Advice on Best Practices

I am replacing a current application for our HR group. The current application is written such that HR has full access but supervisors can access the UI interface to view specific data about employees who work for them. They do not have the ability to see everything on the form(s) and they cannot update any information (there might be an exception as they may be able to update evaluation information.)

The question I have is what is the consensus on how this should be designed. They current application hides framse containing controls and specific controls that are not on frames in code based on a global variable used to determine if the user has R/O access. I am considering putting all the code in the business objects. The form would remain in-tact but any information they are not allowed access to view, the business logic would just return null strings based on this global property. I would also reject any attempt to update the business objects by exiting any Property Let methods, also based on the value of the global property. The only indicationn on the form may be a label that I show indicating "Limited Read-Only Access"

Feedback? No coding skills required.
LVL 15
dbbishopAsked:
Who is Participating?
 
sakuya_suCommented:
current application hides framse containing controls and specific controls that are not on frames in code based on a global variable used to determine if the user has R/O access

now that is dangerouse, because if the person gets the class name he can simply send a show msg to the application to reveal that.

your approach is a much better options I believe, just make sure you do not send out data to the end user if he does not have right to it.

normaly the best security option is to employ a server-client system where the Server decides what to send to the client and the client simply displays it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.