Row-level security and user groups


This is what I want to do: A database based on Delphi 6, ADO and JET 4.0
(Access 2000 files) hosted in a small network (3-15 users) on a W2000
NTFS file server (no client/server).

The database should have row-level security, that is, I need to keep
track of who can see what records and who can edit it and so on.

What I thought was to stora a table of user rights connected to the main
data table. Then when I show the data I can check who the user is
(checking W2000 user groups with the shareware NTSet component for
example), and then check my database to see if that user is allowed to
see that record.

1. But.... how can I secure the files on the server from someone
   deleting them, or reading them with ACCESS driectly?

(I have made a .MDW file setting up user rights in JET, but I have to
allow reading of the whole tables, my only hope is that there is some
way to only allow my application and no other to access the files... at
least not MS Access (security has to be OK, not perfect))

2. And... will this user group checking stuff be possible from a W98
   computer connected to the network?

(Then the smaller problem of what to do when the administrator changes
user groups on the server etc...and I have stored group connected access
rights in my databse...)

Next issue:

Every record in the database will also store information about related
external documents (.DOC for example, that will be stored in a special
sub-directory on the server). I will give the user the option of opening
these documents with a "default browser" from my application.

Now... these documents should also be secured like the records in the
databae, that is, the wrong user should not be able to delete, edit or
even look inside the wrong file with WORD for example, and preferrably
not see them in a directory.

This could be done through setting file security fro each document in
W2000 (with the NTSet component for example) when the document is stored
on the server from my application (at the time that the "connected"
database record is created and I set its user group rights, the user is
allowed to "uppload" external documents for that record, so I set the
documents group access rights too)

3. But, will this work on the files on the W2000 file server from a
   W98 client?

4. Any other suggestions to how I should solve this?!?

(I dont want to store all the documents in the databse because it will
be many many GB....)

Piedro Mazolo

Posted via