Board index » delphi » Row-level security and user groups

Row-level security and user groups


This is what I want to do: A database based on Delphi 6, ADO and JET 4.0
(Access 2000 files) hosted in a small network (3-15 users) on a W2000 NTFS
file server (no client/server).

The database should have row-level security, that is, I need to keep track
of who can see what records and who can edit it and so on.

What I thought was to stora a table of user rights connected to the main
data table. Then when I show the data I can check who the user is (checking
W2000 user groups with the shareware NTSet component for example), and then
check my database to see if that user is allowed to see that record.

1. But.... how can I secure the files on the server from someone deleting
them, or reading them with ACCESS driectly?

(I have made a .MDW file setting up user rights in JET, but I have to allow
reading of the whole tables, my only hope is that there is some way to only
allow my application and no other to access the files... at least not MS
Access (security has to be OK, not perfect))

2. And... will this user group checking stuff be possible from a W98
computer connected to the network?

(Then the smaller problem of what to do when the administrator changes user
groups on the server etc...and I have stored group connected access rights
in my databse...)

Next issue:

Every record in the database will also store information about related
external documents (.DOC for example, that will be stored in a special
sub-directory on the server). I will give the user the option of opening
these documents with a "default browser" from my application.

Now... these documents should also be secured like the records in the
databae, that is, the wrong user should not be able to delete, edit or even
look inside the wrong file with WORD for example, and preferrably not see
them in a directory.

This could be done through setting file security fro each document in W2000
(with the NTSet component for example) when the document is stored on the
server from my application (at the time that the "connected" database record
is created and I set its user group rights, the user is allowed to "uppload"
external documents for that record, so I set the documents group access
rights too)

3. But, will this work on the files on the W2000 file server from a W98

4. Any other suggestions to how I should solve this?!?

(I dont want to store all the documents in the databse because it will be
many many GB....)


Piedro Mazolo


Re:Row-level security and user groups

Piedro Mazolo wrote in message ...


>1. But.... how can I secure the files on the server from someone deleting
>them, or reading them with ACCESS driectly?

Lock the door to the server room.

If you make backups, don't leave tapes lying around.

As for file access, make sure that the database is in an unshared
location and is not readable by just anyone.

Keep in mind that there is no safety from administrator rights
and that every NT machine has a c$ share (and so on for every
drive it has).

Maarten Wiltink

Other Threads