|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Dual Workgroup - Problem with creating administratorsdistribution of my database. I followed the Access Security FAQ (Item 33). It works and I can log on to the application using this second workgroup file. In my application, I have custom menus. I use code to allow administrators to create new users as opposed to allowing access to the menu item that does this. The application has the following groups: Admins PowerUsers Users All permissions to the database have been revoked for the Users group and the specific user known as Admin. Neither the Admin user or anyone solely in the Users group can logon. I discovered with my second workgroup file that I could create new users (who are not administrators) and they could successfully log on to the application. These users were created to be members of PowerUsers and Users groups. However, creating additional administrators seemed to work, but these individuals could not logon. Administrators were made members of the Admins and Users group. I thought maybe my code was in some way deficient, so I turned the Access default menu bar back on and created the administrator using the menu item. Again added to Admins and Users groups. The new administrator could STILL NOT LOGON. Error message "You don't have permission,,,,,,". So it occurred to me to add the administrator to the PowerUsers group as well. Voila, now the adminstrator can logon and does have full adminstrative rights. I didn't see this wrinkle documented anywhere. It is documented that any new user must be a part of the Users group. I guess the issue is that since I revoked permissions to open the database to the Users group and since the Admins groups are not identical between my developer workgroup file and this second workgroup file, the only commonality between the two workgroup files is the creation of the PowerUsers group. Hence every user must also be a member of this group in order to be able to open the database. This is easy to implement, but my question is: Is my analysis correct? Do I uhderstand what happened here or is there something else going on that I'm not aware of. Thanks. Your analysis seems correct.
Every user must have permission to open the database. Administrators can have permission to open the database, by Having assigned personal permission or Member of a group that has assigned permission or Owner of the database or Member of the Admins Group which created the database. You created a new user and assigned that user to the Admins group. If you use this workgroup, that user will now be able to enter any database CREATED WITH THIS WORKGROUP. As you can see, this new user cannot enter a database created with some other workgroup. But this user still won't be able to enter a database created with this (new) workgroup unless they are logged on with this workgroup (or a copy of this workgroup), because this workgroup has the list which says that this user is currently a member of this Admins group. The only person who only has to be a User, without any permission, is the Owner of the database. The Owner just has to be a User to login. Doesn't have to be a member of any Admins group. Doesn't have to have Open permission. (david) "robert d via AccessMonster.com" <u6836@uwe> wrote in message news:574f7cbbe3052@uwe...Show quoteHide quote > I have created a second workgroup file (different from my developer file) for > distribution of my database. I followed the Access Security FAQ (Item 33). > It works and I can log on to the application using this second workgroup file. > > > In my application, I have custom menus. I use code to allow administrators > to create new users as opposed to allowing access to the menu item that does > this. The application has the following groups: > > Admins > PowerUsers > Users > > All permissions to the database have been revoked for the Users group and the > specific user known as Admin. Neither the Admin user or anyone solely in the > Users group can logon. > > I discovered with my second workgroup file that I could create new users (who > are not administrators) and they could successfully log on to the application. > These users were created to be members of PowerUsers and Users groups. > However, creating additional administrators seemed to work, but these > individuals could not logon. Administrators were made members of the Admins > and Users group. > > I thought maybe my code was in some way deficient, so I turned the Access > default menu bar back on and created the administrator using the menu item. > Again added to Admins and Users groups. > > The new administrator could STILL NOT LOGON. Error message "You don't have > permission,,,,,,". > > So it occurred to me to add the administrator to the PowerUsers group as well. > Voila, now the adminstrator can logon and does have full adminstrative rights. > > > I didn't see this wrinkle documented anywhere. It is documented that any new > user must be a part of the Users group. I guess the issue is that since I > revoked permissions to open the database to the Users group and since the > Admins groups are not identical between my developer workgroup file and this > second workgroup file, the only commonality between the two workgroup files > is the creation of the PowerUsers group. Hence every user must also be a > member of this group in order to be able to open the database. > > This is easy to implement, but my question is: > > Is my analysis correct? Do I uhderstand what happened here or is there > something else going on that I'm not aware of. > > Thanks. > > -- > Message posted via http://www.accessmonster.com 
Other interesting topics
Relink FE/BE tables with new user id
Way to protect against design changes in one mdb? Re: FORGOT Admin Password HELP!!! Disabled Shift Key Folder Permission for BE Permission Issues Permissions on Modules Security using 1 workgroup for all databases - new and old Help - Application to run as someone else? help needed to protect the TABLE !! |
|||||||||||||||||||||||
