We have 46 buildings in our company and we want to write reports that allow all buildings to see their data. We have 46 AD groups we've created for another application. What I'd like to do is to populate a dropdown parameter full of the building names, but only show them based on your access in AD.
example:
Administrator1 has access to Building1. He is in group1.
Administrator1 has access to Building2. He is in group2.
Regional1 has access to buildings 1-5. She is in group1, group2, group3, group4, and group5
Exec1 has access to all buildings. She is in all groups.
Exec1 would see all buildings, Admins only their buildings and Regional the group of buildings. Can I populate a parameter dropdown with only the values these people have based on a lookup when they hit the report?
I've used a couple of methods to solve similar problems:
First create an internal parameter for the report which will contain the user's id. "=User!UserID"
Next you need to get the permissions joined in. This is easiest if you have the user to group/permission mapping somewhere in SQL. Then this is just a SQL join.
Otherwise, you can set up a Active Directory "Linked Server" which can query AD for group members. This can take some patience and troubleshooting time. Once set up, you can join to the membership of each group.
If I were building what you describe, I would code an AD to SQL data export to run at regular intervals (a .NET .exe), keeping a SQL table up to date with permissions. This would be easier to set up and more robust than the SQL-> AD Linked Server.
I can find references for the linked server approach if that would be helpful...
If you get the memberOf attribute in AD and loop on the result with a mathching regular expression, I think that you can build your combo.
Related
I have reports generated by queries. I have some people who are not Access savvy (at all). Can I create a report that when opened, asks a couple questions, then generates the report based on how the person answered? I have very very limited VBA skills (but willing to learn). If I can keep them from opening Queries, it may be easier for them to get the information correct.
For example. I have a report that provides all the open records for all our sales people. Rather than create 10 different reports (one for each sales person, and 1 that is shows everyone), can I have the report generated based on if the person who opens the reports wants to see all open records for all sales people or just those from one sales person? I have something similar for suppliers - which suppliers have open records (if I only want to a report for a specific supplier, versus all suppliers).
Thanks!
-Cheryl
Based on your comment about using parameters and personally running each needed report, a form is a much better option. Apart from allowing data validation, you can also use lookups to ensure the values being passed to the data source are legitimate.
Your form should have controls for each criteria field you plan to use to generate your report. To reference the form controls in your query, use this nomenclature:
[Forms]![NameOfYourForm]![NameOfYourControl]
Using the form reference will eliminate the need to build multiple iterations of the reports and queries. Keep in mind which criteria you may want to omit though, for example, a combobox of suppliers if NULL could return ALL suppliers, so your query would need to accommodate that.
I have an MS Access database where all the users will be in the same group, except a few. I don't need to restrict certain objects from users. Instead, I need to give the current user write capabilities to his record and its related records only and read-only capabilities to all other records. Is this possible?
Unfortunately, be it Access, SQL server or Oracle, the restriction of rows to a single user is not built in. This means you have to build some type of interface in which you grab/use the users Logged on ID (their network pc id, or say prompt for a user + password). Then you when a form loads you have to restrict the records to that one given user. There are many ways to do this and they are all standard approaches to filtering or restricting data. However "YOU" have to build and write such code into the forms. You could perhaps base the form on a query with a expression (VBA or macro TempVars) that limits the records returned to the given user.
So you have to “cook” and “code” this ability for most any database. You thus also need to code to “save” the user name who created the record. This coding requirement as noted is required for most systems when looking to restrict data to single rows and such features are not generally built into the database system. You also likely need to restrict and prevent users from opening the database and seeing the table view.
I have a database with many customers inside of it. Each row of the table has a customer ID that denotes which customer the data belongs to.
Is it possible to let the end user use Ad-Hoc reporting to build reports, but only let them see data associated to their customer id?
In a report you can use the Built-in field UserID to return the current user's domain name e.g. MYDOMAIN\Username.
If you can create a table mapping customer Ids to domain names and join this to your main data table then you can add a where clause into your dataset query such as
WHERE MappingTable.DomainUsername = #CurrentUser
In the report, create a hidden parameter called CurrentUser and set the value to Globals!UserID.Value
You need to be using Windows authentication in the report data source, where the report users credentials are being passed through to the data source, for this solution to work.
EDIT: I see I misread your original question, which was actually asking if it's possible to allow users to create ad hoc reports while restricting their view of the data. This scenario precludes any solution that is implemented in the reports themselves, since the users will be designing their own reports. Instead, you will probably need to implement some form of security layer in source database, for example using Views. You can use a similar approach to above if your users are using domain logins. For example your view could contain a reference to SUSER_NAME() to limit that data for that particular user.
I'm trying to make access conditionally only show rows that meet a certain condition, allow me to give you some background info before I proceed :
I've created an Access form and linked it to a test DB on my machine. The particular table I am interested in contains the following (important) rows :
ID , Office, Name, SecurityNumber
The thing is, ID is not unique. There are two Office locations, and each Office has it's own set of unique ID numbers. This means that ID 10 here and there may or may not be the same person. (this data comes out of a legacy security system we're not looking to change yet, so I cannot change it)
But ID -is- unique to each Office.
SO! I created an Access form with TABS! Two tabs, one for each office. What I am trying to achieve now is :
Have the ID/Name/SecurityNumber fields for each tab populate with only rows that match it's particular 'Office' value.
Thank you for reading and thank you for helping! :D
If you want the data for the office locations presented in separate tab page controls, you could use subforms on the pages which differ only in the WHERE clause of the queries used as their record sources. So for the Office1 subform, the query could be:
SELECT ID, Office, [Name], SecurityNumber
FROM YourTable
WHERE Office = 'Office1'
ORDER BY [Name];
Then for Office2, the query would be the same except for the WHERE clause:
WHERE Office = 'Office2'
As I understand your question, that approach would do what you're asking for.
However, that's not really the easy "Access way" to do it. Instead consider a combo box control to allow your users to choose which office they want to view. In the code for the combo's after update event, either modify the SELECT statement used as the form's record source or create a filter expression an apply it.
Also, since you're pulling the form's data from SQL Server, consider whether you want your form to load every record for the selected office location. It may not be much concern if you have only a few to moderate number of rows for each location, but if you'll be dealing with multiple thousands of rows it could be. In general, you should try to avoid pulling copious amounts of data across the wire; pull sparingly instead ... only what you need for the immediate task at hand.
The company I work for have an access database that is linked to a sql server table. The database is on a shared network location so it is used by lots of people in the company (with the annoying problem that only one person can use it at a time).
There are several forms that are used as a front end for the data and on one particular form there are combo boxes that are linked to other tables.
When a report is generated on the form the ID of the combobox is on the form (a GUID) and not the bound item of the combobox.
How can I get the bound items to appear on the form itself? The solution needs to be easy to do or something i can produce that can be regenerated as it's used by non technical people.
In order to make the database usable by many, simply give each user a copy of the front-end.
Forms should almost never be used for reports, the best thing to do is to build a query (the query design window will help) that references each of the relevant tables, for example, if the combobox contained a reference to person type and you might build a query like this for your report:
SELECT a.ID, a.SName, a.MainAddress, c.PersonType
FROM Addresses a
INNER JOIN PersonTypes c ''Or LEFT JOIN if data is missing
ON a.PersonTypeKey = c.PersonTypeKey
If this is not possible, perhaps you could explain in more detail exactly how the report is generated from the form.