|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Users Group and User PermissionsI'm about to launch my first secured, multi-user application, and seem to
have set up the workgroup correctly, following the MS white paper step-by-step. The Users group currently has no permissions on any object. I have two questions: - Do I need to assign Read/Run permissions to the forms that they will use? How about their underlying tables or queries? - Some of the forms have command buttons that execute a stored query. Do they need any permissions for the query itself? Thank you. Sprinks Sprinks wrote:
> I'm about to launch my first secured, multi-user application, and They, who? The Users Group; No. But for the group you set up for your > seem to have set up the workgroup correctly, following the MS white > paper step-by-step. The Users group currently has no permissions on > any object. I have two questions: > > - Do I need to assign Read/Run permissions to the forms that they > will use? How about their underlying tables or queries? 'users', yes you need to assign Open permission on the form (there is no read/run permissions). You'll also need to grant as a minimum, read data/design on the recordsource for the form(s). If you want them to be able to insert records, then they'll need insert permission on the recordsource. Same for update (edit) and delete. > - Some of the forms have command buttons that execute a stored query. Yes, again as a minimum they'll need read data permission; and > Do they need any permissions for the query itself? update/insert/delete permission if you want them to be able to do that in the query. -- Joan Wild Microsoft Access MVP Thank you, Joan. Yes, I meant Open/Run rather than Read/Run.
I am somewhat confused about this "Users" group. I had placed made all of my workgroup members into this group, managers into a Managers group, and myself and a backup into the Admins group, after deleting the Admin user. Are you saying not to use the Users group at all? Thank you. Sprinks Show quoteHide quote "Joan Wild" wrote: > Sprinks wrote: > > I'm about to launch my first secured, multi-user application, and > > seem to have set up the workgroup correctly, following the MS white > > paper step-by-step. The Users group currently has no permissions on > > any object. I have two questions: > > > > - Do I need to assign Read/Run permissions to the forms that they > > will use? How about their underlying tables or queries? > > They, who? The Users Group; No. But for the group you set up for your > 'users', yes you need to assign Open permission on the form (there is no > read/run permissions). You'll also need to grant as a minimum, read > data/design on the recordsource for the form(s). If you want them to be > able to insert records, then they'll need insert permission on the > recordsource. Same for update (edit) and delete. > > > - Some of the forms have command buttons that execute a stored query. > > Do they need any permissions for the query itself? > > Yes, again as a minimum they'll need read data permission; and > update/insert/delete permission if you want them to be able to do that in > the query. > > > -- > Joan Wild > Microsoft Access MVP > > > That is correct. Don't use the Users Group. That group is common to all
mdw files. Any permissions you give to that group, you are giving to the 'world'. You need to ensure that the Users Group has NO permissions. Create a separate group for your end users. Also, you did not delete the Admin user - that is impossible. You likely/should have removed them from the Admins Group. -- Show quoteHide quoteJoan Wild Microsoft Access MVP Sprinks wrote: > Thank you, Joan. Yes, I meant Open/Run rather than Read/Run. > > I am somewhat confused about this "Users" group. I had placed made > all of my workgroup members into this group, managers into a Managers > group, and myself and a backup into the Admins group, after deleting > the Admin user. > > Are you saying not to use the Users group at all? > > Thank you. > Sprinks > > "Joan Wild" wrote: > >> Sprinks wrote: >>> I'm about to launch my first secured, multi-user application, and >>> seem to have set up the workgroup correctly, following the MS white >>> paper step-by-step. The Users group currently has no permissions on >>> any object. I have two questions: >>> >>> - Do I need to assign Read/Run permissions to the forms that they >>> will use? How about their underlying tables or queries? >> >> They, who? The Users Group; No. But for the group you set up for >> your 'users', yes you need to assign Open permission on the form >> (there is no read/run permissions). You'll also need to grant as a >> minimum, read data/design on the recordsource for the form(s). If >> you want them to be able to insert records, then they'll need insert >> permission on the recordsource. Same for update (edit) and delete. >> >>> - Some of the forms have command buttons that execute a stored >>> query. Do they need any permissions for the query itself? >> >> Yes, again as a minimum they'll need read data permission; and >> update/insert/delete permission if you want them to be able to do >> that in the query. >> >> >> -- >> Joan Wild >> Microsoft Access MVP Joan,
Thank you. Sprinks Show quoteHide quote "Joan Wild" wrote: > That is correct. Don't use the Users Group. That group is common to all > mdw files. Any permissions you give to that group, you are giving to the > 'world'. You need to ensure that the Users Group has NO permissions. > > Create a separate group for your end users. > > Also, you did not delete the Admin user - that is impossible. You > likely/should have removed them from the Admins Group. > > > -- > Joan Wild > Microsoft Access MVP > > Sprinks wrote: > > Thank you, Joan. Yes, I meant Open/Run rather than Read/Run. > > > > I am somewhat confused about this "Users" group. I had placed made > > all of my workgroup members into this group, managers into a Managers > > group, and myself and a backup into the Admins group, after deleting > > the Admin user. > > > > Are you saying not to use the Users group at all? > > > > Thank you. > > Sprinks > > > > "Joan Wild" wrote: > > > >> Sprinks wrote: > >>> I'm about to launch my first secured, multi-user application, and > >>> seem to have set up the workgroup correctly, following the MS white > >>> paper step-by-step. The Users group currently has no permissions on > >>> any object. I have two questions: > >>> > >>> - Do I need to assign Read/Run permissions to the forms that they > >>> will use? How about their underlying tables or queries? > >> > >> They, who? The Users Group; No. But for the group you set up for > >> your 'users', yes you need to assign Open permission on the form > >> (there is no read/run permissions). You'll also need to grant as a > >> minimum, read data/design on the recordsource for the form(s). If > >> you want them to be able to insert records, then they'll need insert > >> permission on the recordsource. Same for update (edit) and delete. > >> > >>> - Some of the forms have command buttons that execute a stored > >>> query. Do they need any permissions for the query itself? > >> > >> Yes, again as a minimum they'll need read data permission; and > >> update/insert/delete permission if you want them to be able to do > >> that in the query. > >> > >> > >> -- > >> Joan Wild > >> Microsoft Access MVP > > > 
Other interesting topics
Security warning when opening a file
Patch problem Access 2003 (SP2) Printing Problem Moving .mdw file New security warning messae How can I get an Access database to use data from an outside Form Help: Access 2003 not reading the signatures Set Start up Security to not show Tool Bars and now i can't get in Access 2003 In a shared database, can the administrator boot users |
|||||||||||||||||||||||
