| pblais@odstrategies.org 2006-12-23, 6:55 pm |
| On 23 Dec 2006 07:09:25 -0500, "Nelson Kaye" <nkaye1@nyc.rr.com>
wrote:
>I have a password record for each user in an app. The record enables the
>administrator to give access to various file maintenance activities. e.g..
>Employee Maintenance: add/change/delete/view or none of these
>
One common way to make a simple security system is using door access
where you can only enter certain procedures if you have a key for that
door. A child table could be made that has user ID and Door key ID
granted to make a many to many. This would allow unlimited numbers of
users and unlimited numbers of doors. Not every door needs a unique
key but you can let the user decide that.
>I believe the template route is the way to go. However, as I am not a maven
>on templates, would like to know if there are any security template examples
>that can help me in this effort.
>
Yes, you could use an equate in every procedure so that a common
function could request security clearance based on the passed
procedure equate and say global user ID. The return code could
indicate is the add, change, or delete was enabled and then the
template code could set the controls to reflect this. Or you pass the
control equate value and let the common procedure manage them. You
might also just have enable / disable code on all menus to lock some
menu items.
The nice thing is you define all the doors and then you write an app
that allows the security manager to make the User / key records. You
define all the keys and perhaps you also group keys into security
groups so that each user can have a "key set". This lets the customer
define the detailed level they want. You'll find rolling your own to
be a lot of work. I'm more familiar with Mike Hanson's Super Security.
It comes with a whole lot of code for managing user ID's and the
system for grouping keys plus the templates to add it to procedures.
You need a security admin application or you end up with a static
system that you personally have to administer for the client and no
one wants that.. Capesoft also has a well thought out security system
tool too. These products really do help you make a total solution and
lets the user do most of the work as they see fit. It greatly makes
your job very very easy. They both are under $200. You can't do it as
well as these products can for that amount of money.
>One other question. If, for example, I want only View on Employee
>Maintenance, and therefore hide/disable the add/change/delete buttons, this
>would allow the user to view the browse but not the associated forms? Is
>this the preferred approach, or should somehow the user be allowed to see
>the forms in 'view mode'?
OK say we are talking Payroll records. Salaries are not usually
viewable by everyone but a list of employees usually is, Employee
phone numbers is perhaps a low security need. There really is no
preferred way but more the way that is required. Many companies like
to provide very complete view access but limited change access and
almost no delete access. Delete access provides a way to do damage
covering your tracks as you go. Generally a bad thing to allow. There
is always a trade off from allowing normal folks to just do their job
and take care of things or requiring supervisor level controls to make
sure it's done a certain way.
Maybe you just need something to just keep the dumb people out. Sort
of like the hook on the screen door. It won't keep out the dangerous
people but keeps out the dogs and kids. I have one app, with just two
static passwords. One is reports only and the other is everything.
It's not very secure but it keeps the dumb people out. It's what I
call "toy security". There really isn't any true security with it but
it works like the hook on the screen door.
You will have the most success if you limit access as little as
possible and group things together that have similar security
requirements. It reduces the number of users that are required to have
security and limits the number of security doors. Less points of
security failure are good. Security is getting more serious these days
and you need to take a top down look else the back door methods can
come back to haunt you and / or the customer. If you need a really
secure system then you need a serious tool set to do it. You'll spend
w s rolling your own.
---------------------------------------
Paul Blais - Hayes, Virginia
|