I am trying to implement a user level permission module in a Access Web App I am developing for a client. I have a very simple data model behind it. I have a table called App Functionality and then a one to many table called user permissions. i.e. user A has 4 permissions assigned to him. eg. load project, view projects, login to app and view projects dashboard. Its effectively a table level security model.
At present I have UI macro which can retrieve whether the current user (set using userdisplayname function on start-up). The macro takes two parameters (user, functionality). The idea is that any form can pass it those variables and then action the resulting CRUD permissions by setting the properties on controls (like add or edit list buttons) to disabled.
I have three questions;
Is this an "ok" method?
If so then what are the best actions in which to write the "lock down" logic. 'On Load' wont work. 'On Current' is not working completely either.
What other techniques are people using to bring good old fashioned user level access control to Access Web Apps? I can't find best practice on this (remember its not a desktop app, its a web app).