MS Access 2K, Windows XP
====================
Hi,

So, crossed the first hurdle of testing the security setup and splitting the
secured database. Thanks, Joan, TC, David, Rick and others who patiently
answered my questions over the past couple of weeks.

I have some more questions regarding password for a user (who only has
permissions to use the Forms and not make any design changes to db objects).

How does a user change her/his password after I create the username? The way
my database is set up, they won't be seeing the Tools option in the menu as I
have the following unchecked - "Display database window", "Allow full menus",
"Allow Built-in toolbars" and "Use Access Special Keys".

Does that mean all password change/reset request from users will have to go
through the data admin? Meaning they tell me the new password, and I go in
and set it for them? Also, please correct me if I'm wrong, but to _change_ a
user's password for her/him, I'll have to login using their login
name/password first.
Logged in as myself (with all the privileges), I can only _clear_ the
password of another user, but cannot _change_ it.

Is it OK for a data admin person to be privy to all passwords?
The other option is that whenever someone needs to change her password, it
will entail me making a trip to their desktop and logging in as them with the
"shift" key pressed to make the Menu options visible.....which I'm not sure I
like.

Am I missing something here?? Is there a simpler way to do this?

Thanks.

-Amit

Hi.

> How does a user change her/his password after I create the username?

Allow the user to do it himself. Create a form with a text box for the User
ID and three more text boxes: the old password, the new password, and to
verify the new password. Use the CurrentUser( ) method to automatically fill
in the User ID text box. All of the password text boxes will have the
"Password" input mask so no one can look over the user's shoulder to read the
password.

Once the user has typed the passwords correctly (verify that the new
password matches in both "New Password" text boxes), the form calls your
ChangePassword( ) function that you will write. You will find code that uses
the NewPassword( ) method to reset a User's password in section 5, "How can I
clear a user's forgotten password?" of the Security FAQ on the following Web
page:

http://support.microsoft.com/default...#_Toc493299666

This code sets the User's password to an empty string, but you should change
the code to use the variable for the new password, instead. You'll need to
add error handling and to set the object variables to Nothing to release
memory before the function exits.

If the user types an invalid password, the password change will fail, so you
won't have people accidentally changing other people's passwords while using
this form. This password form can be set up to be opened by a button on
another form that the users have access to. That way, no custom toolbar need
be set up to provide the Security dialog window for password changes.

> Also, please correct me if I'm wrong, but to _change_ a
> user's password for her/him, I'll have to login using their login
> name/password first.

If you want to use the Security dialog window to change the password, then
you'll have to sign in as that user first. However, the owner of the
database and members of the Admins group can programmatically change other
user's passwords with the NewPassword( ) method while signed in under their
own User ID's.

> Logged in as myself (with all the privileges), I can only _clear_ the
> password of another user, but cannot _change_ it.

Then all is right in the world. No user can arbitrarily change someone
else's password with that GUI.

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)
Beware to those who use munged addresses: known newsgroup E-mail harvesters
for spammers are (E-Mail Removed) and (E-Mail Removed)

- - -
When you see correct answers to your question posted in Microsoft's Online
Community, please sign in to the Community and mark these posts as "Answers,"
so that all may benefit by filtering on "Answered questions" and quickly
finding the right answers to similar questions. Remember that questions
answered the quickest are often from those who have a history of rewarding
the contributors who have taken the time to answer questions correctly.


"Amit" wrote:

> MS Access 2K, Windows XP
> ====================
> Hi,
>
> So, crossed the first hurdle of testing the security setup and splitting the
> secured database. Thanks, Joan, TC, David, Rick and others who patiently
> answered my questions over the past couple of weeks.
>
> I have some more questions regarding password for a user (who only has
> permissions to use the Forms and not make any design changes to db objects).
>
> How does a user change her/his password after I create the username? The way
> my database is set up, they won't be seeing the Tools option in the menu as I
> have the following unchecked - "Display database window", "Allow full menus",
> "Allow Built-in toolbars" and "Use Access Special Keys".
>
> Does that mean all password change/reset request from users will have to go
> through the data admin? Meaning they tell me the new password, and I go in
> and set it for them? Also, please correct me if I'm wrong, but to _change_ a
> user's password for her/him, I'll have to login using their login
> name/password first.
> Logged in as myself (with all the privileges), I can only _clear_ the
> password of another user, but cannot _change_ it.
>
> Is it OK for a data admin person to be privy to all passwords?
> The other option is that whenever someone needs to change her password, it
> will entail me making a trip to their desktop and logging in as them with the
> "shift" key pressed to make the Menu options visible.....which I'm not sure I
> like.
>
> Am I missing something here?? Is there a simpler way to do this?
>
> Thanks.
>
> -Amit

Hi Gunny,

Thanks, once again, for your response which answered my question(s)
correctly

Cheers,

-Amit

"'69 Camaro" wrote:

> Hi.
>
> > How does a user change her/his password after I create the username?
>
> Allow the user to do it himself. Create a form with a text box for the User
> ID and three more text boxes: the old password, the new password, and to
> verify the new password. Use the CurrentUser( ) method to automatically fill
> in the User ID text box. All of the password text boxes will have the
> "Password" input mask so no one can look over the user's shoulder to read the
> password.
>
> Once the user has typed the passwords correctly (verify that the new
> password matches in both "New Password" text boxes), the form calls your
> ChangePassword( ) function that you will write. You will find code that uses
> the NewPassword( ) method to reset a User's password in section 5, "How can I
> clear a user's forgotten password?" of the Security FAQ on the following Web
> page:
>
> http://support.microsoft.com/default...#_Toc493299666
>
> This code sets the User's password to an empty string, but you should change
> the code to use the variable for the new password, instead. You'll need to
> add error handling and to set the object variables to Nothing to release
> memory before the function exits.
>
> If the user types an invalid password, the password change will fail, so you
> won't have people accidentally changing other people's passwords while using
> this form. This password form can be set up to be opened by a button on
> another form that the users have access to. That way, no custom toolbar need
> be set up to provide the Security dialog window for password changes.
>
> > Also, please correct me if I'm wrong, but to _change_ a
> > user's password for her/him, I'll have to login using their login
> > name/password first.
>
> If you want to use the Security dialog window to change the password, then
> you'll have to sign in as that user first. However, the owner of the
> database and members of the Admins group can programmatically change other
> user's passwords with the NewPassword( ) method while signed in under their
> own User ID's.
>
> > Logged in as myself (with all the privileges), I can only _clear_ the
> > password of another user, but cannot _change_ it.
>
> Then all is right in the world. No user can arbitrarily change someone
> else's password with that GUI.
>
> HTH.
>
> Gunny
>
> See http://www.QBuilt.com for all your database needs.
> See http://www.Access.QBuilt.com for Microsoft Access tips.
>

You're very welcome! And thanks for marking my responses as answers to your
questions. It's much appreciated!

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)
Beware to those who use munged addresses: known newsgroup E-mail harvesters
for spammers are (E-Mail Removed) and (E-Mail Removed)


"Amit" <(E-Mail Removed)> wrote in message
news:FF691739-9720-49B5-A745-(E-Mail Removed)...
> Hi Gunny,
>
> Thanks, once again, for your response which answered my question(s)
> correctly
>
> Cheers,
>
> -Amit
>
> "'69 Camaro" wrote:
>
>> Hi.
>>
>> > How does a user change her/his password after I create the username?
>>
>> Allow the user to do it himself. Create a form with a text box for the
>> User
>> ID and three more text boxes: the old password, the new password, and to
>> verify the new password. Use the CurrentUser( ) method to automatically
>> fill
>> in the User ID text box. All of the password text boxes will have the
>> "Password" input mask so no one can look over the user's shoulder to read
>> the
>> password.
>>
>> Once the user has typed the passwords correctly (verify that the new
>> password matches in both "New Password" text boxes), the form calls your
>> ChangePassword( ) function that you will write. You will find code that
>> uses
>> the NewPassword( ) method to reset a User's password in section 5, "How
>> can I
>> clear a user's forgotten password?" of the Security FAQ on the following
>> Web
>> page:
>>
>> http://support.microsoft.com/default...#_Toc493299666
>>
>> This code sets the User's password to an empty string, but you should
>> change
>> the code to use the variable for the new password, instead. You'll need
>> to
>> add error handling and to set the object variables to Nothing to release
>> memory before the function exits.
>>
>> If the user types an invalid password, the password change will fail, so
>> you
>> won't have people accidentally changing other people's passwords while
>> using
>> this form. This password form can be set up to be opened by a button on
>> another form that the users have access to. That way, no custom toolbar
>> need
>> be set up to provide the Security dialog window for password changes.
>>
>> > Also, please correct me if I'm wrong, but to _change_ a
>> > user's password for her/him, I'll have to login using their login
>> > name/password first.
>>
>> If you want to use the Security dialog window to change the password,
>> then
>> you'll have to sign in as that user first. However, the owner of the
>> database and members of the Admins group can programmatically change
>> other
>> user's passwords with the NewPassword( ) method while signed in under
>> their
>> own User ID's.
>>
>> > Logged in as myself (with all the privileges), I can only _clear_ the
>> > password of another user, but cannot _change_ it.
>>
>> Then all is right in the world. No user can arbitrarily change someone
>> else's password with that GUI.
>>
>> HTH.
>>
>> Gunny
>>
>> See http://www.QBuilt.com for all your database needs.
>> See http://www.Access.QBuilt.com for Microsoft Access tips.
>>

"'69 Camaro" wrote:

> You're very welcome! And thanks for marking my responses as answers to your
> questions. It's much appreciated!
>

Sure thing! That's the least I can do.

-amit

Hi Gunny,

I have a follow-up question. Based on your response, I designed and tested a
form that allows a user to change her password. The only modification I made
is that I ended up using

DBEngine.Workspaces(0).Users(CurrentUser()).NewPassword Me.txtOldPwd,
Me.txtNewPwd

in the form instead of a function in a module, as I was getting an error #
3033 when I used the code in the module (even though I was logged in as a
user with ALL privileges).

Anyways, that's done.

What I tried to do was design a similar form that will allow a user to _set_
her password when she logs in the FIRST time. That didn't work with
NewPassword, as "txtOldPwd" is null(?)/not set. So, it gave me an error
message saying old password does not match.

I've been looking at some posts from a year or two back with the same issue,
and Lynn Trapp answered one of them (I think, or maybe Joan Wild). Seems like
this is not possible (allowing a user to _set_ the password from blank the
first time using a form).

So, I'm thinking the way around this is:
a. I create a new user
b. I log in as that user and set the password
c. inform the user of this password
d. when a user logs in for the first time, the first form she sees is
"change password"
e. the user changes her password
f. I add that information (that the password has been changed) to the table
I used in the first place to display the form in step d (so that next time
the same user logs in, she does not get the "change password" form).

Is there a better way to skin this cat?

Thanks.

-Amit

"'69 Camaro" wrote:

> You're very welcome! And thanks for marking my responses as answers to your
> questions. It's much appreciated!
>
> Gunny
>
> See http://www.QBuilt.com for all your database needs.
> See http://www.Access.QBuilt.com for Microsoft Access tips.
>
> (Please remove ZERO_SPAM from my reply E-mail address, so that a message
> will be forwarded to me.)
> Beware to those who use munged addresses: known newsgroup E-mail harvesters
> for spammers are (E-Mail Removed) and (E-Mail Removed)
>
>
> "Amit" <(E-Mail Removed)> wrote in message
> news:FF691739-9720-49B5-A745-(E-Mail Removed)...
> > Hi Gunny,
> >
> > Thanks, once again, for your response which answered my question(s)
> > correctly
> >
> > Cheers,
> >
> > -Amit
> >
> > "'69 Camaro" wrote:
> >
> >> Hi.
> >>
> >> > How does a user change her/his password after I create the username?
> >>
> >> Allow the user to do it himself. Create a form with a text box for the
> >> User
> >> ID and three more text boxes: the old password, the new password, and to
> >> verify the new password. Use the CurrentUser( ) method to automatically
> >> fill
> >> in the User ID text box. All of the password text boxes will have the
> >> "Password" input mask so no one can look over the user's shoulder to read
> >> the
> >> password.
> >>
> >> Once the user has typed the passwords correctly (verify that the new
> >> password matches in both "New Password" text boxes), the form calls your
> >> ChangePassword( ) function that you will write. You will find code that
> >> uses
> >> the NewPassword( ) method to reset a User's password in section 5, "How
> >> can I
> >> clear a user's forgotten password?" of the Security FAQ on the following
> >> Web
> >> page:
> >>
> >> http://support.microsoft.com/default...#_Toc493299666
> >>
> >> This code sets the User's password to an empty string, but you should
> >> change
> >> the code to use the variable for the new password, instead. You'll need
> >> to
> >> add error handling and to set the object variables to Nothing to release
> >> memory before the function exits.
> >>
> >> If the user types an invalid password, the password change will fail, so
> >> you
> >> won't have people accidentally changing other people's passwords while
> >> using
> >> this form. This password form can be set up to be opened by a button on
> >> another form that the users have access to. That way, no custom toolbar
> >> need
> >> be set up to provide the Security dialog window for password changes.
> >>
> >> > Also, please correct me if I'm wrong, but to _change_ a
> >> > user's password for her/him, I'll have to login using their login
> >> > name/password first.
> >>
> >> If you want to use the Security dialog window to change the password,
> >> then
> >> you'll have to sign in as that user first. However, the owner of the
> >> database and members of the Admins group can programmatically change
> >> other
> >> user's passwords with the NewPassword( ) method while signed in under
> >> their
> >> own User ID's.
> >>
> >> > Logged in as myself (with all the privileges), I can only _clear_ the
> >> > password of another user, but cannot _change_ it.
> >>
> >> Then all is right in the world. No user can arbitrarily change someone
> >> else's password with that GUI.
> >>
> >> HTH.
> >>
> >> Gunny
> >>
> >> See http://www.QBuilt.com for all your database needs.
> >> See http://www.Access.QBuilt.com for Microsoft Access tips.
> >>
>
>
>

> I have a follow-up question. Based on your response, I designed and tested a
> form that allows a user to change her password.

Why go to all the trouble when you can use the built-in one? (even in Runtime
and with "low" permissions)

I'm sure there's a better way to avoid Sendkeys etc, but anyway this macro
works.

&Change Password

Echo/Yes
SelectObject/Table//Yes (In Database Window)
Sendkeys "+{TAB}^{RIGHT}^{RIGHT}"/No
Runcommand/UserAndGroupAccounts
SelectObject/Form/Menu/No

You might consider this a bit crude, because they can see all the other user
names if they want to, but they can't change anything except their own
password.

Chris

Wow, that must have been written a long time ago LOL!

All you need, in a macro or code is:
RunCommand acCmdUserAndGroupAccounts

OTOH the macro puts them in the right Tab.

"Chris Mills" <(E-Mail Removed)> wrote in message
>
> All you need, in a macro or code is:
> RunCommand acCmdUserAndGroupAccounts
>
>

"Chris Mills" wrote:

>
> > I have a follow-up question. Based on your response, I designed and tested a
> > form that allows a user to change her password.
>
> Why go to all the trouble when you can use the built-in one? (even in Runtime
> and with "low" permissions)

Hi Chris,

Because I would like to give the users the ability to change their own
password instead of me (or some other data admin) doing it for them. As I
mentioned in my original post above, the "Tools" option is not available to
the users.

-amit