Re: Word 2007 Missing User Level Securitty - ARRRGGGGHHHH What were they thinking?

the prevailing theory is that since a file based system
can never be made secure that there was no point

Barf... File servers aren't secure? Word and Excel files on
a file server aren't secure? SMB servers aren't secure, but
SQL servers are secure? Multics wasn't a secure OS?
Global Policy Objects and User Profiles stored and
distributed by the same mechanism aren't secure?

Access predates Windows security, which is why it had
it's own security model. It builds on a database model
that pre-dates both relational databases and SQL. It has
never been updated or kept current. The underlying OS
database system has never been updated or kept current.

I can imagine good business reasons not to continue with
the OS-based database server product, and good business
reasons not to SQL enable the OS-based database server
product, but the words "can never be" don't figure in any
of those reasons.

Regarding the OP specific question, you maintain object
-level security by putting the objects in different file objects,
because the OS database primitives don't support record
based security. The underlying OS database system predates
Windows security, and has never been updated or kept
current. Putting the objects in different file objects breaks
Declarative Referential Integrity, because the underlying OS
database system predates relational databases, and has never
been updated or kept current.

Microsoft has announced improved database primitives in
the file system, and/or improved file systems in the database,
but all of these products have died or been killed. AFAIK,
none of these products were ever killed because of problems
in the security model. Building a server that responds to
SQL requests is not inherently more secure than building a
server that responds to physical record requests. The SQL
service object is not inherently more secure by not being
included in the base Windows distribution.

/end rant/

(david)



"Rick Brandt" <rickbrandt2@xxxxxxxxxxx> wrote in message
news:SI8Qj.9824$V14.4058@xxxxxxxxxxxxxxxxxxxxxxx
Steve House wrote:
Just discovered Access 2007 no longer supports user level security. What
in the world are they doing here? Serious real-world
applications very frequently need to restrict user's access to some
but not all of the data in a system. For example, in a human
resources application it is not at all unusual for clerical staff to
need to view and update all the various elements of an employee's
record EXCEPT for salary information while managers and only the
managers should have the ability to view and edit the salary fields.
And there can't be any backdoors allowed so that someone who who is
allowed to only open a form that contains some of the fields in a
data table would be able to view information they're not supposed to
be privy to by opening a data*** view of the same table. Removing
the ability to control exactly what users of the system are able to
view and change seriously cripples Access usability as a
line-of-business database application development platform. What am
I missing here? Are there any workarounds to establish object level,
table level, and field level priviledges in Access 2007 (other than
sticking with Access 2003 or earlier file format) or are we stuck
with an all or nothing scheme where anyone who is allowed to open the
database at all has free rein to do anything in it they want to? I
confess I am completely gob-smacked that MS could have done something
so incredibly counter-productive!
Steve House
A 20-year veteran of database development in panic mode

continuing the charade. I assume the lawyers had a hand in the decision.

You are aware that there are utilities one can find on the internet that
will defeat ULS aren't you? They have been around for several years now.

--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com





.