Solved

Access 2003 appropriate for very simple (but secure) workflow system?

Posted on 2008-10-01
9
293 Views
Last Modified: 2013-11-29
For SOX compliance I have been told that our method of registering prices in our purchasing database is insecure.  Here's the current process, handled in Excel.  We have about 5 Buyers, two managers, and one clerk, and this process is repeated at most 10 times in any given day. (and never simultaenously.)

1) Buyer creates a data-entry form in excel and includes as an OLE object a .pdf scan of the quote.  Relevant data (price, part number, etc) is entered.  Buyer types name as initiator and uses the "routing" function of Excel to send to Managment.

2) Management opens the pdf file and confirms that the quote data is accurate and approves. Manager types name as 'approval' and uses the routing function to send to clerk.

3) Clerk enters data from the form into the purchasing system.  Clerk then types name and sends the file back to Buyer using routing.

4) Buyer compares the data on the request form to the data in the purchasing system for data-entry errors.  Buyer types name on the form and routes back to clerk for filing.

5) Clerk files the digital copy in a shared folder, as well as a hard copy in file folder.

Only the clerk has access to the data entry screen in the main purchasing system, but we've been asked to avoid the possibility of the clerk completing the whole registration process by forging signatures.  I would like to create a simple workflow system that assigns users a password and allows them to actually "approve" the form as it goes through the process.  I don't need anything super-robust; we're talking more here about showing an ounce of protection in case the auditors notice the possibility of a clerk forging the whole process.  Best would be the buyer enters the data into the form, chooses the apppropriate manager and clerk, and hits a button.  Ideally, emails would be sent in tern to the user when their input is needed, and the application would allow the final process to be printed, searched and stored at a central location.

So the questions:
Is Access the best vehicle to develop this solution?  Are there add-ons to simplify the development? Is a third-party solution a better choice?  Note: we do not have access to any back-end server capabilities, so the solution must be able to run from each individual work station.

Thanks for any advice.
0
Comment
Question by:kenferrell
  • 4
  • 3
9 Comments
 
LVL 18

Expert Comment

by:jmoss111
Comment Utility
If you require security, then you need another backend database. SQL Server or SQL Server Express (free) would be a good place to start. Is your network a workgroup or are you on a domain?

Jim
0
 

Author Comment

by:kenferrell
Comment Utility
Thanks for the response.  The network is a domain -- we're one small section in a huge organization.  We don't have a stand-alone machine that could hoste a backend database, either...  As for security, all I'm really looking to do is have a simple password process that 'verifies' the user.  The security doesn't really need to be 'hack-proof' as the risk of that is small enough to be ignored.  We just want to be able to say to the auditor that we require a password before a manager could approve the workflow process.
0
 
LVL 18

Expert Comment

by:jmoss111
Comment Utility
If its a small workgroup all that you need is a vacant workstation to host SQL Server Express, and it wouldn't have to be that powerful. XP pro and a couple of gigs of RAM and you're set. I think that you can have up to 10 connections to XP Pro.

You could use Access but it's not secure. So it fails the first criteria of the test...

Jim
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:kenferrell
Comment Utility
Thanks.  We're a small group, but it's not a small workgroup.  Adding another workstation is not in the scope of the project.  When you say Access is not secure, are you saying that it would be impossible to design a simple "user log-in" system?  "Secure" means different things to different people -- and I don't want to overplay the significance of my use of the word.
0
 
LVL 18

Expert Comment

by:jmoss111
Comment Utility
Secure means tamperproof. It's not difficult to design a simple login system in Access but you're already logged into a domain, the user is already identified. You have no real way to protect the table from a user. You might want check this question for discussion of a similar topic:

http://www.experts-exchange.com/Microsoft/Development/MS_Access/Access_Forms/Q_23765083.html

Jim
0
 

Author Comment

by:kenferrell
Comment Utility
Thanks Jim.
I definitely gave you the wrong impression if you're thinking tamperproof.  I guess my goal here is not so much to completely lock the thing down (I know that there's always someone somewhere who'll be able to defeat what we come up with) as it is to excercise a reasonable amount of control over the process.

I really just want a way to be able to say to the auditors thaht we have exercised reasonable control to be sure that only the clerk was able to do the clerk portion of the workflow, and only the manager can approve the manager portion of the workflow.  

That's where I was coming up with the basic ID/password - logging type 'security' function.

So my question is still this...  is Access really the right tool for this job?
0
 
LVL 18

Accepted Solution

by:
jmoss111 earned 250 total points
Comment Utility
If your SOX auditors can live with it and you can live with it then it's the right tool for you. I just wanted you to know all the ins and outs and that Access can't be locked down and you can say with 100% certainty that the system can't be compromised, like you could with other database products.

My main client is very sensitive in security matters; and it's forced me to become more conscious also.

Jim

0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

It took me quite some time to sort out all the different properties of combo and list boxes available from Visual Basic at run-time. Not that the documentation is lacking: the help pages are quite thorough and well written. The problem was rather wh…
In Debugging – Part 1, you learned the basics of the debugging process. You learned how to avoid bugs, as well as how to utilize the Immediate window in the debugging process. This article takes things to the next level by showing you how you can us…
Learn how to number pages in an Access report over each group. Activate two pass printing by referencing the pages property: Add code to the Page Footers OnFormat event to capture the pages as there occur for each group. Use the pages property to …
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now