Hi, Fred.

You want to give read-only users _temporary_ update permissions? The
intention of read-only users is to prevent them from making _any_ changes to
the data.

What you ask is doable, but the tasks required to provide this "temporary"
capability would be a convoluted mess. Why not create a new group within
your workgroup that has read-only permissions on all objects, except for
these four queries, and make your designated users members of this new
group, instead of the read-only group? That way, you'd have a group for
people who need a bit more than read-only privileges and a group available
for people who really _should_ only have read-only privileges.

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)


"FRED" <(E-Mail Removed)> wrote in message
news:1AD06722-D678-4ABB-9A7E-(E-Mail Removed)...
> My Db is secured and I would like the read only user consult an updated
DB.
> The problem is when the db is opening it runs four different update
queries
> in background but doesn't work when logged on as a read only user. Is
there a
> way to run these four queries with temporary update permission.
>
> Thanks
>
> FRED

I'll give you more detail. On opening, the database is running a query to
update local invoice tables from an SQL database (odbc) so to have the query
update the invoice value user must have update privilege but when they
consult the table trought a form they shouldn't update anything. I know that
I could have the form beiing read only but when this form will be use by full
data user they will not be able to update. I thought it would be more simple
to run the update query on opening with update privilege. So if there is a
way, let me know even if it's complicated, I could do some coding to make it
work.

thanks for your help.

FRED

"'69 Camaro" wrote:

> Hi, Fred.
>
> You want to give read-only users _temporary_ update permissions? The
> intention of read-only users is to prevent them from making _any_ changes to
> the data.
>
> What you ask is doable, but the tasks required to provide this "temporary"
> capability would be a convoluted mess. Why not create a new group within
> your workgroup that has read-only permissions on all objects, except for
> these four queries, and make your designated users members of this new
> group, instead of the read-only group? That way, you'd have a group for
> people who need a bit more than read-only privileges and a group available
> for people who really _should_ only have read-only privileges.
>
> HTH.
>
> Gunny
>
> See http://www.QBuilt.com for all your database needs.
> See http://www.Access.QBuilt.com for Microsoft Access tips.
>
> (Please remove ZERO_SPAM from my reply E-mail address, so that a message
> will be forwarded to me.)
>
>
> "FRED" <(E-Mail Removed)> wrote in message
> news:1AD06722-D678-4ABB-9A7E-(E-Mail Removed)...
> > My Db is secured and I would like the read only user consult an updated
> DB.
> > The problem is when the db is opening it runs four different update
> queries
> > in background but doesn't work when logged on as a read only user. Is
> there a
> > way to run these four queries with temporary update permission.
> >
> > Thanks
> >
> > FRED
>
>
>

You can make your Update Queries RWOP - they will run with the query owner's
permission, and they won't need any permissions on the table(s).

Also you can use RWOP queries as the basis for your forms - again they won't
need any permissions on the tables. Just give them the required permissions
on the query.

--
Joan Wild
Microsoft Access MVP

FRED wrote:
> I'll give you more detail. On opening, the database is running a
> query to update local invoice tables from an SQL database (odbc) so
> to have the query update the invoice value user must have update
> privilege but when they consult the table trought a form they
> shouldn't update anything. I know that I could have the form beiing
> read only but when this form will be use by full data user they will
> not be able to update. I thought it would be more simple to run the
> update query on opening with update privilege. So if there is a way,
> let me know even if it's complicated, I could do some coding to make
> it work.
>
> thanks for your help.
>
> FRED
>
> "'69 Camaro" wrote:
>
>> Hi, Fred.
>>
>> You want to give read-only users _temporary_ update permissions? The
>> intention of read-only users is to prevent them from making _any_
>> changes to the data.
>>
>> What you ask is doable, but the tasks required to provide this
>> "temporary" capability would be a convoluted mess. Why not create a
>> new group within your workgroup that has read-only permissions on
>> all objects, except for these four queries, and make your designated
>> users members of this new group, instead of the read-only group?
>> That way, you'd have a group for people who need a bit more than
>> read-only privileges and a group available for people who really
>> _should_ only have read-only privileges.
>>
>> HTH.
>>
>> Gunny
>>
>> See http://www.QBuilt.com for all your database needs.
>> See http://www.Access.QBuilt.com for Microsoft Access tips.
>>
>> (Please remove ZERO_SPAM from my reply E-mail address, so that a
>> message will be forwarded to me.)
>>
>>
>> "FRED" <(E-Mail Removed)> wrote in message
>> news:1AD06722-D678-4ABB-9A7E-(E-Mail Removed)...
>>> My Db is secured and I would like the read only user consult an
>>> updated DB. The problem is when the db is opening it runs four
>>> different update queries in background but doesn't work when logged
>>> on as a read only user. Is there a way to run these four queries
>>> with temporary update permission.
>>>
>>> Thanks
>>>
>>> FRED

Can you base your form on a read-only query, but then use a Read With
Owners Permission (RWOP) query to update the database.

On Sat, 11 Sep 2004 07:23:03 -0700, "FRED"
<(E-Mail Removed)> wrote:

>I'll give you more detail. On opening, the database is running a query to
>update local invoice tables from an SQL database (odbc) so to have the query
>update the invoice value user must have update privilege but when they
>consult the table trought a form they shouldn't update anything. I know that
>I could have the form beiing read only but when this form will be use by full
>data user they will not be able to update. I thought it would be more simple
>to run the update query on opening with update privilege. So if there is a
>way, let me know even if it's complicated, I could do some coding to make it
>work.
>
> thanks for your help.
>
>FRED
>
>"'69 Camaro" wrote:
>
>> Hi, Fred.
>>
>> You want to give read-only users _temporary_ update permissions? The
>> intention of read-only users is to prevent them from making _any_ changes to
>> the data.
>>
>> What you ask is doable, but the tasks required to provide this "temporary"
>> capability would be a convoluted mess. Why not create a new group within
>> your workgroup that has read-only permissions on all objects, except for
>> these four queries, and make your designated users members of this new
>> group, instead of the read-only group? That way, you'd have a group for
>> people who need a bit more than read-only privileges and a group available
>> for people who really _should_ only have read-only privileges.
>>
>> HTH.
>>
>> Gunny
>>
>> See http://www.QBuilt.com for all your database needs.
>> See http://www.Access.QBuilt.com for Microsoft Access tips.
>>
>> (Please remove ZERO_SPAM from my reply E-mail address, so that a message
>> will be forwarded to me.)
>>
>>
>> "FRED" <(E-Mail Removed)> wrote in message
>> news:1AD06722-D678-4ABB-9A7E-(E-Mail Removed)...
>> > My Db is secured and I would like the read only user consult an updated
>> DB.
>> > The problem is when the db is opening it runs four different update
>> queries
>> > in background but doesn't work when logged on as a read only user. Is
>> there a
>> > way to run these four queries with temporary update permission.
>> >
>> > Thanks
>> >
>> > FRED
>>
>>
>>


**********************
(E-Mail Removed)
remove uppercase letters for true email
http://www.geocities.com/jacksonmacd/ for info on MS Access security

Give RWOP on action queries, not _just_ SELECT queries?!! Then _any_ of the
users, including the read-only users, could run these queries to alter data
in the tables. Since "if you give 'em an inch, they'll take a mile," utter
chaos could ensue! ;-)

The next thing you know, the read-only users will be asking to run DELETE
queries, and then asking to store data in the tables, then asking to store
multivalues in the fields of records ("3 Corvettes sold on 4/1/2004"), then
asking to group the fields (payment1, payment2, payment3, ... et cetera),
then we'll find that children are bossing their parents around, dogs are
living with cats, and pressing <CTRL><ALT><DELETE> only rings the doorbell!

And then we'll be asking, "Where did all this madness start?" And a
teenager will answer, "Remember that day in 2004 when we gave the read-only
users the ability to change data, but we still called them 'read-only
users'?" -- because by that time, we'll have discovered that teenagers
really _do_ know everything! ;-)

Friends don't let friends drive drunk, and friends don't let friends give
RWOP on action queries where read-only users can log into the database. ;-)

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)


"Joan Wild" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> You can make your Update Queries RWOP - they will run with the query
owner's
> permission, and they won't need any permissions on the table(s).
>
> Also you can use RWOP queries as the basis for your forms - again they
won't
> need any permissions on the tables. Just give them the required
permissions
> on the query.
>
> --
> Joan Wild
> Microsoft Access MVP
>
> FRED wrote:
> > I'll give you more detail. On opening, the database is running a
> > query to update local invoice tables from an SQL database (odbc) so
> > to have the query update the invoice value user must have update
> > privilege but when they consult the table trought a form they
> > shouldn't update anything. I know that I could have the form beiing
> > read only but when this form will be use by full data user they will
> > not be able to update. I thought it would be more simple to run the
> > update query on opening with update privilege. So if there is a way,
> > let me know even if it's complicated, I could do some coding to make
> > it work.
> >
> > thanks for your help.
> >
> > FRED
> >
> > "'69 Camaro" wrote:
> >
> >> Hi, Fred.
> >>
> >> You want to give read-only users _temporary_ update permissions? The
> >> intention of read-only users is to prevent them from making _any_
> >> changes to the data.
> >>
> >> What you ask is doable, but the tasks required to provide this
> >> "temporary" capability would be a convoluted mess. Why not create a
> >> new group within your workgroup that has read-only permissions on
> >> all objects, except for these four queries, and make your designated
> >> users members of this new group, instead of the read-only group?
> >> That way, you'd have a group for people who need a bit more than
> >> read-only privileges and a group available for people who really
> >> _should_ only have read-only privileges.
> >>
> >> HTH.
> >>
> >> Gunny
> >>
> >> See http://www.QBuilt.com for all your database needs.
> >> See http://www.Access.QBuilt.com for Microsoft Access tips.
> >>
> >> (Please remove ZERO_SPAM from my reply E-mail address, so that a
> >> message will be forwarded to me.)
> >>
> >>
> >> "FRED" <(E-Mail Removed)> wrote in message
> >> news:1AD06722-D678-4ABB-9A7E-(E-Mail Removed)...
> >>> My Db is secured and I would like the read only user consult an
> >>> updated DB. The problem is when the db is opening it runs four
> >>> different update queries in background but doesn't work when logged
> >>> on as a read only user. Is there a way to run these four queries
> >>> with temporary update permission.
> >>>
> >>> Thanks
> >>>
> >>> FRED
>
>

I'm not sure what you're on about. Fred *wants* the read-only users to run
these update queries, which are run (in code) when the database opens. They
wouldn't even be aware they were running them, let alone asking to run
others.

--
Joan Wild
Microsoft Access MVP



'69 Camaro wrote:
> Give RWOP on action queries, not _just_ SELECT queries?!! Then _any_
> of the users, including the read-only users, could run these queries
> to alter data in the tables. Since "if you give 'em an inch, they'll
> take a mile," utter chaos could ensue! ;-)
>
> The next thing you know, the read-only users will be asking to run
> DELETE queries, and then asking to store data in the tables, then
> asking to store multivalues in the fields of records ("3 Corvettes
> sold on 4/1/2004"), then asking to group the fields (payment1,
> payment2, payment3, ... et cetera), then we'll find that children are
> bossing their parents around, dogs are living with cats, and pressing
> <CTRL><ALT><DELETE> only rings the doorbell!
>
> And then we'll be asking, "Where did all this madness start?" And a
> teenager will answer, "Remember that day in 2004 when we gave the
> read-only users the ability to change data, but we still called them
> 'read-only users'?" -- because by that time, we'll have discovered
> that teenagers really _do_ know everything! ;-)
>
> Friends don't let friends drive drunk, and friends don't let friends
> give RWOP on action queries where read-only users can log into the
> database. ;-)
>
> HTH.
>
> Gunny
>
> See http://www.QBuilt.com for all your database needs.
> See http://www.Access.QBuilt.com for Microsoft Access tips.
>
> (Please remove ZERO_SPAM from my reply E-mail address, so that a
> message will be forwarded to me.)
>
>
> "Joan Wild" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> You can make your Update Queries RWOP - they will run with the query
>> owner's permission, and they won't need any permissions on the
>> table(s).
>>
>> Also you can use RWOP queries as the basis for your forms - again
>> they won't need any permissions on the tables. Just give them the
>> required permissions on the query.
>>
>> --
>> Joan Wild
>> Microsoft Access MVP
>>
>> FRED wrote:
>>> I'll give you more detail. On opening, the database is running a
>>> query to update local invoice tables from an SQL database (odbc) so
>>> to have the query update the invoice value user must have update
>>> privilege but when they consult the table trought a form they
>>> shouldn't update anything. I know that I could have the form beiing
>>> read only but when this form will be use by full data user they will
>>> not be able to update. I thought it would be more simple to run the
>>> update query on opening with update privilege. So if there is a way,
>>> let me know even if it's complicated, I could do some coding to make
>>> it work.
>>>
>>> thanks for your help.
>>>
>>> FRED
>>>
>>> "'69 Camaro" wrote:
>>>
>>>> Hi, Fred.
>>>>
>>>> You want to give read-only users _temporary_ update permissions?
>>>> The intention of read-only users is to prevent them from making
>>>> _any_ changes to the data.
>>>>
>>>> What you ask is doable, but the tasks required to provide this
>>>> "temporary" capability would be a convoluted mess. Why not create
>>>> a new group within your workgroup that has read-only permissions on
>>>> all objects, except for these four queries, and make your
>>>> designated users members of this new group, instead of the
>>>> read-only group? That way, you'd have a group for people who need
>>>> a bit more than read-only privileges and a group available for
>>>> people who really _should_ only have read-only privileges.
>>>>
>>>> HTH.
>>>>
>>>> Gunny
>>>>
>>>> See http://www.QBuilt.com for all your database needs.
>>>> See http://www.Access.QBuilt.com for Microsoft Access tips.
>>>>
>>>> (Please remove ZERO_SPAM from my reply E-mail address, so that a
>>>> message will be forwarded to me.)
>>>>
>>>>
>>>> "FRED" <(E-Mail Removed)> wrote in message
>>>> news:1AD06722-D678-4ABB-9A7E-(E-Mail Removed)...
>>>>> My Db is secured and I would like the read only user consult an
>>>>> updated DB. The problem is when the db is opening it runs four
>>>>> different update queries in background but doesn't work when
>>>>> logged on as a read only user. Is there a way to run these four
>>>>> queries with temporary update permission.
>>>>>
>>>>> Thanks
>>>>>
>>>>> FRED

Hi, Joan.

> Fred *wants* the read-only users to run
> these update queries

I agree with you. If users need to alter data, then Fred needs to provide
the means to do so. Adding RWOP on these queries is the quickest and
easiest way to do so.

> I'm not sure what you're on about.

My highly exaggerated points were the following:

1.) Adding RWOP on action queries will allow the read-only users to alter
data, instead of just "seeing" the data with SELECT queries; and

2.) If one calls these users "read-only users" who, in fact, alter data,
then people will be likely to think of them as "read-only users" who _never_
alter, add or delete data, which can confuse or anger people when they find
out that the database application doesn't work the way they believed it did;
and


3.) Users who can alter data aren't read-only users any more, even if they
started out being called "read-only users." As time goes on, a few more
little privileges can be added that read-only users don't normally have, but
the philosophy "we added the last one, so we can add just one more" can
easily prevail.

"What's in a name? That which we call a rose
By any other name would smell as sweet." -- Shakespeare

If one calls a sweet-smelling flower a "dollar bill" and tries to pass it
off as legal tender, it will still smell as sweet, but one shouldn't be
surprised when others are confused or angry about it. Likewise, if Fred
tells his clients that they are in the "read-only users" group of the
database application (or he writes the documentation that users read, or
users check the "User And Group Accounts" dialog window), they'll likely
believe that they are "read-only users" until they find out that they can
alter data. Then we can guess what name they'll call Fred. ;-)

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)


"Joan Wild" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I'm not sure what you're on about. Fred *wants* the read-only users to
run
> these update queries, which are run (in code) when the database opens.
They
> wouldn't even be aware they were running them, let alone asking to run
> others.
>
> --
> Joan Wild
> Microsoft Access MVP
>
>
>
> '69 Camaro wrote:
> > Give RWOP on action queries, not _just_ SELECT queries?!! Then _any_
> > of the users, including the read-only users, could run these queries
> > to alter data in the tables. Since "if you give 'em an inch, they'll
> > take a mile," utter chaos could ensue! ;-)
> >
> > The next thing you know, the read-only users will be asking to run
> > DELETE queries, and then asking to store data in the tables, then
> > asking to store multivalues in the fields of records ("3 Corvettes
> > sold on 4/1/2004"), then asking to group the fields (payment1,
> > payment2, payment3, ... et cetera), then we'll find that children are
> > bossing their parents around, dogs are living with cats, and pressing
> > <CTRL><ALT><DELETE> only rings the doorbell!
> >
> > And then we'll be asking, "Where did all this madness start?" And a
> > teenager will answer, "Remember that day in 2004 when we gave the
> > read-only users the ability to change data, but we still called them
> > 'read-only users'?" -- because by that time, we'll have discovered
> > that teenagers really _do_ know everything! ;-)
> >
> > Friends don't let friends drive drunk, and friends don't let friends
> > give RWOP on action queries where read-only users can log into the
> > database. ;-)
> >
> > HTH.
> >
> > Gunny
> >
> > See http://www.QBuilt.com for all your database needs.
> > See http://www.Access.QBuilt.com for Microsoft Access tips.
> >
> > (Please remove ZERO_SPAM from my reply E-mail address, so that a
> > message will be forwarded to me.)
> >
> >
> > "Joan Wild" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> You can make your Update Queries RWOP - they will run with the query
> >> owner's permission, and they won't need any permissions on the
> >> table(s).
> >>
> >> Also you can use RWOP queries as the basis for your forms - again
> >> they won't need any permissions on the tables. Just give them the
> >> required permissions on the query.
> >>
> >> --
> >> Joan Wild
> >> Microsoft Access MVP
> >>
> >> FRED wrote:
> >>> I'll give you more detail. On opening, the database is running a
> >>> query to update local invoice tables from an SQL database (odbc) so
> >>> to have the query update the invoice value user must have update
> >>> privilege but when they consult the table trought a form they
> >>> shouldn't update anything. I know that I could have the form beiing
> >>> read only but when this form will be use by full data user they will
> >>> not be able to update. I thought it would be more simple to run the
> >>> update query on opening with update privilege. So if there is a way,
> >>> let me know even if it's complicated, I could do some coding to make
> >>> it work.
> >>>
> >>> thanks for your help.
> >>>
> >>> FRED
> >>>
> >>> "'69 Camaro" wrote:
> >>>
> >>>> Hi, Fred.
> >>>>
> >>>> You want to give read-only users _temporary_ update permissions?
> >>>> The intention of read-only users is to prevent them from making
> >>>> _any_ changes to the data.
> >>>>
> >>>> What you ask is doable, but the tasks required to provide this
> >>>> "temporary" capability would be a convoluted mess. Why not create
> >>>> a new group within your workgroup that has read-only permissions on
> >>>> all objects, except for these four queries, and make your
> >>>> designated users members of this new group, instead of the
> >>>> read-only group? That way, you'd have a group for people who need
> >>>> a bit more than read-only privileges and a group available for
> >>>> people who really _should_ only have read-only privileges.
> >>>>
> >>>> HTH.
> >>>>
> >>>> Gunny
> >>>>
> >>>> See http://www.QBuilt.com for all your database needs.
> >>>> See http://www.Access.QBuilt.com for Microsoft Access tips.
> >>>>
> >>>> (Please remove ZERO_SPAM from my reply E-mail address, so that a
> >>>> message will be forwarded to me.)
> >>>>
> >>>>
> >>>> "FRED" <(E-Mail Removed)> wrote in message
> >>>> news:1AD06722-D678-4ABB-9A7E-(E-Mail Removed)...
> >>>>> My Db is secured and I would like the read only user consult an
> >>>>> updated DB. The problem is when the db is opening it runs four
> >>>>> different update queries in background but doesn't work when
> >>>>> logged on as a read only user. Is there a way to run these four
> >>>>> queries with temporary update permission.
> >>>>>
> >>>>> Thanks
> >>>>>
> >>>>> FRED
>
>
>

'69 Camaro wrote:
>
> My highly exaggerated points were the following:
>
> 1.) Adding RWOP on action queries will allow the read-only users to
> alter data, instead of just "seeing" the data with SELECT queries; and
>
> 2.) If one calls these users "read-only users" who, in fact, alter

Well I took it (perhaps wrongly), that Fred had run the security wizard, and
it was the one that used the name 'read only users', not him. He just used
the names that were offered.

--
Joan Wild
Microsoft Access MVP

> surprised when others are confused or angry about it. Likewise, if Fred
> tells his clients that they are in the "read-only users" group of the
> database application (or he writes the documentation that users read, or
> users check the "User And Group Accounts" dialog window), they'll likely
> believe that they are "read-only users" until they find out that they can
> alter data. Then we can guess what name they'll call Fred. ;-)


Camaro,
To me a "read-only user" is a user who does not have the ability to enter or
edit data in an application. This does NOT mean that the application won't
do any updates to database data so that the "read-only users" can have full
access to the latest data. If Fred builds his application well, not only
will these users not know they are doing any updates, they also won't be
able to get to any part of the application that lets them do anything other
than read the data.

--
Lynn Trapp
MS Access MVP
www.ltcomputerdesigns.com
Access Security: www.ltcomputerdesigns.com/Security.htm

Hi, Joan.

> Well I took it (perhaps wrongly), that Fred had run the security wizard,
and
> it was the one that used the name 'read only users', not him. He just
used
> the names that were offered.

I'm sure you hit the nail on the head. And he'll probably keep this name,
no matter what types of privileges will be granted to this group, either
explicitly or implicitly, as the database evolves.

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)


"Joan Wild" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> '69 Camaro wrote:
> >
> > My highly exaggerated points were the following:
> >
> > 1.) Adding RWOP on action queries will allow the read-only users to
> > alter data, instead of just "seeing" the data with SELECT queries; and
> >
> > 2.) If one calls these users "read-only users" who, in fact, alter
>
> Well I took it (perhaps wrongly), that Fred had run the security wizard,
and
> it was the one that used the name 'read only users', not him. He just
used
> the names that were offered.
>
> --
> Joan Wild
> Microsoft Access MVP
>
>