks,

OK...How do I reference the agentID in the main database?

any help appricated.

Allen

 

[LittleSmudge]

It depends on where you are, what you're trying to do with it, which table it is in, .. .. etc.


G LS
accessaceNOJUNK@valleyalley.co.uk
Remove the NOJUNK to use.

 

[TorF]

I'm interested too to know how recognize the user that is logued ( and that open a form for example).

Is it possible the get the login name of user ?

 

[TorF]

Ho there is the CurrentUser method :

You can use the CurrentUser method to return the name of the current user of the database.

Is there is a method to get the group of the CurrentUser ?

 

[LittleSmudge]

The current user can be a member of many groups at any one time.

So "THE group of the current user" is meaningless.

However, you can check to see if the current user is a member of a specified group :-


Put this code in a global module

Public Function InGroup(strGroupName As String) As Boolean
' This function will return TRUE IF the current user is a member of a _
security user Group with a name matching the string provided in the argument.
Dim wrk As Workspace
Dim grpLoop As Group
Set wrk = DBEngine.Workspaces(0)
InGroup = False
For Each grpLoop In wrk.Users(CurrentUser()).Groups
    If grpLoop.Name = strGroupName Then
        InGroup = True
        Exit Function
    End If
Next

End Function

( This is DAO code so if you are using A2k or beyond - either link in the DAO 3.6 library or convert it to ADO )


Then call it using

If InGroup("TestGroup") Then
    ' These lines will execute
    ' if the CurrentUser() is a member of TestGroup
Else
    ' Other actions
EndIf

'ope-that-'elps


G LS
accessaceNOJUNK@valleyalley.co.uk
Remove the NOJUNK to use.

 

[TorF]

Yes that is very interresting !
That is a big part of what I need

Furthermore, how get the permissions the CurrentUser has for a particulary table, query, form etc. ?
For example, if the current user can read (write or update, etc.) the table "myTable1".

Regards

 

[LittleSmudge]

Are you sure that you Want / Need to

The security system itself will take care of that.

It is possible, of course, but before you go off writing a lot of code to do it - consider carefully why you need to.
At one level - if you know a Group that the CurrentUser() is a member of then you automaticlly know what permissions that user has for any given table ( Unless you change the Group Permissions without updating the code etc. ).



G LS
accessaceNOJUNK@valleyalley.co.uk
Remove the NOJUNK to use.

 

[TorF]

Ok.

But isn't it possible to modify permissions for a specific user ?
For example a user is in group AllForms, and this groups allows to run and modify all forms.
Is it possible to modify the permission of this user (and only this user) for a particulary form myForm, and don't give any permissions to it ?

I want to know something else :
A user can be a member of many groups.
Finals permissions accorded to this user are the "sum" of all permissions of all these groups ?

Thanks

 

[LittleSmudge]

It is POSSIBLE but that certainly does NOT mean it is preferable.

The overall permission a user has is the sum of all the permissions that they get from being members of the groups that they belong to and any additional permissions that they have in their own right.

Granting permissions to an individual user is POSSIBLE but expressly advised against in the Security Documentation

There is no way to 'remove' a permission that a specific user has by way of their membership of a group - other than to revoke their membership. That is the whole point of, and the power behind, the User/Group level security structure.



G LS
accessaceNOJUNK@valleyalley.co.uk
Remove the NOJUNK to use.

 

[RobPotts]

Hi,

I've been looking at user security, and wanted to list all users and there associated groups. I was given the code in
Thread702-408148

This puts all users and groups in a table. I've then got a mainform subform set up so I can select a user and the subform dispalys all their groups.

Rob! [Bigcheeks]
Process and Procedure are the last hiding place of people without the wit
and wisdom to do their job properly.

 

[LittleSmudge]

If you want documentation of the users and groups and their permissions for database objects :-
Goto the Tools menu, Analyse, Documenter option
In the options tab select only the "Permissions By User and Group" option

Select the objects you want to analyse and click on Okay.



Note:- If you are not careful about how you decide on the option you want reporting - this facility eats trees !



'ope-it-'elps.

G LS
accessaceNOJUNK@valleyalley.co.uk
Remove the NOJUNK to use.

 

[TorF]

Ok, Thanks LittleSmudge.
So it's possible to add supplementary permissions to a specific users, even if it's NOT recommended.

Yes "specials" permissions (example: a permission accorded just for 1 user) appears in documenter option.

How is it possible to obtains programmatically the same information ?
ie: permissions with tables, reports, forms, etc, for a specific user or group

In fact I will distribute copies of my Access database to many users, and they will be Administrators. They will have to give logins and permissions to many users.
So I want to prevent a maximum of "mistakes"...
For example by hiding forms and buttons that give access to a banned table by security. Avoiding messages like "You don't have permissions for..." etc.

Regards

 

[LittleSmudge]

If you are distributing copies to others who will become 'miniAdministrators' then I'd suggest it is EVEN MORE important to avoid giving users any direct permissions.
Set up plenty of Groups with useful/meaningful names and teach the miniAdministrators to allocate users to groups. Do not let then control users permissions ( This is a permission setting in its own right ! )


G LS
accessaceNOJUNK@valleyalley.co.uk
Remove the NOJUNK to use.

 

[JeremyNYC]

Yeah, I couldn't agree more with what LittleSmudge is saying. There is NO REASON AT ALL to give permissions to a user. If you must, create a group and make that person the only member of the group. Then, when you can that person for messing with the database, you'll be able to just drop them from the group, and add your little brother, who you have hired by then.

Jeremy =============
Jeremy Wallace
Designing, Developing, and Deploying Access Databases Since 1995

http://www.AlphaBetCityDataworks.com

Take a look at the Developers' section of the site for some helpful fundamentals.

 

[TorF]

I'm completely agree with you, give a permission to a specific user is very bad.

But you know that creating a program is not only to code what the final user is supposed to do.
It's essentialy protect what the final user is NOT supposed to do.

Yes I'll give a nice set of groups, already usefull.
But what the final administrator user will made with it...

There isn't only the problem to give permissions to specific user, but administrators will can directly modify permissions of group(s)...

So how obtain promgramatically the specifics permissions (for each objet in database -table, form...) of the current user ?

 

[JeremyNYC]

Ahhh! Sorry, I don't know. I'm sure there's code out there to do it, though. You might be able to use the documenter and pull apart the report and see where it's getting it's data. But I'm SURE someone's written code to do that. It might even be in Rick Fisher's Find and Replace--I know it has some good documentation features.

Jeremy =============
Jeremy Wallace
Designing, Developing, and Deploying Access Databases Since 1995

http://www.AlphaBetCityDataworks.com

Take a look at the Developers' section of the site for some helpful fundamentals.

 

[TorF]

Finally I found information to get user permissions for a particulary object - using user groups permissions and specifics user permissions.

===========
Source from "Frequently Asked Questions About Microsoft Access Security for Microsoft Access versions 2.0 through 2000"
URL =>

http://support.microsoft.com/default.aspx?scid=/support/Access/Content/SECFAQ.asp

Content => 17. How can I retrieve the "most restrictive" permissions for attached tables?

===========
Usage:
If GetPermission(CurrentUser(), poTables, "MyTable&quot And dbSecDeleteData Then
Debug.Print "User can delete data"
End If


Public Enum PermissionObject
poDatabases
poForms
poModules
poReports
poTables
End Enum

Public Function GetPermission(UserName As String, ObjectType As PermissionObject, ObjectName As String) As Long
Dim db As Database
Dim doc As Document
Dim group As group

Set db = CurrentDb()

'Get document
Set doc = GetDocument(db, ObjectType, ObjectName)
If doc Is Nothing Then
GetPermission = 0
Exit Function
End If

'Get explicit permissions for document
doc.UserName = UserName
GetPermission = doc.Permissions

'Add permissions for each group where user is a member
For Each group In DBEngine(0).Users(UserName).Groups
doc.UserName = group.name
GetPermission = GetPermission Or doc.Permissions
Next group
End Function

Private Function GetDocument(db As Database, ObjectType As PermissionObject, ObjectName As String) As Document
Dim con As Container

Set GetDocument = Nothing
Set con = GetContainer(db, ObjectType)

If Not con Is Nothing Then
On Error Resume Next 'if Object doesn't exists
Set GetDocument = con.Documents(ObjectName)
End If
End Function

Private Function GetContainer(db As Database, ObjectType As PermissionObject) As Container
Select Case ObjectType
Case poDatabases
Set GetContainer = db.Containers!Databases
Case poForms
Set GetContainer = db.Containers!Forms
Case poModules
Set GetContainer = db.Containers!Modules
Case poReports
Set GetContainer = db.Containers!Reports
Case poTables
Set GetContainer = db.Containers!Tables
Case Else
Set GetContainer = Nothing
End Select
End Function

===========
Object Microsoft Access permission Microsoft Jet permission constant (Source MSDN)

Database
Open/Run dbSecDBOpen
Open Exclusive dbSecDBOpenExclusive
Administer dbSecDBAdmin
Tables and queries
Read Design dbSecReadDef
Modify Design dbSecWriteDef
Administer dbSecFullAccess
Read Data dbSecRetrieveData
Update Data dbSecReplaceData
Insert Data dbSecInsertData
Delete Data dbSecDeleteData
Forms and reports
Open/Run acSecFrmRptExecute
Read Design acSecFrmRptReadDef
Modify Design acSecFrmRptWriteDef
Administer dbSecFullAccess
Macros Open/Run acSecMacExecute
Read Design acSecMacReadDef
Modify Design acSecMacWriteDef
Administer dbSecFullAccess
Modules
Read Design acSecModReadDef
Modify Design acSecModWriteDef
Administer dbSecFullAccess