Access 2003 appropriate for very simple (but secure) workflow system?

Posted on 2008-10-01
Last Modified: 2013-11-29
For SOX compliance I have been told that our method of registering prices in our purchasing database is insecure.  Here's the current process, handled in Excel.  We have about 5 Buyers, two managers, and one clerk, and this process is repeated at most 10 times in any given day. (and never simultaenously.)

1) Buyer creates a data-entry form in excel and includes as an OLE object a .pdf scan of the quote.  Relevant data (price, part number, etc) is entered.  Buyer types name as initiator and uses the "routing" function of Excel to send to Managment.

2) Management opens the pdf file and confirms that the quote data is accurate and approves. Manager types name as 'approval' and uses the routing function to send to clerk.

3) Clerk enters data from the form into the purchasing system.  Clerk then types name and sends the file back to Buyer using routing.

4) Buyer compares the data on the request form to the data in the purchasing system for data-entry errors.  Buyer types name on the form and routes back to clerk for filing.

5) Clerk files the digital copy in a shared folder, as well as a hard copy in file folder.

Only the clerk has access to the data entry screen in the main purchasing system, but we've been asked to avoid the possibility of the clerk completing the whole registration process by forging signatures.  I would like to create a simple workflow system that assigns users a password and allows them to actually "approve" the form as it goes through the process.  I don't need anything super-robust; we're talking more here about showing an ounce of protection in case the auditors notice the possibility of a clerk forging the whole process.  Best would be the buyer enters the data into the form, chooses the apppropriate manager and clerk, and hits a button.  Ideally, emails would be sent in tern to the user when their input is needed, and the application would allow the final process to be printed, searched and stored at a central location.

So the questions:
Is Access the best vehicle to develop this solution?  Are there add-ons to simplify the development? Is a third-party solution a better choice?  Note: we do not have access to any back-end server capabilities, so the solution must be able to run from each individual work station.

Thanks for any advice.
Question by:kenferrell
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 18

Expert Comment

ID: 22616925
If you require security, then you need another backend database. SQL Server or SQL Server Express (free) would be a good place to start. Is your network a workgroup or are you on a domain?


Author Comment

ID: 22617008
Thanks for the response.  The network is a domain -- we're one small section in a huge organization.  We don't have a stand-alone machine that could hoste a backend database, either...  As for security, all I'm really looking to do is have a simple password process that 'verifies' the user.  The security doesn't really need to be 'hack-proof' as the risk of that is small enough to be ignored.  We just want to be able to say to the auditor that we require a password before a manager could approve the workflow process.
LVL 18

Expert Comment

ID: 22617073
If its a small workgroup all that you need is a vacant workstation to host SQL Server Express, and it wouldn't have to be that powerful. XP pro and a couple of gigs of RAM and you're set. I think that you can have up to 10 connections to XP Pro.

You could use Access but it's not secure. So it fails the first criteria of the test...

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.


Author Comment

ID: 22617173
Thanks.  We're a small group, but it's not a small workgroup.  Adding another workstation is not in the scope of the project.  When you say Access is not secure, are you saying that it would be impossible to design a simple "user log-in" system?  "Secure" means different things to different people -- and I don't want to overplay the significance of my use of the word.
LVL 18

Expert Comment

ID: 22619924
Secure means tamperproof. It's not difficult to design a simple login system in Access but you're already logged into a domain, the user is already identified. You have no real way to protect the table from a user. You might want check this question for discussion of a similar topic:


Author Comment

ID: 22629369
Thanks Jim.
I definitely gave you the wrong impression if you're thinking tamperproof.  I guess my goal here is not so much to completely lock the thing down (I know that there's always someone somewhere who'll be able to defeat what we come up with) as it is to excercise a reasonable amount of control over the process.

I really just want a way to be able to say to the auditors thaht we have exercised reasonable control to be sure that only the clerk was able to do the clerk portion of the workflow, and only the manager can approve the manager portion of the workflow.  

That's where I was coming up with the basic ID/password - logging type 'security' function.

So my question is still this...  is Access really the right tool for this job?
LVL 18

Accepted Solution

jmoss111 earned 250 total points
ID: 22629725
If your SOX auditors can live with it and you can live with it then it's the right tool for you. I just wanted you to know all the ins and outs and that Access can't be locked down and you can say with 100% certainty that the system can't be compromised, like you could with other database products.

My main client is very sensitive in security matters; and it's forced me to become more conscious also.



Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In earlier versions of Windows (XP and before), you could drag a database to the taskbar, where it would appear as a taskbar icon to open that database.  This article shows how to recreate this functionality in Windows 7 through 10.
You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
Basics of query design. Shows you how to construct a simple query by adding tables, perform joins, defining output columns, perform sorting, and apply criteria.
What’s inside an Access Desktop Database. Will look at the basic interface, Navigation Pane (Database Container), Tables, Queries, Forms, Report, Macro’s, and VBA code.

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question