If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
In a multi-user database, how to restrict access to records
Problem
In a multi-use database, how do I restrict a user from having access to certain records and allow it for others. The scenario is as follows: The database handles records for a mental health organization. According to HIPPA regulations (new law passed about security of medical records), a clinician should only have access to those clients assigned to him/her. How do I allow this clinician to have access to his/her clients records while blocking access to those clients not assigned to him/her. -- The fun is not in the speed but the sudden stops!!! |
#2
|
|||
|
|||
In a multi-user database, how to restrict access to records
If the clinician logs in to the database using a userid and password, then
this would be fairly simple. Do the patient records have a field where the cinician's userid is entered? If so, just base your forms on a query and in the criteria under the clinician field, put... =CurrentUser() This will only pull records assigned to the currently signed on user. This will not prevent them from simply opening the table and seeing all records, or running any reports or queries that you have built that might show them all records. There is much more to be done for that. You would need to take away all table, query, and report access. Then let them have access only to the forms and reports they would need to run. The queries upon which the tables and reports were based, would need to be set to run using the owner's permissions. Post back with more detailed questions as you run into them. Adn yes, please just post to one group, or copy the same message to multiple groups. You don't need multiple people answering your questions. Thanks, Rick B "Bikerman" wrote in message ... Problem In a multi-use database, how do I restrict a user from having access to certain records and allow it for others. The scenario is as follows: The database handles records for a mental health organization. According to HIPPA regulations (new law passed about security of medical records), a clinician should only have access to those clients assigned to him/her. How do I allow this clinician to have access to his/her clients records while blocking access to those clients not assigned to him/her. -- The fun is not in the speed but the sudden stops!!! |
#3
|
|||
|
|||
In a multi-user database, how to restrict access to records
"=?Utf-8?B?QmlrZXJtYW4=?=" wrote in
: In a multi-use database, how do I restrict a user from having access to certain records and allow it for others. The standard answer to this is to use Access user security. You remove all permissions from the tables for the users, but control read/ write access to the data with RWOP queries. What this means (Run With Owner Permission) is that the you (as Admim) have permission to see the tables, and you grant the users permission to see the data through those queries. Thus, you can restrict which fields and which records they can have access to. It's easier to understand than to explain! Access security is admittedly not for the faint-hearted, and you need to understand the processes involved (worst case scenario is to lock yourself out of your own data!) but is pretty secure and very flexible. More details in help files, or on MSDN site. Hope that helps Tim F |
#4
|
|||
|
|||
just read this and it seems almost exactly like what I need for my database
however, how do you set it up to have multiple users so that they need to log on when opening the database/form? "Rick B" wrote: If the clinician logs in to the database using a userid and password, then this would be fairly simple. Do the patient records have a field where the cinician's userid is entered? If so, just base your forms on a query and in the criteria under the clinician field, put... =CurrentUser() This will only pull records assigned to the currently signed on user. This will not prevent them from simply opening the table and seeing all records, or running any reports or queries that you have built that might show them all records. There is much more to be done for that. You would need to take away all table, query, and report access. Then let them have access only to the forms and reports they would need to run. The queries upon which the tables and reports were based, would need to be set to run using the owner's permissions. Post back with more detailed questions as you run into them. Adn yes, please just post to one group, or copy the same message to multiple groups. You don't need multiple people answering your questions. Thanks, Rick B "Bikerman" wrote in message ... Problem In a multi-use database, how do I restrict a user from having access to certain records and allow it for others. The scenario is as follows: The database handles records for a mental health organization. According to HIPPA regulations (new law passed about security of medical records), a clinician should only have access to those clients assigned to him/her. How do I allow this clinician to have access to his/her clients records while blocking access to those clients not assigned to him/her. -- The fun is not in the speed but the sudden stops!!! |
#5
|
|||
|
|||
You would have to implement user-level security. This is no simple task
(the first few times). I'd suggest you read the following links several times and make a backup or two before you start. Rick B Security Security FAQ http://support.microsoft.com/?id=207793 The Security Whitepaper is also worth reading to help you understand. http://support.microsoft.com/?id=148555 Joan Wild: www.jmwild.com/AccessSecurity.htm Lynn Trapp http://www.ltcomputerdesigns.com/Security.htm "adrian" wrote in message ... just read this and it seems almost exactly like what I need for my database however, how do you set it up to have multiple users so that they need to log on when opening the database/form? "Rick B" wrote: If the clinician logs in to the database using a userid and password, then this would be fairly simple. Do the patient records have a field where the cinician's userid is entered? If so, just base your forms on a query and in the criteria under the clinician field, put... =CurrentUser() This will only pull records assigned to the currently signed on user. This will not prevent them from simply opening the table and seeing all records, or running any reports or queries that you have built that might show them all records. There is much more to be done for that. You would need to take away all table, query, and report access. Then let them have access only to the forms and reports they would need to run. The queries upon which the tables and reports were based, would need to be set to run using the owner's permissions. Post back with more detailed questions as you run into them. Adn yes, please just post to one group, or copy the same message to multiple groups. You don't need multiple people answering your questions. Thanks, Rick B "Bikerman" wrote in message ... Problem In a multi-use database, how do I restrict a user from having access to certain records and allow it for others. The scenario is as follows: The database handles records for a mental health organization. According to HIPPA regulations (new law passed about security of medical records), a clinician should only have access to those clients assigned to him/her. How do I allow this clinician to have access to his/her clients records while blocking access to those clients not assigned to him/her. -- The fun is not in the speed but the sudden stops!!! |
#6
|
|||
|
|||
=?Utf-8?B?YWRyaWFu?= wrote in
: In a multi-use database, how do I restrict a user from having access to certain records and allow it for others. If the clinician logs in to the database using a userid and password, then this would be fairly simple. Do the patient records have a field where the cinician's userid is entered? If so, just base your forms on a query and in the criteria under the clinician field, put... just read this and it seems almost exactly like what I need for my database Sorry I missed the original post. The answer to this is to use proper database security. 1) Access user-level security can completely tie up the data so that individuals can only see what you want them to, down to row and field level. The idea is to remove _all_ privileges from the base tables, then use Queries with RWOP to provide all access: as long as you can define the query that selects the correct records, then you can restrict the user to those records and fields. 2) You may well feel that the prevalence of security-busting utilities on the Net makes Access an unsuitable container for highly confidential data. Most civilised countries have serious laws about data protection and you could be looking at a big chunk of your life sowing mailbags if it goes wrong. Rightly so, too, in my view. Your organisation would be well advised to look at a properly-administered DBMS like SQL Server etc for the back end, in order to save itself a lot of money. Hope that helps Tim F |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Useless Access 2003 | tired, angry, sucidial and bored | General Discussion | 10 | July 21st, 2004 11:52 PM |
Need help with Access decision | aualias | General Discussion | 23 | June 21st, 2004 02:04 AM |
Access Database File Size | Maybeso | General Discussion | 2 | June 7th, 2004 03:16 AM |
Please Help, The database is in an unexpected state; Microsoft Access can't open it. | Gary A. Hollenbeck | New Users | 2 | May 20th, 2004 05:42 PM |
Can't add many database records per form template | Ashley Dreier | Setting up and Configuration | 0 | September 19th, 2003 06:01 PM |