|
Hi.
I have a VS2008 WinForms application and an Access database. So far everything is fine. Now, I am required only to give authenticated users of my application read/write access to the database, whileother users should have read access only. Which is the best (simplest) way to do this?
Regards,
Gudni
G.Sig | | Gudni G. Sigurdsson Wednesday, September 02, 2009 3:28 PM | Hi Gudni, Since you're working on an Access 2007 database, you may want to take a look at this article first (if you haven't yet): Security Considerations and Guidance for Access 2007. The Jet User-Level security features DeborahK mentioned have been removed starting Access 2007 DB formats (if you use Access 2003 DB files in 2007 Application, you still have it, as mentioned in the article above). Based on your description, I think the easiest way to go is: 1. Add a form that acceptions username/password or anonymous logon. 2. Based on the logon state, enable/disable the UI elements (menus, buttons, etc.) so onymous users can update the data but anonymous users cannot. Not sure about the scale of your application, but you may also consider data-bind your data update related controls to the logon status. Regards, Jie
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback, please tell us.
The CodeFx Project
My Blog (in Simplified Chinese)- Marked As Answer byKira QianMSFT, ModeratorFriday, September 18, 2009 9:33 AM
-
| | Wang, Jie Monday, September 07, 2009 1:48 PM | There is supposed to be a User-Level Security Wizard in Access. I have never used it (and it is out of scope of this forum), but you may want to check it out. Here is more information: http://office.microsoft.com/en-us/access/HA010345391033.aspx Hope this helps.
www.insteptech.com ;
msmvps.com/blogs/deborahk
We are volunteers and ask only that if we are able to help you, that you mark our reply as your answer. THANKS! | | DeborahK Wednesday, September 02, 2009 3:53 PM | Hi Gudni, What version of Access database are you using (2000, 2002-2003, 2007)? Does your current application have any authentication features, like users are required to logon? Is the authentication based on Windows authentication or you madeyour own? The answer depends on the facts of your current application and how "secure" you want to make it to be. Regards, Jie MSDN Subscriber Support in Forum If you have any feedback on our support, please contact msdnmg@microsoft.com
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback, please tell us.
The CodeFx Project
My Blog (in Simplified Chinese) | | Wang, Jie Thursday, September 03, 2009 6:33 AM | Hi Jie.
Thank you for your answer.
I am using Access 2007. My application does not have any authentication features yet. My security requirements are not very stringent. The users of my application belong to one of two classes (roles): some ofthem (few) need tocreate, read, update or delete (CRUD) records in the database while others (many) need only to read from the database. My aim is merely to guard against accidental modifications to the data by users of the second kind.
The application runs on a company´s local network and I do not have toexpect maliciuos attacks on the database. Therefore, my authentication can berather simple: some kind of login form where the user either logs in anonymously or presents a name/password combination.
I thought maybe I could specify the kind of access given to the user through the database connection string. Presently it looks like this:
Provider=Microsoft.ACE.OLEDB.12.0;Data Source=F:\Haspennustrengir\Gogn\Haspennustrengir.accdb;Persist Security Info=True
Regards.
Gudni G. Sigurdsson | | Gudni G. Sigurdsson Thursday, September 03, 2009 8:23 AM | Hi Gudni, Since you're working on an Access 2007 database, you may want to take a look at this article first (if you haven't yet): Security Considerations and Guidance for Access 2007. The Jet User-Level security features DeborahK mentioned have been removed starting Access 2007 DB formats (if you use Access 2003 DB files in 2007 Application, you still have it, as mentioned in the article above). Based on your description, I think the easiest way to go is: 1. Add a form that acceptions username/password or anonymous logon. 2. Based on the logon state, enable/disable the UI elements (menus, buttons, etc.) so onymous users can update the data but anonymous users cannot. Not sure about the scale of your application, but you may also consider data-bind your data update related controls to the logon status. Regards, Jie
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback, please tell us.
The CodeFx Project
My Blog (in Simplified Chinese)- Marked As Answer byKira QianMSFT, ModeratorFriday, September 18, 2009 9:33 AM
-
| | Wang, Jie Monday, September 07, 2009 1:48 PM |
|
index > Windows Forms Data Controls and Databinding > Make an Access database readonly