The Forgotten

I’m going to depart from my usual Access oriented blogging to talk about a subject very close to me. As the 15th Anniversary of 9/11 has approached I am, again, annoyed and chagrined at how one group of those affected is paid short shrift in the media coverage of the event. I refer to the ordinary people lucky enough to have survived the horrors and devastation of that day. You see I am one of that group.

I don’t want to take anything away from those who lost their lives in the Towers and especially not to the First Responders who bravely rushed in to do what they could after the planes hit the Towers. Or even those who lost loved ones on that day. But there are many of us who were lucky to have gotten out of the Towers and away from the collapse. Yet you hear little about those. I was inspired to write this by a column that appears in today’s (9/10) LI Newsday by Mike Vogel. Mr Vogel wrote about a 12 year old girl, Helaina Hovitz, who was evacuated from Intermediate School 89, near the World Trade Center. The column wrote how she begged the parents of a classmate to take her with them. How she and her classmates became sensitive to overhead planes and car backfires. How she struggled with post traumatic stress disorder through adolescence and young adulthood.  To her credit she emerged from this to become a journalist and author (After 9/11: One Girl’s Journey Through Darkness to a New Beginning).

My story is nowhere near as dramatic. I was in my office on the 50th floor of the South Tower that morning. I heard the crash of the first plane and looked out my window to see smoke coming out of the North Tower and debris raining down. Our corporate security people came running through the office telling everyone to get out. I was in a stairwell on the 16th floor when the second plane hit. The building shook and the lights went out briefly. When we reached the ground level the plaza looked like a war zone, flaming debris everywhere. The police ushered us down to the Concourse level telling us to head north.

From here my luck was tremendous. I managed to catch one of the last subway trains heading north and got to Penn Station in time to catch one of the last LIRR trains leaving Penn Station. I was home before noon unscathed. I don’t seem to have suffered any adverse affects of that day either physically or mentally. Though I was a bit jumpy about planes flying overhead for a little while afterwards.

I write this in the hope that people will remember that not all the victims of 9/11 were those who died in the attacks and those who survived them or those affected by the rescue efforts. But there is a third group that needs to be remembered.

I belong to a group that represents this group. The World Trade Center Survivor’s Network can be found at Please help remember those who survived on that day.

Access is Alive and Kicking

I am happy to report that is real evidence that Access is considered a viable product by Microsoft and that resources are being devoted to improving and enhancing Access. The first piece of evidence is that Access has been added to Official Office 365 Roadmap site. This site is about planned updates for Office 365 subscribers. For the first time Access is now included in the list of apps. Check out this site, Click on the Filters tab and there is Access.

The second piece of evidence is that the development team listened to the feedback given at And support for dbf files is being restored to Access 2016. This information is detailed in the Acess section of the Office Blogs found here:

There appears to be exciting times on the horizon for Access fans. Enhancement are being looked at for the desktop version that will extend is scope and reach. I hope to have more reports for you in the not too distant future. Keep tuned in.

What is Access?

As one can see, my blog concentrates on Microsoft Access. As a long time database developer who has worked on designing database applications on several platforms with several products (starting with dBase III, working through FoxPro on finally concentrating on Access) I have the knowledge and experience to give advice on Access development.

It occurred to me that I have never actually defined what Access is. As I start this I’m attending Microsoft’s annual MVP (Most Valuable Professional) Summit. This is chance for MVPs to gather, interact with their Product Groups and other MVPs. So we’ve been talking about Access a lot over the last few days. It occurred to me (though not for the first time) that Access is a much misunderstood product. So I decided to blog about what Access actually is.

Most people think of Access as a database. To do so shortchanges Access because it is much more. Sure a database is part of Access, but only a part. I like to describe Access as an Application Development platform. In that, Access is not much different from Visual Studio or other, comparable, development environments. Access comprises several components that all can be used to develop an application that people can use.

The first is a Forms Designer. Access has a Forms Designer that allows the developer to create powerful interactive forms that enter/edit data, view data, process data, do work flows and more. With the Forms Design Wizard, even a novice can create a nice looking form to enter or view data. With the use of process controls like command buttons, subforms, split forms and data controls like combo boxes, list boxes, option groups and text boxes, one can easily create powerful, interactive forms that can work with data or not.

The second component is a Report Writer. Access has one of the best Report Writers in the business. Many people use Access almost solely to create reports on data. The Report Writer is a banded tool that allows very powerful grouping, summarizing and analysis of data. As with the Forms Wizard, the Report Wizard, makes it easy for even the novice to create nice looking yet powerful reports that can be printed (both hardcopy and electronic) or even interacted with. Just the Report Writer alone is almost worth the price of admission.

The next component I want to discuss is the Query Designer. Generally used in conjunction with other components, the Query Designer provides a graphical interface to build SQL statements that can be saved and run directly or used in code modules. I will admit that the SQL generated through Query Design mode is not the best (too many parentheses, etc.) but it is workable. It also provides a way to learn SQL by seeing the code generated through the graphical interface. Queries are integral to getting data out of a relational database. At lot of activities in Access revolve around queries that pull the relational data together.

Another component to discuss is automation. Access contains two ways to provide automation for processing. First, let me state that automation is a more advanced feature of Access. People can build viable applications without using automation at all. But, with automation, the developer can provide end users with a full-fledged application that can does not need any knowledge of Access on the part of the user. But the macro language

Automation comes in two flavors; macros and VBA. The macro language was greatly improved in 2010. Prior to 2010, the macro language was rudimentary, not very powerful, and, in my humble opinion, not worth using. Since 2010, you have a language that is more powerful, more flexible and is usable in lots of situations. In addition, if you are designing a WEB App, your only choice for automation is macros. The other flavor is VBA. Visual Basic for Applications is a superset of the Visual Basic language. In addition to all the VB commands there are objects, methods, properties and classes specific to the application you are working in. With all that, VBA is a powerful language. There is very little that can’t be done in VBA. Many have extended Access greatly using custom VBA functions and procedures.

Finally, Access comes with a database component. This component has gone through lots of changes over the various versions. Previously called the Jet Engine it is now referred to as ACE (originally Access Connectivity Engine, now Access Database Engine). ACE is the native database store for Access. ACE is the weakest link in the family of components that comes with Access. But one of the strengths of Access is that it can connect to a variety of data stores. An Access application can connect to a variety of data stores. Anything from the freely distributable SQL Express, through text files, Excel or anything with an ODBC connection like SQL Server, Oracle, DB2 and more. And you can combine these connections to pull data from a variety of sources.

So Access was designed to work with relational databases. It was also designed to work in a multi-user environment. This makes Access very scalable in a variety of uses.

Because Access is a platform for developing applications it can be used on a variety of levels. The single end user can use it to develop simple applications for their personal use. The “knowledge worker” can “develop” multi-user applications to share data among a small workgroup. The experienced developer can create applications that can be used on a variety of levels in small to medium size businesses.

It has to be remembered that Access is not simply a database. If one looks on Access as a database one is missing the full breadth of features and capabilities that Access brings to the table. As an experienced Access Developer I am proud of the applications I’ve developed and how they have helped people with their jobs and hobbies.

I’ll close with a bit of a shameless plug. I’ve spent a significant portion of my life in helping people use Access to its fullest extent. I’ve done this as a volunteer on several Web forums like,, and more. I’ve done it through this blog. I’ve done it as teacher in a variety of venues (most recently for the Continuing Ed department of Hofstra University). I’ve also done this as a paid consultant for a variety of clients. So if I can help you make the most of Access, feel free to contact me through the various venues mentioned.

ICANN, Legalized blackmail?

The Internet Corporation for Assigned Names and Numbers (ICANN) is an international organization charged with maintaining the Domain Name System (DNS). If you are not aware, when you type a Web address into a browser there is are servers on the Internet that match up the domain to an IP address. The browser then connects to the computer that IP address is assigned to. The Web server on that computer then delivers web page back to your browser which renders the page into what you actually see,

ICANN was created to manage the Web addresses and maintain the servers that hold the databases on these DNS servers that translate a web address into an IP address. Originally web addresses fell into one of several top level domains (TLDs). These were:

COM: Commercial

ORG: Organization

NET: Network

GOV: Government

EDU: Education

MIL: Military

These stayed as the only TLDs for a long time. But people started asking for more. New ones like .BIZ and .INFO were added. Some of these have made sense. But what doesn’t make sense is not qualifying applicants for these domains. For example. One of the new TLDs called Generic Top Level Domains (gTLD) is .actor. But there is no verification that an applicant for such a domain is an actor.

But the real problem here is that corporations and individuals are now trying to protect their brand by registering these domains to protect their names. It recently hit the news that Taylor Swift registered and to prevent someone else from registering those domains. Similarly Microsoft registered and They were offered the chance to do so before the June 1 opening period when it becomes first come, first served in registering such domains.

To me that smacks of legalized blackmail. Are all these domains really necessary? Why should individuals or organizations with recognizable names and trademarks even need to pay money to protect their names? Why shouldn’t there be a vetting process to prove that a) an applicant is entitled to use the names and b) their site fits with the gTLD.


In Memoriam

Paul Louis Diamond

10-12-1943 to 8-21-2014

My brother died today after a long illness. He died the way he lived his life, on his own terms. He fought the deterioration of his body with every ounce of his waning strength.

I loved and respected my brother. Though we often butted heads and didn’t see eye to eye on a lot of things, he was my big brother. Growing up he was always protective of me (he was the only one allowed to rag me) but he was always there for me. Now he won’t be!

He was a very strong willed person with strong beliefs, sometimes to the point of pigheadedness. As such, he was sometimes hard to take. But his beliefs came from careful consideration of his interpretation of the facts. And he was an intelligent person, who could make most arguments sound logical.

We were brought up by our parents to be generous and giving. Paul very much adhered to those principles. This is evidenced even in death as he has had his body donated to a medical school to see if they can determine why he lived many years longer than his doctors thought he would. As a lifelong smoker, battling diabetes and obesity, it is somewhat surprising that he is cancer free and survived as long as he did.

My brother was something of a character. My mother taught us the value of a vocabulary and Paul took it to extremes. He would never use a match to light up, but rather an incendiary primer. One of our family stories is about embarrassing my girlfriend (who married me despite this). We were at a picnic and my mother had forgotten the catsup. Linda asked how we could eat hamburgers without catsup. Paul’s reply was you put it in your mouth and you masticate. Linda, being vocabularily challenged mistook the word. I have a lot of stories about his sense of humor and idiosyncrasies that represent fond memories.

Paul never had children of his own, but took a great deal of interest in my daughter and was her favorite uncle. He was great with children and beloved by many young nieces and nephews. He is survived by myself and my daughter and his wife, Colleen. Colleen deserves special mention here as she has been a rock in dealing with Paul’s health issues, moods and taking excellent care of him. I don’t think I can ever adequately express my appreciation for what this has meant to us.

I can’t imagine what Paul has had to go through with the deterioration of his body. I am amazed at how much he has maintained his good humor throughout, though I haven’t been in contact with him on a daily basis. Hopefully, he can now rest from the fight.

I know that there are several people who will miss him as I will. I will remember him for what he was during his life, not what he was during his final battle to hang on to life. For the joie de vivre that he had, for the generosity that he showed, for just being a unique personality. The picture below, of Paul and Colleen, is how I will remember him.

R.I.P my big brother


Family and friends gathered 8/23 At Paul and Coleen’s home for a balloon send off: Facebook Status

Comments are welcome,

Securing Back Ends

Ask any knowledgeable Access developer and they will tell you any Multi-User application or any application supported by someone other than the user NEEDS to be split into a back end (containing the tables only) and a front end (containing everything else). This is essential for stability and development needs. In most cases the back end is then stored on a shared network folder.

The users then need all but Full Control to that folder. This is because Access creates a locking file (ldb/laccdb) whenever any Access file is opened. So the user needs to have the rights to create this file, modify it and delete it.

But there is a way to hide this folder, though it’s not 100%. This article shows you how to do this through an extended permission called Traverse folder.

Basically what you need to do is create a folder to act as a container for your back end folders. Within this folder you create another folder for your back end files. You can either use a single folder or individual ones. My company has create a single folder so that’s what I will illustrate.
We have a shared network drive mapped as S:\ for all users. Within that share we have a folder I’ll call Miscellaneous for this example. Within that folder I have another folder called Back_ends where I store the back end files. It looks like this to a Domain Admin account:

However, to a Domain User account the Miscellaneous folder will not appear. This is because only Traverse rights to the Miscellaneous folder have been granted to Domain Users. Following shows the permissions assigned to Domain Users:

To set Traverse access, you would first uncheck all but the Write permission under the Allow column. Next you press the Advanced button to set Special Permissions. Select Domain Users under the Permissions tab and press the Change Permissions button:

Select to Edit permissions and set permissions as shown below:

You may not need the create and write permissions, but it shouldn’t hurt. The key is the Traverse Folder permission.
Once you do that, Domain Users will not be able to get to the Back_ends folder unless they know the exact name of the Traverse folder. So they can Type in S:\Miscellaneous\Back_ends and see that folder. As I said it’s not 100% but it will inhibit the average user.

Audit Trail using Data Macros

There are different ways to do audit trails in Access. Up until Access 2010, these had to be implemented on the Form level. But Access 2010 has Data macros which operate on the Table level, so they will capture if someone bypasses your security (see my blog on Login Security using VBA) and makes changes in the table itself.
Setting up such an AuditTrail is a little more cumbersome but does provide a greater level of protection.
The first step is creating a table to hold the Audit Trail information. The following shows the design of this table:

The fields are pretty obvious. This table records the table and field that was changed, the RecordID (PK Value) of the changed record, the old and new value and who changed the record and when.
The next step is to open the table you want to audit in Design Mode. From the Table Design ribbon pull down the list of Data Macro events and select After Update event as shown below:

This will open the Macro Design environment where you can build the macro.
The screen shot below shows the macro commands to cover one field:


The first command is an IF command that is triggered if the field value changes. It uses the Updated function with the field name as the argument. The next step is the Create a Record command which uses the argument of tblAuditTrail. This will be the name of your Audit Trail table.

From there you add a SetField command for each field in your Audit Trail table (except for the autonumber PK, which is filled in automatically). The first field is the Tablename which is hardcoded. The next is the RecordID which is filled in by a reference to the fieldname. Then the ChangeBy field is populated with the ID of the user. In this example I am using the fOSUsername() function found at (see Note). Next, I populate the FieldName, which is again hardcoded. Following are the Old and New values. I use the Old command with the fieldname as the property to capture the previous value. Then reference the tablename.fieldname. Finally, I set the ChangeDate to Now().
To place an Audit Trail on other fields, you can collapse the If and then copy and paste to add another set. Change the fieldname information as needed.
Save the macro and close the editor.
You can test by making changes to the fields you have place an audit trail on and then checking tblAuditTrail to make sure the changes were recorded.
You can also capture Deletes similarly using the After Delete event and writing all the fields to a deleted records table. Again using Create A Record and SetField for each field.
I have a sample file (see link below) that contains a table with Audit Trail and the Audit trail table as well as a form to edit the audit trail table and modules with the needed functions. Note: Both Front end and back end need to be in the same folder.

Note: If you use my Login Security techniques or some other way of capturing the current user, you may need to create your own function to replace fOSUsername(). Following is an example:

Public Function fUser()
fUser = Forms!frmLogin!cboUser
End Function

You can assign to fUser whatever you use to capture the current logged in user.

Limitation: This does not work with certain data types. An error 20342 is thrown with description The Updated function is not supported for memo, rich text, hyperlink, OLE Object, multi-value, or attachment fields. If you have one of those data types, then I would recommend using a VBA alternative (see Comments). In the case of multi-value or attachment data types, you can replace then with a child table.

Audit Trail Sample