I want to revisit a question I have raised: how to restrict access to certain databases that are located on a server. In an office environment this ability is critical. Currently, as I understand it, if a person on a network can access a server, then he/she can download any database on that server. I wonder if this can be changed? I had two ideas, but I have no idea if either is feasible.
Restrict Server Admin access with a password.
Prevent Server Admin access to those logged in as a User.
Any other ideas?
I had a earlier post about using more than one server which would permit a hierarchical approach to database access, but that has some disadvantages–requiring more than one computer to host servers, for example.
What do you think, Jim?
I’ve been thinking about this since your earlier email to me. I’m not sure restricting access to Server Admin is feasible, but I’ll continue thinking about it. It may also be possible to add some way to restrict downloading of specific databases to only users with a certain minimum access level.
Remember also that you can restrict what level is allowed to open a database, or to access standard UI features. So you can create a database where users logged in as a User cannot access the data sheet, or menu items, and have to use only the forms and procedures you allow. Of course that could be a lot of work to set up.
For all the databases at Smith Duggan, the database security features will be enabled, and one must be a User to open the database. And normally I would prevent users from making changes or accessing the standard UI. I do this because the databases are designed to work with low computer skill people so they can easily accomplish what they must do without the risk of doing any harm or getting confused about what to do.
I see that I can prevent opening a database by anyone who is not a Developer or Admin. That would be helpful. Then I can also encrypt the data so that it cannot be read with a text editor.
I think I can set up a reasonable security system at Smith Duggan with these features. But in a larger organization, I doubt it could be done in a satisfactory manner. If you have only two categories of users (in terms of which databases they may open), and one was a subset of the other, then you could control that with the User/Developer difference.
But suppose you have three databases and three groups of users. Group A can access databases 1 and 2. Group B can access databases 2 and 3. Group C can access all databases. (I am ruling out using the Admin category for this purpose; you can’t have a bunch of Admins in my opinion.) I don’t see how to do this without using more than one account and additional servers, which I described earlier as a possibility.
These schemes could easily get very complex. That led me earlier to think that a password system to download or to open a specific database would work to restrict access to the Group that is allowed access.
If the user isn’t authorized, they won’t be able to download databases (or do any other admin activity). So for now, databases would have to be manually delivered to them (via email, usb stick, etc.). Which is probably fine for most applications, but I’ve got some ideas for streamlining this further.
I think this is an excellent improvement and will make the PanX Server viable in organization with lots of people and the need to control access to the Server. Thank you for working on this.
