|[ Team LiB ]|
Recipe 10.6 Adjust an Application Based on Who's Logged In
You've secured your database so that certain classes of users can't edit data using a particular form or run a specific report, but this doesn't prevent them from trying to open the form or report and receiving a permission error. You'd like your application to adjust itself based on the current user's security level. Is there any way to accomplish this?
Using VBA code, you can create a function that determines if the current user is a member of a security group. Based on the value this function returns, you can change any runtime property of any form or control, thus adapting your application to the user's security level.
Now start Access. You will be prompted for a username and password. Enter the name of a user from the Solution in Recipe 10.1s Table 10-1. With the exception of the Paul and Admin accounts, the passwords for these are blank. (The passwords for the built-in Admin account and the Paul account are both "password"; note that case is significant.)
Load 10-06.MDB and open the frmSwitchboard form. Depending on which user you logged in as, you will see either a Manager-, Programmer-, or Default-level form. For example, Manager-level users will see two Manager buttons and a Close button. In addition, a Close menu item will be included in the File menu. In contrast, a member of the Programmers group will see two Programmer buttons, no Close button, and no File Close menu item.
To implement this system in your own database, follow these steps:
By default, the form is saved with the least-secure options set; if anything goes wrong, this provides a little extra assurance. When any user opens frmSwitchboard, the Load event procedure is called, and the form's look and feel is customized on the fly. Group membership is determined using the acbAmMemberOfGroup function found in basGroupMember:
Public Function acbAmMemberOfGroup(strGroup As String) Dim wrk As DAO.Workspace Dim usr As DAO.User Dim strTest As String Set wrk = DBEngine.Workspaces(0) ' Refresh collections to stay in synch with ' Access UI wrk.Users.Refresh wrk.Groups.Refresh ' Set up pointer to current user Set usr = wrk.Users(CurrentUser( )) ' Handle errors in line On Error Resume Next ' If any property of the Groups collection ' using the passed-in group works then we're ' a member. Otherwise an error will occur ' and we can assume we are not a member. strTest = usr.Groups(strGroup).Name acbAmMemberOfGroup = (Err.Number = 0) Err.Clear End Function
This function is simple: it determines if a user is a member of a group by setting a pointer to the Users collection of the current user and then attempts to get the name of the group in the Groups collection of that user. If this fails, the user is not a member of the group in question. If it succeeds, the user must be a member of the group. See the Solution in Recipe 10.5 for more details on the programmatic manipulation of user and group collections.
We could have based the form customizations on the name of the current user using the built-in CurrentUser function, but this requires us to consider each user individually, which should be avoided if possible. It's much easier to manage groups of users rather than individual users. Still, you can always add more tests to the If...Then statement in the Load event procedure.
It's important that you include an Else clause in the If...Then statement of the Load event procedure to handle users who are not members of any of the groups for which you have tested. In the sample event procedure, we have tested for membership in only the Managers and Programmers groups. Any users who are not members of either group are handled by the Else clause.
|[ Team LiB ]|