|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Show/Hide objects based on Security GroupsWith my split, multi-user, secured Access 2000 db, I have 3 user groups -
Admins, Read-Only, and Full-User (built-in groups). I'd like to disable or hide some command buttons I have on my switchboard - "User Maintenance", and "Change Password" for all but Admins. I have code that finds out which group the logged-in user belongs to, but it doesn't allow the non-Admin users to run it: strUserLevel = Workspaces(0).Users(Workspaces(0).UserName).Groups(0).Name so I can't hide or show objects based on the user level. - Is this by design, or is there a way to do this? You may find it easier if you create your own unbound form for your
switchboard. It is more flexible than the built-in switchboard manager, especially for something like this. There is code in the security FAQ you can use to determine if a user is member of a group. Then in the open event of your menu form you'd use... If faq_IsUserInGroup("ReadOnly",CurrentUser) then Me.cmdWhatever.Visible = False Me.cmdSomething.Visible = True etc. Else Me.cmdWhatever.Visible = True Me.cmdSomething.Visible = True etc. End If The FAQ can downloaded from http://support.microsoft.com/?id=207793 -- Show quoteHide quoteJoan Wild Microsoft Access MVP bigpalooka wrote: > With my split, multi-user, secured Access 2000 db, I have 3 user > groups - Admins, Read-Only, and Full-User (built-in groups). I'd > like to disable or hide some command buttons I have on my switchboard > - "User Maintenance", and "Change Password" for all but Admins. I > have code that finds out which group the logged-in user belongs to, > but it doesn't allow the non-Admin users to run it: > strUserLevel = > Workspaces(0).Users(Workspaces(0).UserName).Groups(0).Name > so I can't hide or show objects based on the user level. > - Is this by design, or is there a way to do this? I'm still getting error 3112: Record cannot be read. No Read permission on
MSysGroupList. I tried both 'faq_ListGroupsofUser' and 'faq_IsUserInGroup'. It works fine with Admins, but not with the other groups. jp Show quoteHide quote "Joan Wild" wrote: > You may find it easier if you create your own unbound form for your > switchboard. It is more flexible than the built-in switchboard manager, > especially for something like this. > > There is code in the security FAQ you can use to determine if a user is > member of a group. > > Then in the open event of your menu form you'd use... > > If faq_IsUserInGroup("ReadOnly",CurrentUser) then > Me.cmdWhatever.Visible = False > Me.cmdSomething.Visible = True > etc. > Else > Me.cmdWhatever.Visible = True > Me.cmdSomething.Visible = True > etc. > End If > > The FAQ can downloaded from > http://support.microsoft.com/?id=207793 > > > -- > Joan Wild > Microsoft Access MVP > > bigpalooka wrote: > > With my split, multi-user, secured Access 2000 db, I have 3 user > > groups - Admins, Read-Only, and Full-User (built-in groups). I'd > > like to disable or hide some command buttons I have on my switchboard > > - "User Maintenance", and "Change Password" for all but Admins. I > > have code that finds out which group the logged-in user belongs to, > > but it doesn't allow the non-Admin users to run it: > > strUserLevel = > > Workspaces(0).Users(Workspaces(0).UserName).Groups(0).Name > > so I can't hide or show objects based on the user level. > > - Is this by design, or is there a way to do this? > > > Can you post the code you are using? I haven't heard of MSysGroupList.
-- Show quoteHide quoteJoan Wild Microsoft Access MVP bigpalooka wrote: > I'm still getting error 3112: Record cannot be read. No Read > permission on MSysGroupList. I tried both 'faq_ListGroupsofUser' and > 'faq_IsUserInGroup'. It works fine with Admins, but not with the > other groups. > > jp > > "Joan Wild" wrote: > >> You may find it easier if you create your own unbound form for your >> switchboard. It is more flexible than the built-in switchboard >> manager, especially for something like this. >> >> There is code in the security FAQ you can use to determine if a user >> is member of a group. >> >> Then in the open event of your menu form you'd use... >> >> If faq_IsUserInGroup("ReadOnly",CurrentUser) then >> Me.cmdWhatever.Visible = False >> Me.cmdSomething.Visible = True >> etc. >> Else >> Me.cmdWhatever.Visible = True >> Me.cmdSomething.Visible = True >> etc. >> End If >> >> The FAQ can downloaded from >> http://support.microsoft.com/?id=207793 >> >> >> -- >> Joan Wild >> Microsoft Access MVP >> >> bigpalooka wrote: >>> With my split, multi-user, secured Access 2000 db, I have 3 user >>> groups - Admins, Read-Only, and Full-User (built-in groups). I'd >>> like to disable or hide some command buttons I have on my >>> switchboard - "User Maintenance", and "Change Password" for all but >>> Admins. I have code that finds out which group the logged-in user >>> belongs to, but it doesn't allow the non-Admin users to run it: >>> strUserLevel = >>> Workspaces(0).Users(Workspaces(0).UserName).Groups(0).Name >>> so I can't hide or show objects based on the user level. >>> - Is this by design, or is there a way to do this? Here's my code - it's pretty straightforward:
Private Sub cmdOK_Click() On Error GoTo errhnd Dim wsp As DAO.Workspace Dim usr As DAO.User Dim strUserName As String strUserName = Application.CurrentUser If Me.txtNewPassword = Me.txtConfirmPassword Then Set wsp = DAO.Workspaces(0) Set usr = wsp.Users(strUserName) usr.NewPassword Me.txtOldPassword, Me.txtNewPassword Else MsgBox "Re-enter your Passwords. Your NewPassword doesn't match your ConfirmPassword", vbInformation + vbOKOnly, "Passwords don't Match" - etc etc - assorted code to check for pwd length, etc is removed. you're right - I can't find MSysGroupList or MSysUserList in the system tables. The closest I come is MSysGroups in the mdw file. ?? jp Show quoteHide quote "Joan Wild" wrote: > Can you post the code you are using? I haven't heard of MSysGroupList. > > -- > Joan Wild > Microsoft Access MVP > > bigpalooka wrote: > > I'm still getting error 3112: Record cannot be read. No Read > > permission on MSysGroupList. I tried both 'faq_ListGroupsofUser' and > > 'faq_IsUserInGroup'. It works fine with Admins, but not with the > > other groups. > > > > jp > > > > "Joan Wild" wrote: > > > >> You may find it easier if you create your own unbound form for your > >> switchboard. It is more flexible than the built-in switchboard > >> manager, especially for something like this. > >> > >> There is code in the security FAQ you can use to determine if a user > >> is member of a group. > >> > >> Then in the open event of your menu form you'd use... > >> > >> If faq_IsUserInGroup("ReadOnly",CurrentUser) then > >> Me.cmdWhatever.Visible = False > >> Me.cmdSomething.Visible = True > >> etc. > >> Else > >> Me.cmdWhatever.Visible = True > >> Me.cmdSomething.Visible = True > >> etc. > >> End If > >> > >> The FAQ can downloaded from > >> http://support.microsoft.com/?id=207793 > >> > >> > >> -- > >> Joan Wild > >> Microsoft Access MVP > >> > >> bigpalooka wrote: > >>> With my split, multi-user, secured Access 2000 db, I have 3 user > >>> groups - Admins, Read-Only, and Full-User (built-in groups). I'd > >>> like to disable or hide some command buttons I have on my > >>> switchboard - "User Maintenance", and "Change Password" for all but > >>> Admins. I have code that finds out which group the logged-in user > >>> belongs to, but it doesn't allow the non-Admin users to run it: > >>> strUserLevel = > >>> Workspaces(0).Users(Workspaces(0).UserName).Groups(0).Name > >>> so I can't hide or show objects based on the user level. > >>> - Is this by design, or is there a way to do this? > > > I don't see anything wrong with the code; it works here for a limited user.
-- Show quoteHide quoteJoan Wild Microsoft Access MVP bigpalooka wrote: > Here's my code - it's pretty straightforward: > > Private Sub cmdOK_Click() > On Error GoTo errhnd > > Dim wsp As DAO.Workspace > Dim usr As DAO.User > Dim strUserName As String > > strUserName = Application.CurrentUser > > If Me.txtNewPassword = Me.txtConfirmPassword Then > Set wsp = DAO.Workspaces(0) > Set usr = wsp.Users(strUserName) > usr.NewPassword Me.txtOldPassword, Me.txtNewPassword > Else > MsgBox "Re-enter your Passwords. Your NewPassword > doesn't match your ConfirmPassword", vbInformation + vbOKOnly, > "Passwords don't Match" > - etc etc - assorted code to check for pwd length, etc is removed. > > you're right - I can't find MSysGroupList or MSysUserList in the > system tables. The closest I come is MSysGroups in the mdw file. > ?? > jp > > "Joan Wild" wrote: > >> Can you post the code you are using? I haven't heard of >> MSysGroupList. >> >> -- >> Joan Wild >> Microsoft Access MVP >> >> bigpalooka wrote: >>> I'm still getting error 3112: Record cannot be read. No Read >>> permission on MSysGroupList. I tried both 'faq_ListGroupsofUser' >>> and 'faq_IsUserInGroup'. It works fine with Admins, but not with the >>> other groups. >>> >>> jp >>> >>> "Joan Wild" wrote: >>> >>>> You may find it easier if you create your own unbound form for your >>>> switchboard. It is more flexible than the built-in switchboard >>>> manager, especially for something like this. >>>> >>>> There is code in the security FAQ you can use to determine if a >>>> user is member of a group. >>>> >>>> Then in the open event of your menu form you'd use... >>>> >>>> If faq_IsUserInGroup("ReadOnly",CurrentUser) then >>>> Me.cmdWhatever.Visible = False >>>> Me.cmdSomething.Visible = True >>>> etc. >>>> Else >>>> Me.cmdWhatever.Visible = True >>>> Me.cmdSomething.Visible = True >>>> etc. >>>> End If >>>> >>>> The FAQ can downloaded from >>>> http://support.microsoft.com/?id=207793 >>>> >>>> >>>> -- >>>> Joan Wild >>>> Microsoft Access MVP >>>> >>>> bigpalooka wrote: >>>>> With my split, multi-user, secured Access 2000 db, I have 3 user >>>>> groups - Admins, Read-Only, and Full-User (built-in groups). I'd >>>>> like to disable or hide some command buttons I have on my >>>>> switchboard - "User Maintenance", and "Change Password" for all >>>>> but Admins. I have code that finds out which group the logged-in >>>>> user belongs to, but it doesn't allow the non-Admin users to run >>>>> it: strUserLevel = >>>>> Workspaces(0).Users(Workspaces(0).UserName).Groups(0).Name >>>>> so I can't hide or show objects based on the user level. >>>>> - Is this by design, or is there a way to do this? OK - I'll investigate. There may be something hidden somewhere in the db
that's keeping me up at night. jp Show quoteHide quote "Joan Wild" wrote: > I don't see anything wrong with the code; it works here for a limited user. > > -- > Joan Wild > Microsoft Access MVP > > bigpalooka wrote: > > Here's my code - it's pretty straightforward: > > > > Private Sub cmdOK_Click() > > On Error GoTo errhnd > > > > Dim wsp As DAO.Workspace > > Dim usr As DAO.User > > Dim strUserName As String > > > > strUserName = Application.CurrentUser > > > > If Me.txtNewPassword = Me.txtConfirmPassword Then > > Set wsp = DAO.Workspaces(0) > > Set usr = wsp.Users(strUserName) > > usr.NewPassword Me.txtOldPassword, Me.txtNewPassword > > Else > > MsgBox "Re-enter your Passwords. Your NewPassword > > doesn't match your ConfirmPassword", vbInformation + vbOKOnly, > > "Passwords don't Match" > > - etc etc - assorted code to check for pwd length, etc is removed. > > > > you're right - I can't find MSysGroupList or MSysUserList in the > > system tables. The closest I come is MSysGroups in the mdw file. > > ?? > > jp > > > > "Joan Wild" wrote: > > > >> Can you post the code you are using? I haven't heard of > >> MSysGroupList. > >> > >> -- > >> Joan Wild > >> Microsoft Access MVP > >> > >> bigpalooka wrote: > >>> I'm still getting error 3112: Record cannot be read. No Read > >>> permission on MSysGroupList. I tried both 'faq_ListGroupsofUser' > >>> and 'faq_IsUserInGroup'. It works fine with Admins, but not with the > >>> other groups. > >>> > >>> jp > >>> > >>> "Joan Wild" wrote: > >>> > >>>> You may find it easier if you create your own unbound form for your > >>>> switchboard. It is more flexible than the built-in switchboard > >>>> manager, especially for something like this. > >>>> > >>>> There is code in the security FAQ you can use to determine if a > >>>> user is member of a group. > >>>> > >>>> Then in the open event of your menu form you'd use... > >>>> > >>>> If faq_IsUserInGroup("ReadOnly",CurrentUser) then > >>>> Me.cmdWhatever.Visible = False > >>>> Me.cmdSomething.Visible = True > >>>> etc. > >>>> Else > >>>> Me.cmdWhatever.Visible = True > >>>> Me.cmdSomething.Visible = True > >>>> etc. > >>>> End If > >>>> > >>>> The FAQ can downloaded from > >>>> http://support.microsoft.com/?id=207793 > >>>> > >>>> > >>>> -- > >>>> Joan Wild > >>>> Microsoft Access MVP > >>>> > >>>> bigpalooka wrote: > >>>>> With my split, multi-user, secured Access 2000 db, I have 3 user > >>>>> groups - Admins, Read-Only, and Full-User (built-in groups). I'd > >>>>> like to disable or hide some command buttons I have on my > >>>>> switchboard - "User Maintenance", and "Change Password" for all > >>>>> but Admins. I have code that finds out which group the logged-in > >>>>> user belongs to, but it doesn't allow the non-Admin users to run > >>>>> it: strUserLevel = > >>>>> Workspaces(0).Users(Workspaces(0).UserName).Groups(0).Name > >>>>> so I can't hide or show objects based on the user level. > >>>>> - Is this by design, or is there a way to do this? > > > MSysGroupList and MSysUserList are Queries in the mdw file.
Show quoteHide quote "Joan Wild" wrote: > Can you post the code you are using? I haven't heard of MSysGroupList. > > -- > Joan Wild > Microsoft Access MVP > > bigpalooka wrote: > > I'm still getting error 3112: Record cannot be read. No Read > > permission on MSysGroupList. I tried both 'faq_ListGroupsofUser' and > > 'faq_IsUserInGroup'. It works fine with Admins, but not with the > > other groups. > > > > jp > > > > "Joan Wild" wrote: > > > >> You may find it easier if you create your own unbound form for your > >> switchboard. It is more flexible than the built-in switchboard > >> manager, especially for something like this. > >> > >> There is code in the security FAQ you can use to determine if a user > >> is member of a group. > >> > >> Then in the open event of your menu form you'd use... > >> > >> If faq_IsUserInGroup("ReadOnly",CurrentUser) then > >> Me.cmdWhatever.Visible = False > >> Me.cmdSomething.Visible = True > >> etc. > >> Else > >> Me.cmdWhatever.Visible = True > >> Me.cmdSomething.Visible = True > >> etc. > >> End If > >> > >> The FAQ can downloaded from > >> http://support.microsoft.com/?id=207793 > >> > >> > >> -- > >> Joan Wild > >> Microsoft Access MVP > >> > >> bigpalooka wrote: > >>> With my split, multi-user, secured Access 2000 db, I have 3 user > >>> groups - Admins, Read-Only, and Full-User (built-in groups). I'd > >>> like to disable or hide some command buttons I have on my > >>> switchboard - "User Maintenance", and "Change Password" for all but > >>> Admins. I have code that finds out which group the logged-in user > >>> belongs to, but it doesn't allow the non-Admin users to run it: > >>> strUserLevel = > >>> Workspaces(0).Users(Workspaces(0).UserName).Groups(0).Name > >>> so I can't hide or show objects based on the user level. > >>> - Is this by design, or is there a way to do this? > > > Have you opened the mdw (before now) directly and been mucking around?
-- Show quoteHide quoteJoan Wild Microsoft Access MVP bigpalooka wrote: > MSysGroupList and MSysUserList are Queries in the mdw file. > > > > "Joan Wild" wrote: > >> Can you post the code you are using? I haven't heard of >> MSysGroupList. >> >> -- >> Joan Wild >> Microsoft Access MVP >> >> bigpalooka wrote: >>> I'm still getting error 3112: Record cannot be read. No Read >>> permission on MSysGroupList. I tried both 'faq_ListGroupsofUser' >>> and 'faq_IsUserInGroup'. It works fine with Admins, but not with the >>> other groups. >>> >>> jp >>> >>> "Joan Wild" wrote: >>> >>>> You may find it easier if you create your own unbound form for your >>>> switchboard. It is more flexible than the built-in switchboard >>>> manager, especially for something like this. >>>> >>>> There is code in the security FAQ you can use to determine if a >>>> user is member of a group. >>>> >>>> Then in the open event of your menu form you'd use... >>>> >>>> If faq_IsUserInGroup("ReadOnly",CurrentUser) then >>>> Me.cmdWhatever.Visible = False >>>> Me.cmdSomething.Visible = True >>>> etc. >>>> Else >>>> Me.cmdWhatever.Visible = True >>>> Me.cmdSomething.Visible = True >>>> etc. >>>> End If >>>> >>>> The FAQ can downloaded from >>>> http://support.microsoft.com/?id=207793 >>>> >>>> >>>> -- >>>> Joan Wild >>>> Microsoft Access MVP >>>> >>>> bigpalooka wrote: >>>>> With my split, multi-user, secured Access 2000 db, I have 3 user >>>>> groups - Admins, Read-Only, and Full-User (built-in groups). I'd >>>>> like to disable or hide some command buttons I have on my >>>>> switchboard - "User Maintenance", and "Change Password" for all >>>>> but Admins. I have code that finds out which group the logged-in >>>>> user belongs to, but it doesn't allow the non-Admin users to run >>>>> it: strUserLevel = >>>>> Workspaces(0).Users(Workspaces(0).UserName).Groups(0).Name >>>>> so I can't hide or show objects based on the user level. >>>>> - Is this by design, or is there a way to do this? nope
Show quoteHide quote "Joan Wild" wrote: > Have you opened the mdw (before now) directly and been mucking around? > > -- > Joan Wild > Microsoft Access MVP > > bigpalooka wrote: > > MSysGroupList and MSysUserList are Queries in the mdw file. > > > > > > > > "Joan Wild" wrote: > > > >> Can you post the code you are using? I haven't heard of > >> MSysGroupList. > >> > >> -- > >> Joan Wild > >> Microsoft Access MVP > >> > >> bigpalooka wrote: > >>> I'm still getting error 3112: Record cannot be read. No Read > >>> permission on MSysGroupList. I tried both 'faq_ListGroupsofUser' > >>> and 'faq_IsUserInGroup'. It works fine with Admins, but not with the > >>> other groups. > >>> > >>> jp > >>> > >>> "Joan Wild" wrote: > >>> > >>>> You may find it easier if you create your own unbound form for your > >>>> switchboard. It is more flexible than the built-in switchboard > >>>> manager, especially for something like this. > >>>> > >>>> There is code in the security FAQ you can use to determine if a > >>>> user is member of a group. > >>>> > >>>> Then in the open event of your menu form you'd use... > >>>> > >>>> If faq_IsUserInGroup("ReadOnly",CurrentUser) then > >>>> Me.cmdWhatever.Visible = False > >>>> Me.cmdSomething.Visible = True > >>>> etc. > >>>> Else > >>>> Me.cmdWhatever.Visible = True > >>>> Me.cmdSomething.Visible = True > >>>> etc. > >>>> End If > >>>> > >>>> The FAQ can downloaded from > >>>> http://support.microsoft.com/?id=207793 > >>>> > >>>> > >>>> -- > >>>> Joan Wild > >>>> Microsoft Access MVP > >>>> > >>>> bigpalooka wrote: > >>>>> With my split, multi-user, secured Access 2000 db, I have 3 user > >>>>> groups - Admins, Read-Only, and Full-User (built-in groups). I'd > >>>>> like to disable or hide some command buttons I have on my > >>>>> switchboard - "User Maintenance", and "Change Password" for all > >>>>> but Admins. I have code that finds out which group the logged-in > >>>>> user belongs to, but it doesn't allow the non-Admin users to run > >>>>> it: strUserLevel = > >>>>> Workspaces(0).Users(Workspaces(0).UserName).Groups(0).Name > >>>>> so I can't hide or show objects based on the user level. > >>>>> - Is this by design, or is there a way to do this? > > > OK - I removed all security, imported everything into a new db and reset the
security and it all works like a champ. Something got corrupted somewhere and I couldn't recover from it. I've since recovered and am doing well. Show quoteHide quote "bigpalooka" wrote: > With my split, multi-user, secured Access 2000 db, I have 3 user groups - > Admins, Read-Only, and Full-User (built-in groups). I'd like to disable or > hide some command buttons I have on my switchboard - "User Maintenance", and > "Change Password" for all but Admins. I have code that finds out which group > the logged-in user belongs to, but it doesn't allow the non-Admin users to > run it: > strUserLevel = Workspaces(0).Users(Workspaces(0).UserName).Groups(0).Name > so I can't hide or show objects based on the user level. > - Is this by design, or is there a way to do this? Thanks for the followup.
-- Show quoteHide quoteJoan Wild Microsoft Access MVP bigpalooka wrote: > OK - I removed all security, imported everything into a new db and > reset the security and it all works like a champ. Something got > corrupted somewhere and I couldn't recover from it. I've since > recovered and am doing well. > > "bigpalooka" wrote: > >> With my split, multi-user, secured Access 2000 db, I have 3 user >> groups - Admins, Read-Only, and Full-User (built-in groups). I'd >> like to disable or hide some command buttons I have on my >> switchboard - "User Maintenance", and "Change Password" for all but >> Admins. I have code that finds out which group the logged-in user >> belongs to, but it doesn't allow the non-Admin users to run it: >> strUserLevel = >> Workspaces(0).Users(Workspaces(0).UserName).Groups(0).Name >> so I can't hide or show objects based on the user level. >> - Is this by design, or is there a way to do this? 
Other interesting topics
Domain user as Local admin
Locked Out How to secure the backend AllowBypassKey in Access project Securing Records by Users THE DATABASE ENGINE COULD NOT LOCK... Access 2000 - Can Users Change Their Own Passwords? Securing Database locked all sesions of Access firewall config not using windows fierwall using avg encrypt and descrypt |
|||||||||||||||||||||||
