• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 33. Complex Security Issues > Accomplishing Field-Level Security By Usi...

Accomplishing Field-Level Security By Using Queries

In itself, Access does not provide field-level security. You can achieve field-level security by using queries, though. Here's how it works. You do not provide the user or group with any rights to the table that you want to secure. Instead, you give the user or group rights to a query containing only the fields that you want the user to be able to view. Ordinarily, this would not work, because if users cannot read the tables underlying a query, they cannot read the data in the query result.

The trick is in a query option called WITH OWNERACCESS OPTION. The WITH OWNERACCESS OPTION of a query grants the user running the query the rights possessed by the owner of the query. The Staff group, for example, has no rights to the tblEmployees table. The Supervisors group has Read Design and Modify permissions to the tblEmployees table. The qryEmployees query is owned by the Supervisors group, as shown in Figure 33.6. Figure 33.7 shows the query itself. Notice in Figure 33.7 that the Run Permissions property has been set to Owner's. Figure 33.8 shows the resulting SQL. Notice the WITH OWNERACCESS OPTION clause at the end of the SQL statement. When any member of the Staff group (who has no other rights to tblEmployees) runs the query, that member inherits the Supervisor group's capability to read and modify the table data.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint