?
Solved

Advice on Best Practices

Posted on 2006-06-03
1
Medium Priority
?
169 Views
Last Modified: 2012-05-05
I am replacing a current application for our HR group. The current application is written such that HR has full access but supervisors can access the UI interface to view specific data about employees who work for them. They do not have the ability to see everything on the form(s) and they cannot update any information (there might be an exception as they may be able to update evaluation information.)

The question I have is what is the consensus on how this should be designed. They current application hides framse containing controls and specific controls that are not on frames in code based on a global variable used to determine if the user has R/O access. I am considering putting all the code in the business objects. The form would remain in-tact but any information they are not allowed access to view, the business logic would just return null strings based on this global property. I would also reject any attempt to update the business objects by exiting any Property Let methods, also based on the value of the global property. The only indicationn on the form may be a label that I show indicating "Limited Read-Only Access"

Feedback? No coding skills required.
0
Comment
Question by:dbbishop
1 Comment
 
LVL 10

Accepted Solution

by:
sakuya_su earned 500 total points
ID: 16826539
current application hides framse containing controls and specific controls that are not on frames in code based on a global variable used to determine if the user has R/O access

now that is dangerouse, because if the person gets the class name he can simply send a show msg to the application to reveal that.

your approach is a much better options I believe, just make sure you do not send out data to the end user if he does not have right to it.

normaly the best security option is to employ a server-client system where the Server decides what to send to the client and the client simply displays it.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’ve seen a number of people looking for examples of how to access web services from VB6.  I’ve been using a test harness I built in VB6 (using many resources I found online) that I use for small projects to work out how to communicate with web serv…
Background What I'm presenting in this article is the result of 2 conditions in my work area: We have a SQL Server production environment but no development or test environment; andWe have an MS Access front end using tables in SQL Server but we a…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question