D347HxD D347HxD - 1 month ago 7x
SQL Question

User level security?

I have a table that has usernames, passwords, and a yes/no column for isadmin.

How do I make it so if they login with an account that has a check mark under "isadmin" they get access to design view, the ribbon, etc? Though if they log in with an account that doesn't have a check mark under the isadmin box they only can view the forms, not edit them, and the ribbon is inaccessible?

I just don't know where to start, as I had assumed there was a way to save the database as a seperate copy that only users can view forms in, and if the admin runs his copy he gets all the changes to the tables (via the forms) the users made. So when the admin edits a form, and saves it it doesn't remove all the user's data as when it was saved, it was saved to the admin's copy too. I'm really confused.

I am using Access 2013


This is a simple solution for user level security being removed in newer releases of Access; using a lot of VBA.

STEP 1: Creating The Table

First, create a table. I will name mine LogininfoT. Now, for the columns inside of the table, name them EmployeeID, LoginID, LoginPassword, EmployeeName, and lastly IsAdmin. Make EmployeeID your key, and IsAdmin a YES/NO field.

For testing, add two users to this table. With this information:

EmployeeID LoginID LoginPassword EmployeeName IsAdmin
1          1111    1234          Bob          [x]
2          2222    1234          Stewert      [ ]

STEP 2: Creating The Forms

Now that we have the table made, let's design the form to use this set of data.

I will name my form LoginF. Go into design view, and slap down a text box, a combo box, and a button. For the combo box rename the text to say something like Login ID (you can change this to whatever fits your need) and for the text box, put the text as Password (once again, change this to whatever you want it doesn't effect the outcome). The text in the button can be whatever you want, I will be putting Login on it.

Click the combo box and rename it. I will be naming it LoginCmBx. Next, click the text box and rename it, I will be naming it PasswordTxt. Lastly, click the button and rename it, I will be naming it LoginBtn.

Click the combo box again and under the event tab, go into the After Update scripting. Use code and type this in:

Private Sub LoginCmBx_AfterUpdate()


End Sub

This makes it so after you select a username, it automatically puts the focus onto the password text box so you can start typing right away without using TAB on your keyboard, or using your mouse.

Next, go to the button and under the event tab, go into the On Click scripting. Use code and type this in:

Private Sub LoginBtn_Click()

    If IsNull(Me.LoginCmBx) Or Me.LoginCmBx = "" Then
      MsgBox "You must enter a User Name.", vbOKOnly, "Required Data"
        Exit Sub
    End If

    If IsNull(Me.PasswordTxt) Or Me.PasswordTxt = "" Then
      MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
        Exit Sub
    End If

    If Me.PasswordTxt.Value = DLookup("LoginPassword", "LoginInfoT", _
            "[EmployeeID]=" & Me.LoginCmBx.Value) Then

        EmployeeID = Me.LoginCmBx.Value

           On Error Resume Next
           DoCmd.DeleteObject acQuery, "IsAdminQ"
   On Error GoTo Err_LoginBtn_Click

   Dim qdef As DAO.QueryDef
   Set qdef = CurrentDb.CreateQueryDef("IsAdminQ", _
                                       "SELECT IsAdmin " & _
                                       "FROM LoginInfoT " & _
                                       "WHERE EmployeeID = " & LoginCmBx.Value)

DoCmd.Close acForm, "LoginF", acSaveNo
        DoCmd.OpenForm "MenuF"
   Exit Sub
   MsgBox Err.Description
   Resume Exit_LoginBtn_Click

      MsgBox "Password Invalid. Please Try Again", vbOKOnly, _
            "Invalid Entry!"
    End If

End Sub

What this does is check if you selected a username, if not it spits out an error telling the user to select one. If you did, it checks if you entered a password. If they didn't, it spits out another error saying they didn't enter a password. If they selected both, and the password doesn't match the one in the table for the username you selected it spits out an error saying you got the password wrong. If you got the password right to the username you selected, it logs you in. It will then close the current form you are on, and open up a new one named "MenuF" it will also create a query with that little bit of information under the username you selected, either if it's an admin or not.. We haven't created MenuF yet, so lets quickly do that. We aren't done with LoginF just quite yet though, so be prepared to come back to that later!

Create the form, and put down a button. Here is your menu form, you can create as many buttons as you want going to other forms or even just put a subform on here and have your entire database. Taht button you put down, you can name the text to whatever you want. I put mine as Log out. Name the button MenuLogOutBtn. Go into the event tab, and under the On Click scripting click code and type this in:

Private Sub MenuLogOutBtn_Click()
   DoCmd.DeleteObject acQuery, "IsAdminQ"
           DoCmd.OpenForm "LoginF"
           DoCmd.Close acForm, "MenuF", acSaveNo
End Sub

What this does is delete the query the login button created, opens the login form again, and closes the menu. Simple!

Now I need you to throw down a checkbox, and name it MyCheckbox. This box requires no special coding, or control sources. Though I do suggest changing visible as no, and deleting the text that comes along with it.

Now, go to the form's event properties and under the Open scripting go to code and type this in:

Private Sub Form_Open(Cancel As Integer)

  Me.MyCheckbox.Value = GetLoginStateIsAdmin()

  If GetLoginStateIsAdmin = True Then
Me.ShortcutMenu = True
DoCmd.ShowToolbar "Ribbon", acToolbarYes
DoCmd.ShowToolbar "Menu Bar", acToolbarYes
Application.SetOption "ShowWindowsinTaskbar", True
DoCmd.SelectObject acTable, , True
Me.ShortcutMenu = False
DoCmd.ShowToolbar "Ribbon", acToolbarNo
DoCmd.ShowToolbar "Menu Bar", acToolbarNo
Application.SetOption "ShowWindowsinTaskbar", False
DoCmd.NavigateTo "acNavigationCategoryObjectType"
DoCmd.RunCommand acCmdWindowHide
  End If

End Sub

What this does is checkbox's information which is attached to query's IsAdmin column and give GetLoginStateIsAdmin that boolean variable. After it does that, it starts a simple If statement that turns off menu bars and disabled right click if you aren't an admin; if you are, it allows you do right click and all menu bars are visible.

Though if you didn't notice yet, our checkbox doesn't get the information from the query yet! Oh no!

STEP 3: Creating The Public Modules

If you were on your toes, you would notice even the login code wouldn't work at this point. First, we need some public modules. Go to the Create tab in the ribbon, and create a module. Type this in:

    Public EmployeeID As Long

Save this module as LoginModule.

Create another module, and type this in:

    Function GetLoginStateIsAdmin()
      Dim rst As DAO.Recordset

      Set rst = CurrentDb.OpenRecordset("IsAdminQ")
      GetLoginStateIsAdmin = Nz(rst(0), False)

      Set rst = Nothing
    End Function

Save this one as GetAdmin.

Lets create one more module; so the user opening the database can't by bass stuff by using the shift key to launch it.

Type this in it:

Function ap_DisableShift()
'This function disable the shift at startup. This action causes
'the Autoexec macro and Startup properties to always be executed.

On Error GoTo errDisableShift

Dim db As DAO.Database
Dim prop As DAO.Property
Const conPropNotFound = 3270

Set db = CurrentDb()

'This next line disables the shift key on startup.
db.Properties("AllowByPassKey") = False

'The function is successful.
Exit Function

'The first part of this error routine creates the "AllowByPassKey
'property if it does not exist.
If Err = conPropNotFound Then
Set prop = db.CreateProperty("AllowByPassKey", _
dbBoolean, False)
db.Properties.Append prop
Resume Next
MsgBox "Function 'ap_DisableShift' did not complete successfully."
Exit Function
End If

End Function

Save that as ShiftModule.

We are done the modules! Lets go back to the LoginF now.

STEP 4: Finishing Up LoginF

Go to the form's event tab, and click the on load scripting. Click code, then type this in:

Private Sub Form_Load()
   On Error Resume Next
   DoCmd.DeleteObject acQuery, "CustomerMoreInfoQ"
End Sub

What this does is make sure that the query the login button creates is deleted when this form starts up, just in case the user closes the database without logging out. So if you click login, it won't cause errors because the query isn't still there.

STEP 5: Testing It Out.

Run the form LoginF in form view, and select Bob as the username. Type in the password 1234 into the password text box, and click login. It should open up the MenuF and you see all menus and you can right click. Good. Now, log out and login with Stewert, using the same password. Now you see all the menus remove themselves, and you can't right click! Yay!

For extra security, in the LoginF's Other tab, make sure Shortcut Menu is set to No. This will set right click to be disabled always; as you aren't logged in as a user at this point. It doesn't know if you are an admin or not.

STEP 6: Disabling The Toolbars On Start Up & launching LoginF On Start Up.

Go to File > Options > Current Database.

Under Display Form, select FormF. Under the Navigation section, unclick Display Navigation Pane.

Click okay, then go back to LoginF; go into the On Load code and add this just before the End Sub:

DoCmd.ShowToolbar "Ribbon", acToolbarNo

You are done! Save your database, then close it and open it again. It should load the LoginF form where you can't right click, there are no menus etc. The only way to get the menus to edit things is to log into an admin account!

Step 7: Expanding

This doesn't automatically expand the more you add forms though. You need to add that checkbox named MyCheckbox (I suggest copy + pasting it) to each form you add, and add this code to each form you add:

Private Sub Form_Open(Cancel As Integer)

  Me.MyCheckbox.Value = GetLoginStateIsAdmin()

  If GetLoginStateIsAdmin = True Then
Me.ShortcutMenu = True
Me.ShortcutMenu = False
  End If

End Sub

Though once you do that to every form, the security works and you need to log in to an admin account to change anything. If you are just a user, you can use the form normally (click buttons, edit data on subforms, etc) You can't edit the form it self though.