 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
MS Access Forum / Security / May 2008Open/Run
I am using Access 2002. This finally started to click on how the security works so I created a new workgroup with permissions for three other users besides myself. I am the Admin and they are users with either Full Data, New Data or Read-Only permissions. Everything works correctly except when I look at the individual objects of the database the Open/Run permission is grayed out for all the Queries and Tables in the database. Why is that? I could have done something wrong setting it up but it really is doing exactly what I've been testing so far. But since I'm new to this I could have done something. Thanks in advance. Hello Ann. > I am using Access 2002. This finally started to click on how the > security works so I created a new workgroup with permissions for > three other users besides myself. The perissions are stored in the database, not on the workgroup file. > I am the Admin [...] So you are the only member if the Admins group. > [...] and they are users with either Full Data, New Data or > Read-Only permissions. Everything works correctly except when I > look at the individual objects of the database the Open/Run > permission is grayed out for all the Queries and Tables in the > database. Why is that? I could have done something wrong setting > it up but it really is doing exactly what I've been testing so far. Don't worry, it's all right. There is no Open/Run permission for tables and queries, that's why the field is grayed out. The minimum permissions one needs to open a table or query is "read design" and "read data".  SignatureRegards, Wolfgang The perissions are stored in the database, not on the workgroup file. Thanks, I did read that but I had already posted and realized it was wrong. If the permissions are in the database what is in the workgroup? Just me as the Admin? If that's correct then if I want another person to have admin rights I would add them here? With the same password or a different one? Thank you Wolfgang for the help. > Hello Ann. > [quoted text clipped - 19 lines] > the field is grayed out. The minimum permissions one needs to open > a table or query is "read design" and "read data". > The perissions are stored in the database, not on the workgroup file. > [quoted text clipped - 3 lines] > another person to have admin rights I would add them here? With the > same password or a different one? The Workgroup file contains Groups, UserAccounts, and the information about which UserAccounts are members of which Groups. That's it. Permissions are stored in each MDB file and they do not "care" what Workgroup is used (that's the part that can be confusing). All that the MDB cares about is... You want to access "someObject". The MDB has a list of UserAccounts and Groups that are allowed to access that object. Are you in that list of UserAccounts or a member of one of those Groups? If the answer to the last is "Yes" then you are allowed access to the object. If the answer is "No" then you are not. The *session* that was started with whatever Workgroup file that was used is where the answer to that question comes from. Any number of Workgroups could potentially produce a "Yes" answer, but in actual practice there is usually only one Workgroup file that will do so. This is what gives the impression that the MDB is somehow "linked" to the Workgroup file. In fact if you use the exact same information to create UserAccounts and Groups in multiple Workgroup files then any of them could be used on the same MDB file. SignatureRick Brandt, Microsoft Access MVP Email (as appropriate) to... RBrandt at Hunter dot com I guess I'm confused because I added myself as the admin in the usergroup, closed it, opened the database, used the wizard to add users and their permissions but if I created a new database using that workgroup all the people that were added with the wizard are listed in the new database under user accounts. Since I see them and the only thing I did was created the new database with the workgroup I assumed they are part of the workgroup. I guess it's not clicking as well as I had hoped. By any chance is there documentation that shows examples with groups and user names listed that I can read? > > The perissions are stored in the database, not on the workgroup file. > > [quoted text clipped - 29 lines] > UserAccounts and Groups in multiple Workgroup files then any of them could > be used on the same MDB file. > I guess I'm confused because I added myself as the admin in the > usergroup, I'm already confused by this statement. "added myself as the admin" means nothing to me. What exactly did you do? Do you mean you created a new UserAccount and made that a member of the Admins group? > closed it, opened the database, used the wizard to add > users and their permissions but if I created a new database using > that workgroup all the people that were added with the wizard are > listed in the new database under user accounts. Since I see them and > the only thing I did was created the new database with the workgroup > I assumed they are part of the workgroup. They are. When you create users and accounts while logged into a particular Workgroup you are actually modifying the Workgroup file, not the MDB. It is only when you start assigning permissions that you are modifying the MDB file. > I guess it's not clicking as well as I had hoped. By any chance is > there documentation that shows examples with groups and user names > listed that I can read? Access ULS is *difficult* to understand. Typically though if you dig long enough it "clicks" and suddenly all of it makes sense. I consider it an advanced Access topic and have stated more than once in these groups that if you need to ask questions about the basics of setting up ULS then you are probably not ready for it. Several people have web sites with very explicit step by step instructions. A novice has almost no chance of getting it right without using one of those guides. SignatureRick Brandt, Microsoft Access MVP Email (as appropriate) to... RBrandt at Hunter dot com I created a new workgroup in a blank database (new default) then I created a new user (me) to own all objects and have full permissions. I added the Admin group to the user. Then I removed the admin group from the previous admin user. I used the step by step at www.jmwild.com/security02.htm. > > I guess I'm confused because I added myself as the admin in the > > usergroup, [quoted text clipped - 28 lines] > A novice has almost no chance of getting it right without using one of those > guides. > I created a new workgroup in a blank database (new default) then I > created a new user (me) to own all objects and have full permissions. > I added the Admin group to the user. Then I removed the admin group > from the previous admin user. > > I used the step by step at www.jmwild.com/security02.htm. When you create a new workgroup even if you make it your default that does not make it the workgroup currently in use unless you close and re-open Access. Did you do that? If not then the groups and users you created went into your old workgroup, not the new one. SignatureRick Brandt, Microsoft Access MVP Email (as appropriate) to... RBrandt at Hunter dot com OK, so if I want 20 people in my department grouped into four different groups, with different permissions I would add all 20 to the workgroup along with four new groups and then I'm done with the workgroup unless I need to add new employees. After that, no matter what database I create if I am joined to the workgroup I can use those people and groups to assign permissions in the individual databases I create? Use one of the groups and add the people I want to it in the database? > > The perissions are stored in the database, not on the workgroup file. > > [quoted text clipped - 29 lines] > UserAccounts and Groups in multiple Workgroup files then any of them could > be used on the same MDB file. Hello Ann. Am I allowed to join your conversation? > OK, so if I want 20 people in my department grouped into four > different groups, with different permissions I would add all 20 to [quoted text clipped - 3 lines] > those people and groups to assign permissions in the individual > databases I create? Yes, you got it. And you will have to privide a shortcut for the users that starts Access and opens the database while loading the special workgroup file. Simplified, this will be: fullpathofaccess fullpathofMDB /wrkgrp fullpathofMDW > Use one of the groups and add the people I want to it in the > database? As I understood: You want to use the groups of the workgroup to add new users and to assign permissions. That's fine. But have in mind that if you secured all your databases with the same workgroup, all usersn from this workgroup will have access to all your databases. SignatureRegards, Wolfgang Yes, please do. Any knowledge I can gain from others is greatly appreciated > Hello Ann. > [quoted text clipped - 21 lines] > mind that if you secured all your databases with the same workgroup, > all usersn from this workgroup will have access to all your databases. As I understood: You want to use the groups of the workgroup to > add new users and to assign permissions. That's fine. But have in > mind that if you secured all your databases with the same workgroup, > all usersn from this workgroup will have access to all your databases. OK, I think I get that but I read that it's best to have one workgroup for multiple databases. Is that not the best way to handle them? I originally thought I would have a workgroup for each database I create until I read not to do that. What would you recommend? > Hello Ann. > [quoted text clipped - 21 lines] > mind that if you secured all your databases with the same workgroup, > all usersn from this workgroup will have access to all your databases. Hello Ann. > OK, I think I get that but I read that it's best to have one > workgroup for multiple databases. Is that not the best way to > handle them? I originally thought I would have a workgroup for > each database I create until I read not to do that. > What would you recommend? It's perfectly OK to have one workgroup. Be sure to make a backup copy of it after making changes... And as I said: have in mind that a user defined in that workgroup eventually has access to all your databases. A way to overcome this could be additional groups for each database, like DB1-Users, DB2-Users, DB1-Developers, DB2-Developers... SignatureRegards, Wolfgang
|
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.