I think what you and Craig are saying make sense, technically. But the problem is that working with AD (at this particular organization) requires involving IT. Yesterday I exchanged emails with the business manager of the department that will be using the application. I described all the various options of how we can do it. But I sense that every time I say or write "IT" his blood pressure goes up. This is the politics of a very big organization. His last words were "the less we have to do with IT, the better off we are". Therefore I don't want to fight him on this. Btw, my application (already being used in other locations of this organization for many years) uses an "encryption" of password and it works. I was just trying to improve how it works. Hence I brought up a couple of threads and questions on the topic. I felt that I should "improve" the encryption. Doing Hash() is one approach, AD is another. I will continue exploring the hash() approach but the AD is out of the picture.
Thank you!


>Technically "doable" Craig is spot on mentioning multiple groups. Unless there is an admin with positive interest in your app it might not be advisable ;-))
>But why not give basic secured access to your app via AD and restrict visible area (site #?) via login name ?
>
>>Thank you very much. The more I learn about this process/approach the more I think it won't fly (in this particular organization). Back to the encryption or hash approach.
>>
>>>You could do this in the application or in AD. If done in AD, there would be multiple groups for your application. You could query AD to determine which groups the user is in and expose functionality that way.
>>>
>>>
>>>>This explains some things. Thank you.
>>>>
>>>>But in my application a user would have to be assigned to a specific area of the application, by the application Administrator. The customer wants this to be transparent to the user. That is, when user John Smith loads the application, the value of "Site Number" (hidden from the user in a table) is set to the application object. And based on this Site Number the user will have a restricted access. Therefore, if AD is the way to go, I would need to give the VFP Administrator a tool to set each user (from AD) to a Site. Maybe this is not possible; this is why I am asking.