Prev: Splitting Access 2007 dB on Citrix network
Next: trying to put 2 lines into 1
From: Tom van Stiphout on 27 May 2010 22:51
On 27 May 2010 16:50:49 GMT, "David W. Fenton"
<XXXusenet(a)dfenton.com.invalid> wrote:

I meant: several users using the same computer in a common area AT THE
SAME TIME, i.e. the computer is logged in by some user, and several
others walk up there from time to time and do some work without
logging in as themselves.

-Tom.
Microsoft Access MVP


>Tom van Stiphout <tom7744.no.spam(a)cox.net> wrote in
>news:u5trv55aej1lfalgh4smocv79agi36s19f(a)4ax.com:
>
>> On 26 May 2010 21:10:57 GMT, "David W. Fenton"
>><XXXusenet(a)dfenton.com.invalid> wrote:
>>
>> Re 1: I don't understand your question. The workstation matters
>> little since the groups information comes from the AD computer
>> (typically the PDC).
>
>Then I don't understand this passage:
>
> Own workstation and user account
>
> The solution presented here depends on a Windows user's membership
> in various Active Directory groups. We will ask Windows who is
> logged in to the computer, and then ask Active Directory which
> groups this user is a member of. If several users with different
> security levels share the same computer in a common area, or if
> several users with different security levels login on several
> computers as the same Windows user, this solution is not for you.
>
>I dont see how it's relevant if multiple users use the same
>computer, as if you request info from AD, you'll get the correct
>information regardless of who is logged on.
>
>> Re 2: I see the benefits as:
>> * AD is a relatively well-known feature.
>
>So is NTFS security.
>
>> * It has a decent UI to create groups and assign people
>
>NTFS security groups are created/managed through the same UI. That
>is, and AD group is just a representation of an NTFS group.
>
>> * It is widely available (all domains)
>
>So is NTFS security.
>
>> * It is therefore pretty much idiot-proof
>
>NTFS is moreso, because it's less elaborate.
>
>You haven't provided a single justification for AD over use of NTFS
>security via API calls in an Access app. Sure, LDAP queries and all
>that are handy if you're working from a database that can't make API
>calls, but that's not the case in an Access app.
>
>As I said, the only reason I ever wanted to use AD was for something
>that exists only in AD and not in NTFS security (i.e.,
>Organizational Units, which indicated geographical location in the
>domain I was working in).
>
>> Hey David, the invitation is still open to write an article for
>> this blog. Maybe one about the intersection of Security and
>> Replication?
>
>I wouldn't know what to say on that subject.
>
>I also consider it moribund, though still quite useful for the
>random travelling laptop user. In terms of security, it's the same
>as security without replication, so I don't see any utility in
>joining the two subjects.
From: Tom van Stiphout on 27 May 2010 23:38
On 27 May 2010 16:50:49 GMT, "David W. Fenton"
<XXXusenet(a)dfenton.com.invalid> wrote:

Also, after reading all your "me too" answers: perhaps we are talking
about the same thing, and it is just a matter of semantics. If not,
post a link and maybe I can update the blog post.

-Tom.
Microsoft Access MVP


>Tom van Stiphout <tom7744.no.spam(a)cox.net> wrote in
>news:u5trv55aej1lfalgh4smocv79agi36s19f(a)4ax.com:
>
>> On 26 May 2010 21:10:57 GMT, "David W. Fenton"
>><XXXusenet(a)dfenton.com.invalid> wrote:
>>
>> Re 1: I don't understand your question. The workstation matters
>> little since the groups information comes from the AD computer
>> (typically the PDC).
>
>Then I don't understand this passage:
>
> Own workstation and user account
>
> The solution presented here depends on a Windows user's membership
> in various Active Directory groups. We will ask Windows who is
> logged in to the computer, and then ask Active Directory which
> groups this user is a member of. If several users with different
> security levels share the same computer in a common area, or if
> several users with different security levels login on several
> computers as the same Windows user, this solution is not for you.
>
>I dont see how it's relevant if multiple users use the same
>computer, as if you request info from AD, you'll get the correct
>information regardless of who is logged on.
>
>> Re 2: I see the benefits as:
>> * AD is a relatively well-known feature.
>
>So is NTFS security.
>
>> * It has a decent UI to create groups and assign people
>
>NTFS security groups are created/managed through the same UI. That
>is, and AD group is just a representation of an NTFS group.
>
>> * It is widely available (all domains)
>
>So is NTFS security.
>
>> * It is therefore pretty much idiot-proof
>
>NTFS is moreso, because it's less elaborate.
>
>You haven't provided a single justification for AD over use of NTFS
>security via API calls in an Access app. Sure, LDAP queries and all
>that are handy if you're working from a database that can't make API
>calls, but that's not the case in an Access app.
>
>As I said, the only reason I ever wanted to use AD was for something
>that exists only in AD and not in NTFS security (i.e.,
>Organizational Units, which indicated geographical location in the
>domain I was working in).
>
>> Hey David, the invitation is still open to write an article for
>> this blog. Maybe one about the intersection of Security and
>> Replication?
>
>I wouldn't know what to say on that subject.
>
>I also consider it moribund, though still quite useful for the
>random travelling laptop user. In terms of security, it's the same
>as security without replication, so I don't see any utility in
>joining the two subjects.
From: Arvin Meyer on 28 May 2010 02:49
The MDB format is in use in millions of databases. If Microsoft didn't
support it, there would be millions (maybe as many as hundreds of millions)
of files that might not work. At any rate, Access 2010 definitely supports
the MDB format. If you want User Level Security, you have no choice
whatsoever. MDB is the ONLY file format that supports it.

IT had been traditionally ignorant of databases, and especially so of Access
databases. Their knowledge exists solely of hearsay, and the have no
documentation to back up their views.

In the end, you have a choice, if you want ULS, you must use the MDB format.
Of you want less security and require multi-value and attachment fields you
must use the ACCDB format. For me, it's a no-brainer. Under no condition
will I be using multi-value or attachment fields, so I almost always opt for
the MDB format. I use ACCDB only rarely.
--
Arvin Meyer, MCP, MVP
http://www.datastrat.com
http://www.accessmvp.com
http://www.mvps.org/access
Co-author: "Access 2010 Solutions", published by Wiley


"JeffP" <no-reply(a)asken.com.au> wrote in message
news:Z-OdnaMIyshjTmDWnZ2dnUVZ_sydnZ2d(a)westnet.com.au...
> But for how long? Surely moving forward with the new format is better.
>
> Anyway, I won't be going back and I need to find a reasonably good way of
> doing this.
>
> "David W. Fenton" <XXXusenet(a)dfenton.com.invalid> wrote in message
> news:Xns9D84AE0A6D5FFf99a49ed1d0c49c5bbb2(a)74.209.136.88...
>> "JeffP" <no-reply(a)asken.com.au> wrote in
>> news:0rmdndL1_OgaAmHWnZ2dnUVZ_tCdnZ2d(a)westnet.com.au:
>>
>>> Not really at the moment, but the clients IT guys stipulated 2007
>>> format so no going back. And in this case I don't think reverting
>>> back to a MDB format is a good solution.
>>
>> MDB is a native format for A2007. It's just not the *new* format.
>>
>> --
>> David W. Fenton http://www.dfenton.com/
>> usenet at dfenton dot com http://www.dfenton.com/DFA/
>
>


From: David W. Fenton on 28 May 2010 19:22
Tom van Stiphout <tom7744.no.spam(a)cox.net> wrote in
news:5rbuv5l2shu0pcpi4i69uaveb0ij1gq9sm(a)4ax.com:

> I meant: several users using the same computer in a common area AT
> THE SAME TIME, i.e. the computer is logged in by some user, and
> several others walk up there from time to time and do some work
> without logging in as themselves.

Oh! Yes, of course that would be a problem. Perhaps you can edit
your blog to make that clearer?

--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/
From: David W. Fenton on 28 May 2010 19:24
Tom van Stiphout <tom7744.no.spam(a)cox.net> wrote in
news:pheuv5p0vaepphlifc93okodoe3ptto0cj(a)4ax.com:

> Also, after reading all your "me too" answers: perhaps we are
> talking about the same thing, and it is just a matter of
> semantics. If not, post a link and maybe I can update the blog
> post.

I don't deny that access to AD from Access is not useful, but if all
you're using via AD are the NTFS security groups, you could have
done that with API calls that did not need to involve AD.

No?

--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: Splitting Access 2007 dB on Citrix network
Next: trying to put 2 lines into 1