Introduction.
In a secured database, basic access rights to objects—such as Tables, Forms, Queries, and Reports—are defined for specific Workgroups or Users as a one-time setup. These permissions take effect automatically when a User belongs to a particular Workgroup for the database objects.
For example, if the Employees Table is configured to allow only Read Data permission for the Group-A Workgroup, any User in Group A cannot update, insert, or delete records when opening the Employees Form (with the Employees Table as its Record Source) or when accessing the Table directly.
If you want to make this scenario more flexible—for instance, to allow Users to update data—this can be enabled in the User and Group Permissions control under the Security option in the Tools menu.
In this case, all Users belonging to the Group-A Workgroup can edit and update all data fields of the Employees Table. Normally, Users are not allowed to open Tables directly; instead, they interact with the data through Data Entry, Edit, or Display Forms, which gives the Developer greater control over how the data is accessed and modified.
When the Update Data permission is assigned, Users can modify all fields in the Table. However, if we want to prevent Users from changing certain specific fields, this cannot be enforced using the standard security methods described above.
Field-Level Security Implementation.
This level of security can be implemented only through Visual Basic Programs. This method can be implemented in the following way:
When the Employee Form is opened by the User for normal work, we can get the User Name through the CurrentUser() Function.
The next step is to check whether this User belongs to the Group-A Workgroup or not.
If so, then lock the Birth Date and Hire Date fields on the Form, so that the current user is prevented from making changes to these two field values.
We need two programs to try out this method:
A Function to check and confirm whether the User Name passed to it belongs to a particular Workgroup, if so, send a positive signal back to the calling program.
If the user is identified as a member of the Group-A Workgroup, then the Birth Date and Hire Date data fields are locked on the Form through the Form_Load() Event Procedure so that the current user cannot edit the contents of these fields.
If the user belongs to some other Workgroup, then the above fields are unlocked and allowed to edit/update.
The Demo Run.
To try this out:
Import the Employees Table and Northwind.mdb
Open an existing Standard VBA Module or create a new one.
Copy and paste the following Visual Basic Code into the Module and save it:
Public Function UserGroupCheck(ByVal strGroupName As String, ByVal strUserName As String) As Boolean Dim WrkSpc As Workspace, Usr As User On Error GoTo UserGroupCheck_Err Set WrkSpc = DBEngine.Workspaces(0) For Each Usr In WrkSpc.Groups(strGroupName).Users If Usr.Name = strUserName Then UserGroupCheck = True Exit For Else UserGroupCheck = False End If Next UserGroupCheck_Exit: Exit Function UserGroupCheck_Err: MsgBox Err.Description, , "UserGroupCheck_Err" Resume UserGroupCheck_Exit End Function
Open the Employees Form in Design View.
Display the Form's VBA Module (View - -> Code).
Copy and paste the following code into the VBA Module and save the Form:
Private Sub Form_Load() Dim strUser As String, strGroup As String, boolFlag As Boolean strUser = CurrentUser strGroup = "GroupA" 'replace the GroupA value with your own test Group Name boolFlag = UserGroupCheck(strGroup, strUser) If boolFlag Then Me.BirthDate.Locked = True Me.HireDate.Locked = True Else Me.BirthDate.Locked = False Me.HireDate.Locked = False End If End Sub
Open the Form in Normal View.
Try to change the existing values in the Birth Date and Hire Date Fields.
If the Current User name belongs to the Workgroup name you have assigned to the strGroup Variable, then the Birthdate and HireDate fields will be in the locked state.
Tip: Even if your database is not implemented with Microsoft Access Security, you can test these programs. Assign the value Admins to the strGroup variable in the above Subroutine. By default, you will be logged in as Admin User, as a member of the Admins Workgroup. This will lock both the above test fields from editing when the Employees Form is open.
No comments:
Post a Comment
Comments subject to moderation before publishing.