Advice on Best Practices

Posted on 2006-06-03
Last Modified: 2012-05-05
I am replacing a current application for our HR group. The current application is written such that HR has full access but supervisors can access the UI interface to view specific data about employees who work for them. They do not have the ability to see everything on the form(s) and they cannot update any information (there might be an exception as they may be able to update evaluation information.)

The question I have is what is the consensus on how this should be designed. They current application hides framse containing controls and specific controls that are not on frames in code based on a global variable used to determine if the user has R/O access. I am considering putting all the code in the business objects. The form would remain in-tact but any information they are not allowed access to view, the business logic would just return null strings based on this global property. I would also reject any attempt to update the business objects by exiting any Property Let methods, also based on the value of the global property. The only indicationn on the form may be a label that I show indicating "Limited Read-Only Access"

Feedback? No coding skills required.
Question by:dbbishop
    1 Comment
    LVL 10

    Accepted Solution

    current application hides framse containing controls and specific controls that are not on frames in code based on a global variable used to determine if the user has R/O access

    now that is dangerouse, because if the person gets the class name he can simply send a show msg to the application to reveal that.

    your approach is a much better options I believe, just make sure you do not send out data to the end user if he does not have right to it.

    normaly the best security option is to employ a server-client system where the Server decides what to send to the client and the client simply displays it.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    I’ve seen a number of people looking for examples of how to access web services from VB6.  I’ve been using a test harness I built in VB6 (using many resources I found online) that I use for small projects to work out how to communicate with web serv…
    Article by: Martin
    Here are a few simple, working, games that you can use as-is or as the basis for your own games. Tic-Tac-Toe This is one of the simplest of all games.   The game allows for a choice of who goes first and keeps track of the number of wins for…
    Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
    Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now