SQL to Update User Password

**NeoPa** · Feb 17 '16, 04:19 AM

I'm struggling to see why you need account or password information in the data when you are already using the Windows domain account and allowing it to maintain the password.

However, if your code is failing to do what you require, regardless of why you have that requirement, it would help us to help you if you can explain whereabouts in the code it gives this prompt and why you feel it's not what it should be doing.

**jforbes** · Feb 17 '16, 01:30 PM

I'm also confused why you would want to do all this, but I have a feeling your error is being caused by missing quotes around the value of Me.txtLoginID.V alue

Code:

strSQL = "UPDATE tblUser SET Password = '" & Me.txtNewPW.Value & "' WHERE [UserName] = '" & Me.txtLoginID.Value & "'"

If that's not it, we'll need more to go on.

If you are still in the process of adding the password to the Database, instead you may want to consider adding flags or an integer to the User Table indicating to what parts of the program they have access. Then, on the database startup, lookup the user Record based on the Windows User and load those security flags into global variables. Then you can use those global variables to hide/show/enable/disable buttons, fields and forms. The result is no login form and no passwords.

**scullman** · Feb 17 '16, 04:09 PM

First of all, thank you for the responses. The reason for the need to "login" would be because everyone who has access to the shared network drive has access to the database; however only about 20 people need to use it or even look at it. I was trying to be proactive before something happened by stopping some of the employees that may wonder into the database out of boredom and start changing information. I have an audit trail setup, so I will be able to tell who is making changes; but would rather avoid that if possible. I realize this may not be the most secure. I am fairly novice with Access VBA and read on some threads adding a password login is a simple route to take. It is not "live" right now, still in development and working on more viable options.

jforbes, I added those quotes and that resolved my issue and am no longer prompted to verify the UserName. I am interested in the addition of flags or integer to the User Table. I will do some research and attempt to build that into the database, it seems like a better option. Thanks for that piece of information.

Code:

strSQL = "UPDATE tblUser SET Password = '" & Me.txtNewPW.Value & "' WHERE [UserName] = '" & Me.txtLoginID.Value & "'"

**jforbes** · Feb 17 '16, 07:13 PM

Glad it's working for you.

The following is some information to help you get started in using the Windows User to enable/disable resources in your database...

There are quite a few versions of this code floating around the Internet to get the currently logged in Windows User:

https://bytes.com/topic/access/insights/653928-function-return-username-nt-login-current-user

So using the above code, the first thing that should be done in the database is to load the User Name into a Global Variable. Then use the Global variable to lookup any permissions that you want to track. The following is a snippet of some code I use to set some flags that are used as permissions (the user name has already been placed in the gUserID Global Variable):

Code:

    Dim rst As DAO.Recordset
    Dim sSQL As String
    ' Load Preferences
    sSQL = ""
    sSQL = sSQL & "SELECT TOP 1 * FROM Employees "
    sSQL = sSQL & "WHERE  UserID='" & gUserID & "'"
    Set rst = CurrentDB.OpenRecordset(sSQL, dbOpenDynaset, dbForwardOnly + dbSeeChanges)
        If rst.RecordCount > 0 Then
            gAdmin = Nz(rst![Admin], False)
            gEngr = Nz(rst![Engr], False)
            gManagment = Nz(rst![Managment], False)
        Else
            gAdmin = False
            gEngr = False
            gManagment = False
            Call MsgBox ("You do not currently have permissions to " & gLongAppName & ".  Please see your System Administrator to gain access.")
        End If
    rst.Close
    Set rst = Nothing

Then some code like the following enables/disables buttons based on the permissions:

Code:

Private Sub Form_Load()   
    Me.cmdEmployeeMaintenance.Enabled = gAdmin
    Me.cmdPartsMaintenance.Enabled = gAdmin
    Me.cmdAttachmentMaintenance.Enabled = (gAdmin Or gEngr)
    Me.cmdSchedule.Enabled = (gAdmin Or gManagment)
End Sub

On last thing to note, if for some reason Access errors and resets the Global Variables, the Boolean values will reset to false, which will disable everything, which is better than enabling everything.

**scullman** · Feb 17 '16, 08:22 PM

Thanks a ton jforbes. When I get some time, I will read over that thread you linked, as well read through the code you posted. Again, I greatly appreciate your time and the information you provided to get me going on a better solution. I will be sure to credit you in the coding, once I get this up and running :)

**NeoPa** · Feb 18 '16, 12:07 AM

Let me just clarify for emphasis. I know this has already been said but it may not have registered fully.

The linked thread provides a pre-written function that returns the Windows account of the current user to the project.
The Windows account has already been logged on to Windows so no password holding, or even validating, is required.
With JForbes' example code you can build this security across your whole system without the user needing to re-qualify as such. It's linked into the Windows account but the user doesn't need to do anything to indicate which that is of course.

**scullman** · Feb 18 '16, 04:47 PM

Thanks NeoPa. Hopefully this thread will inform others of that method, before they spent so much time creating yet another login environment for their users like I planned on doing.

**Rabbit** · Feb 18 '16, 08:56 PM

You should be aware that storing your permissions like this in Access makes it very easy to bypass. Anyone can open up the permissions table and change what they have access to.

**scullman** · Feb 19 '16, 01:31 AM

Thanks Rabbit. I did know this, which is why I am happy to dump this project for the alternate method suggested by JForbes.I was unaware of that method, probably because I was using the wrong key words in my searches...

**Rabbit** · Feb 19 '16, 05:36 AM

The same issues apply to jforbes method. It requires storing permissions in a table in a simple format.

SQL to Update User Password

SQL to Update User Password

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment