Secure Authorisation (2003)

Topic

New Reply

Hi All:

I have a colleague who wants to control who can confirm a payment order. He doesn

Reply | Quote

Replies

If it’s basically a matter of preventing users from accidentally changing something they shouldn’t, it’s OK. But it’s not really secure. If a user ticks the check box “Hidden objects” in the View tab of Tools | Options…, the hidden table will be displayed in the Database window (and it’s a user-level setting, not a database-level setting).

Reply | Quote

Thanks Hans, that’s what I thought.

On a connected matter, is it possible to ‘lock’ the values of a record? i.e. once a payment has been confirmed, the authorisor could not go back and ‘un-authorise’ it, make changes and re-authorise?

If locking is not possible, the only thing I can think of is to populate a Date Authorised field with VBA when a payment is confirmed and use that field either to prevent further change or at least to report a later change.

Reply | Quote

You cannot lock a record in a table, but you can prevent users from editing it in a form based on the table. Since end users shouldn’t edit records directly in a table or query, that should be sufficient. Put code similar to the following in the On Current event procedure of the form:

Private Sub Form_Current()
Me.AllowEdits = Not Me.Confirmed
End Sub

Confirmed is the name of the Yes/No field you mentioned. As long as it is False, the user can edit the record, but if the user returns to a record after Confirmed has been set to True, the record is locked.

Reply | Quote

That’s great, Hans. Just what I needed.

Many Thanks.

Reply | Quote