Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Access 2003 appropriate for very simple (but secure) workflow system?

Posted on 2008-10-01
9
Medium Priority
?
305 Views
Last Modified: 2013-11-29
For SOX compliance I have been told that our method of registering prices in our purchasing database is insecure.  Here's the current process, handled in Excel.  We have about 5 Buyers, two managers, and one clerk, and this process is repeated at most 10 times in any given day. (and never simultaenously.)

1) Buyer creates a data-entry form in excel and includes as an OLE object a .pdf scan of the quote.  Relevant data (price, part number, etc) is entered.  Buyer types name as initiator and uses the "routing" function of Excel to send to Managment.

2) Management opens the pdf file and confirms that the quote data is accurate and approves. Manager types name as 'approval' and uses the routing function to send to clerk.

3) Clerk enters data from the form into the purchasing system.  Clerk then types name and sends the file back to Buyer using routing.

4) Buyer compares the data on the request form to the data in the purchasing system for data-entry errors.  Buyer types name on the form and routes back to clerk for filing.

5) Clerk files the digital copy in a shared folder, as well as a hard copy in file folder.

Only the clerk has access to the data entry screen in the main purchasing system, but we've been asked to avoid the possibility of the clerk completing the whole registration process by forging signatures.  I would like to create a simple workflow system that assigns users a password and allows them to actually "approve" the form as it goes through the process.  I don't need anything super-robust; we're talking more here about showing an ounce of protection in case the auditors notice the possibility of a clerk forging the whole process.  Best would be the buyer enters the data into the form, chooses the apppropriate manager and clerk, and hits a button.  Ideally, emails would be sent in tern to the user when their input is needed, and the application would allow the final process to be printed, searched and stored at a central location.

So the questions:
Is Access the best vehicle to develop this solution?  Are there add-ons to simplify the development? Is a third-party solution a better choice?  Note: we do not have access to any back-end server capabilities, so the solution must be able to run from each individual work station.

Thanks for any advice.
0
Comment
Question by:kenferrell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 18

Expert Comment

by:jmoss111
ID: 22616925
If you require security, then you need another backend database. SQL Server or SQL Server Express (free) would be a good place to start. Is your network a workgroup or are you on a domain?

Jim
0
 

Author Comment

by:kenferrell
ID: 22617008
Thanks for the response.  The network is a domain -- we're one small section in a huge organization.  We don't have a stand-alone machine that could hoste a backend database, either...  As for security, all I'm really looking to do is have a simple password process that 'verifies' the user.  The security doesn't really need to be 'hack-proof' as the risk of that is small enough to be ignored.  We just want to be able to say to the auditor that we require a password before a manager could approve the workflow process.
0
 
LVL 18

Expert Comment

by:jmoss111
ID: 22617073
If its a small workgroup all that you need is a vacant workstation to host SQL Server Express, and it wouldn't have to be that powerful. XP pro and a couple of gigs of RAM and you're set. I think that you can have up to 10 connections to XP Pro.

You could use Access but it's not secure. So it fails the first criteria of the test...

Jim
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:kenferrell
ID: 22617173
Thanks.  We're a small group, but it's not a small workgroup.  Adding another workstation is not in the scope of the project.  When you say Access is not secure, are you saying that it would be impossible to design a simple "user log-in" system?  "Secure" means different things to different people -- and I don't want to overplay the significance of my use of the word.
0
 
LVL 18

Expert Comment

by:jmoss111
ID: 22619924
Secure means tamperproof. It's not difficult to design a simple login system in Access but you're already logged into a domain, the user is already identified. You have no real way to protect the table from a user. You might want check this question for discussion of a similar topic:

http://www.experts-exchange.com/Microsoft/Development/MS_Access/Access_Forms/Q_23765083.html

Jim
0
 

Author Comment

by:kenferrell
ID: 22629369
Thanks Jim.
I definitely gave you the wrong impression if you're thinking tamperproof.  I guess my goal here is not so much to completely lock the thing down (I know that there's always someone somewhere who'll be able to defeat what we come up with) as it is to excercise a reasonable amount of control over the process.

I really just want a way to be able to say to the auditors thaht we have exercised reasonable control to be sure that only the clerk was able to do the clerk portion of the workflow, and only the manager can approve the manager portion of the workflow.  

That's where I was coming up with the basic ID/password - logging type 'security' function.

So my question is still this...  is Access really the right tool for this job?
0
 
LVL 18

Accepted Solution

by:
jmoss111 earned 1000 total points
ID: 22629725
If your SOX auditors can live with it and you can live with it then it's the right tool for you. I just wanted you to know all the ins and outs and that Access can't be locked down and you can say with 100% certainty that the system can't be compromised, like you could with other database products.

My main client is very sensitive in security matters; and it's forced me to become more conscious also.

Jim

0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Access custom database properties are useful for storing miscellaneous bits of information in a format that persists through database closing and reopening.  This article shows how to create and use them.
This article shows how to get a list of available printers for display in a drop-down list, and then to use the selected printer to print an Access report or a Word document filled with Access data, using different syntax as needed for working with …
In Microsoft Access, when working with VBA, learn some techniques for writing readable and easily maintained code.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question