|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
RWOP and database permissions on backendMy app setup is to use RWOP queries and revoke permissions on the "database"
in the backend. So the 'Users' group has no permissions on the database in the backend. But what about the other groups: Admins and my custom group called PowerUsers. How should I be setting the permissons on the database object of the backend. Thanks. -- Message posted via AccessMonster.com http://www.accessmonster.com/Uwe/Forums.aspx/access-security/200610/1 They'll need Open Permission on the database object.
-- Show quoteHide quoteJoan Wild Microsoft Access MVP rdemyan via AccessMonster.com wrote: > My app setup is to use RWOP queries and revoke permissions on the > "database" in the backend. > > So the 'Users' group has no permissions on the database in the > backend. But what about the other groups: Admins and my custom group > called PowerUsers. How should I be setting the permissons on the > database object of the backend. > > Thanks. > > -- > Message posted via AccessMonster.com > http://www.accessmonster.com/Uwe/Forums.aspx/access-security/200610/1 Sorry, it's been quite some time since I've thought about this.
The idea is that no groups should have permissons on the tables. All groups to which individuals will be assigned need to have at least permissions to open/run the "Database". I only assign individuals to the Admins or PowerUsers group and these groups have open/run permissons. The Access default "Users" group does not have any permissions to open/run the database. Now my question is what permissions do I need to give in the front end. A recent update that I emailed my client failed to create back-end links for a person who is a member of the PowerUsers group. Keep getting error 3044. However my startup code deletes all table links at startup and then links the tables depending on the back-end location passed into my app from the launching program. This has never failed in the past. I thought maybe I had a corrupt front end, so I sent him a new version. Same problems. Interestingly, when I temporarily reassigned this PowerUser to the Admins group, everything worked just fine. The only difference I can think of that might relate to this problem showing up in my app update is that I had to give the PowerUsers group Open Exclusive permissions on the front end. This is because they recently had copies of Adobe Professional 7.0 installed on their PCs. Adobe 7.0 was setup to add its toolbars to my custom toolbars. This cause an exclusivity error for PowerUsers (not Admins who have Open Exclusive permissions). Giving PowerUsers Open Exclusive permissions has gotten rid of the Adobe problem, but maybe somehow is causing this problem. However, I can't see how. Appreciate it if someone would validate my understanding of the database permissions and if anyone has any suggestions on my problem. Thanks. rdemyan wrote: >My app setup is to use RWOP queries and revoke permissions on the "database" >in the backend. > >So the 'Users' group has no permissions on the database in the backend. But >what about the other groups: Admins and my custom group called PowerUsers. >How should I be setting the permissons on the database object of the backend. > >Thanks. -- Message posted via AccessMonster.com http://www.accessmonster.com/Uwe/Forums.aspx/access-security/200610/1 I had a user come across the Adobe issue as well - I suggested they remove
the Adobe addin for Access. Anyway giving the PowerUsers exclusive permission on the frontend shouldn't interfere with creating the links to the backend. The security FAQ covers the permissions needed in the backend/frontend (I believe three different possibilities). See http://support.microsoft.com/?id=207793 I believe you can give them full permissions on the frontend table links, but check the FAQ. -- Show quoteHide quoteJoan Wild Microsoft Access MVP rdemyan via AccessMonster.com wrote: > Sorry, it's been quite some time since I've thought about this. > > The idea is that no groups should have permissons on the tables. All > groups to which individuals will be assigned need to have at least > permissions to open/run the "Database". I only assign individuals to > the Admins or PowerUsers group and these groups have open/run > permissons. The Access default "Users" group does not have any > permissions to open/run the database. > > Now my question is what permissions do I need to give in the front > end. A recent update that I emailed my client failed to create > back-end links for a person who is a member of the PowerUsers group. > Keep getting error 3044. However my startup code deletes all table > links at startup and then links the tables depending on the back-end > location passed into my app from the launching program. This has > never failed in the past. > > I thought maybe I had a corrupt front end, so I sent him a new > version. Same problems. > Interestingly, when I temporarily reassigned this PowerUser to the > Admins group, everything worked just fine. > > The only difference I can think of that might relate to this problem > showing up in my app update is that I had to give the PowerUsers > group Open Exclusive permissions on the front end. This is because > they recently had copies of Adobe Professional 7.0 installed on their > PCs. Adobe 7.0 was setup to add its toolbars to my custom toolbars. > This cause an exclusivity error for PowerUsers (not Admins who have > Open Exclusive permissions). Giving PowerUsers Open Exclusive > permissions has gotten rid of the Adobe problem, but maybe somehow is > causing this problem. However, I can't see how. > > Appreciate it if someone would validate my understanding of the > database permissions and if anyone has any suggestions on my problem. > > Thanks. > > rdemyan wrote: >> My app setup is to use RWOP queries and revoke permissions on the >> "database" in the backend. >> >> So the 'Users' group has no permissions on the database in the >> backend. But what about the other groups: Admins and my custom >> group called PowerUsers. How should I be setting the permissons on >> the database object of the backend. >> >> Thanks. > > -- > Message posted via AccessMonster.com > http://www.accessmonster.com/Uwe/Forums.aspx/access-security/200610/1 Joan:
Thanks for the reply. What exactly is full permissions. In the front end, I went to Tools--> Security --> User and Group Permissions and then set the permissions for table objects for a particular group. Does full permissions include checking the Read Design, Modify Design and Administer checkboxes? Joan Wild wrote: Show quoteHide quote >I had a user come across the Adobe issue as well - I suggested they remove >the Adobe addin for Access. Anyway giving the PowerUsers exclusive >permission on the frontend shouldn't interfere with creating the links to >the backend. > >The security FAQ covers the permissions needed in the backend/frontend (I >believe three different possibilities). See > http://support.microsoft.com/?id=207793 > >I believe you can give them full permissions on the frontend table links, >but check the FAQ. > >> Sorry, it's been quite some time since I've thought about this. >> >[quoted text clipped - 46 lines] >> Message posted via AccessMonster.com >> http://www.accessmonster.com/Uwe/Forums.aspx/access-security/200610/1 -- Message posted via AccessMonster.com http://www.accessmonster.com/Uwe/Forums.aspx/access-security/200610/1 Yes it does; give them all permissions. They'll still be restricted by the
permissions they have on the backend tables. -- Show quoteHide quoteJoan Wild Microsoft Access MVP rdemyan via AccessMonster.com wrote: > Joan: > > Thanks for the reply. What exactly is full permissions. In the > front end, I went to Tools--> Security --> User and Group Permissions > and then set the permissions for table objects for a particular > group. Does full permissions include checking the Read Design, > Modify Design and Administer checkboxes? > > Joan Wild wrote: >> I had a user come across the Adobe issue as well - I suggested they >> remove the Adobe addin for Access. Anyway giving the PowerUsers >> exclusive permission on the frontend shouldn't interfere with >> creating the links to the backend. >> >> The security FAQ covers the permissions needed in the >> backend/frontend (I believe three different possibilities). See >> http://support.microsoft.com/?id=207793 >> >> I believe you can give them full permissions on the frontend table >> links, but check the FAQ. >> >>> Sorry, it's been quite some time since I've thought about this. >>> >> [quoted text clipped - 46 lines] >>> Message posted via AccessMonster.com >>> http://www.accessmonster.com/Uwe/Forums.aspx/access-security/200610/1 > > -- > Message posted via AccessMonster.com > http://www.accessmonster.com/Uwe/Forums.aspx/access-security/200610/1 
Other interesting topics
How to add the security back to the normal database?
Multi users in one form Use Level Security lockout splitting the database and securing the back-end file? Using User Level Security Wizard multi user Help with Can any one please explain me Access Security Can an Access database expire? .MDW takes over |
|||||||||||||||||||||||
