For establishing user "rights" in the past, I've use a ton of different methods: user security model, tables and related tables, and so forth
The ms access user-level security had the advantage that the user couldn't just easily bypass things and elevate privilege. To do so took some effort and some extra-know-how to get around the workgroup restrictions. I do miss that in some ways; however, it was a pain to maintain.
However, using the table/table-related_table methods I've had users find the table(s) (even the hidden/system tables!) and find a way to alter the user table so that they would have the desired role and then alter it back once done.
However, this time I was thinking about using Binary Flags to check for "rights." This is something I used to use in other codes a lot (especially back in the old CBM-Vic20 and machine level code – 5K was a lot of memory back then!); however, I've not used the method in VBA or a database.
I was considering that a 8-Bit set of flags would work just fine and I could store just the one number with the employee's information and get rid of one table and the associated look-ups, codes and the like. Maybe create one class module to pull the current windows user from advapi32.dll and then set the flags and allow admins to alter user’s rights by tweaking which flags were set. To make things fun, I would really only need 5 of the 8 bits, I could use the unused bits to mess with what values correspond to what rights.... say, as far as user rights would be concerned: 00011011 would be the same as 10011011 as well as =01011011 because I wouldn't be checking the first three (left to right) unused bits and it'd make the users scratch their heads. – Perhaps use a SHA digest to validate… or maybe use the “rights” as a password against their password. I was already considering using a SHA digest to store the user names…
or am I over thinking things?
The ms access user-level security had the advantage that the user couldn't just easily bypass things and elevate privilege. To do so took some effort and some extra-know-how to get around the workgroup restrictions. I do miss that in some ways; however, it was a pain to maintain.
However, using the table/table-related_table methods I've had users find the table(s) (even the hidden/system tables!) and find a way to alter the user table so that they would have the desired role and then alter it back once done.
However, this time I was thinking about using Binary Flags to check for "rights." This is something I used to use in other codes a lot (especially back in the old CBM-Vic20 and machine level code – 5K was a lot of memory back then!); however, I've not used the method in VBA or a database.
I was considering that a 8-Bit set of flags would work just fine and I could store just the one number with the employee's information and get rid of one table and the associated look-ups, codes and the like. Maybe create one class module to pull the current windows user from advapi32.dll and then set the flags and allow admins to alter user’s rights by tweaking which flags were set. To make things fun, I would really only need 5 of the 8 bits, I could use the unused bits to mess with what values correspond to what rights.... say, as far as user rights would be concerned: 00011011 would be the same as 10011011 as well as =01011011 because I wouldn't be checking the first three (left to right) unused bits and it'd make the users scratch their heads. – Perhaps use a SHA digest to validate… or maybe use the “rights” as a password against their password. I was already considering using a SHA digest to store the user names…
or am I over thinking things?
Comment