dept.mdw problem

[TC]

Rejoin the default workgroup. Then create a shortcut of the following format
(all on one line):

"path to MSACCESS.EXE"
"path to secured MDB"
/wkgrp "path to relevant MDW"

Using that shortcut will cause Access to use the specified MDW, just for
that run, without changing the default MDW that is used when you just
double-click another database.

HTH,
TC

 

[Vivian Carroll]

In Access 2000, I created a database and because different groups within the
dept needed different access rights, I created "dept.mdw" to define the
groups and users and then in the database I gave appropriate rights to the
users. When the users "join" dept.mdw, they get the proper access to the
database.

However, then they don't get proper access to the existing databases that
the dept has been using. For example, a member of the "engineers" group can
no longer create records in the drawings database because that database only
has "Admins" and "Users" groups. If an engineer has joined dept.mdw and
opens the drawings database, he can no longer edit records and only sees the
header and footer of the "add records" form because he is no longer logged
on as "Admin" so he no longer has add/edit rights. I assume this is normal.
But what is the normal work around? Do I have to teach the engineers the
clumsy process of switching back and forth from being joined to their
C:\...System.mdw and my dept.mdw? Or, do I have to go into every database
anyone who joins my dept.mdw group will ever use and define the same groups
in those databases and assign rights there too?

TIA,
Vivian Carroll

 

[Scott McDaniel]

In addition to TC's suggestions, remember that Access security is invoked
for a particular "session" of Access. When you open the Access program, you
do so via a workgroup file (even if you haven't implemented security, you
still logon as "Admin" using the default "system.mdw" file). For as long as
that particular session of Access is opened, you are logged in through the
..mdw file that you originally opened Access with. You can, of course, change
this via the Tools - Security menu, but AFAIK this basically closes and
reopens the Access program. So, if your users are changing databases during
the same Access session, they will maintain their .mdw membership and
permissions. The solution is to NOT allow full menus within your program,
and to force users to close their current session of Access before allowing
them to open a separate database.

 

[Vivian Carroll]

Thanks TC, I'll try it. Sounds as if this would do the trick. I would tell
the users to click the icon for my database when they want to use it--when
they want to use any other database, close Access and reopen it from the
regular Access icon.

Vivian

 

[Vivian Carroll]

Thanks Scott.

I already blocked full menus and I know about what you described. However,
yesterday after being joined to dept.mdw (which causes Access to prompt for
a user name and password), I closed Access, joined System.mdw, and opened
Access again. I expected Access to open without any prompt--because
System.mdw has not been changed in any way. However, it would still prompt
me for user name and password. If got somewhat confusing, but I think it
would let me use the name "esadmin" to get in (which is a group created in
dept.mdw)--not only that, sometimes it wanted a password for esadmin and
sometimes not--am I crazy or could this really have happened, and what would
be the reason?

Vivian

 

[Joan Wild]

Certainly follow the advice others have given, but I find it curious that
they can't use the drawings database even with the dept.mdw. If the
drawings database is not secured, then the Users group has full permission
on everything. This group is the same in all mdw files. So even if they
log in using dept.mdw, every user in that workgroup is a member of the
'global' Users group, and should not have any problems using the drawings
database.

What you're saying would make sense, if the drawings database has been
secured.

Didn't mean to muddy the waters. Rejoin the system.mdw file and give them a
shortcut to open your secure mdb.

 

[cafe]

Say you join workgroup file X, then start Access without using a shortcut
that selects some other workgroup file. If you are prompted to enter a
username/password, there is only one conclusion: workgroup file X has a
password on the Admin user. No if's, but's or maybe's!

HTH,
TC

 

[cafe]

But she said: "I created dept.mdw to define the groups and users and then
in the database I gave appropriate rights to the users".

That implies that it is secured, no?

TC

 

[TC]

Ok, I couldn't have read it carefully!

TC

Hi TC

The drawings database does not have permissions assigned--I assigned them in
"my database".

Vivian

 

[Vivian Carroll]

Hi TC

The drawings database does not have permissions assigned--I assigned them in
"my database".

Vivian

 

[Guest]

----- Vivian Carroll wrote: -----

In Access 2000, I created a database and because different groups within the
dept needed different access rights, I created "dept.mdw" to define the
groups and users and then in the database I gave appropriate rights to the
users. When the users "join" dept.mdw, they get the proper access to the
database.

However, then they don't get proper access to the existing databases that
the dept has been using. For example, a member of the "engineers" group can
no longer create records in the drawings database because that database only
has "Admins" and "Users" groups. If an engineer has joined dept.mdw and
opens the drawings database, he can no longer edit records and only sees the
header and footer of the "add records" form because he is no longer logged
on as "Admin" so he no longer has add/edit rights. I assume this is normal.
But what is the normal work around? Do I have to teach the engineers the
clumsy process of switching back and forth from being joined to their
C:\...System.mdw and my dept.mdw? Or, do I have to go into every database
anyone who joins my dept.mdw group will ever use and define the same groups
in those databases and assign rights there too?

TIA,
Vivian Carroll


If you go to Tools - Security - User and Group Permissions for any of those other databases, I think you will find that the Users group has full permissions for any object. Any member of the 'engineers' group is also automatically a member of Users (that's a given). So any user will be O.K.

 

[Vivian Carroll]

Thanks Mike and Joan for clarifying the User group rights for me. I did some
checking yesterday and found that for some reason the User Group in the
Drawings database has restricted rights (read only) to the table that
contains the data the "Add" form should display. I think what is happening
is that when Joe uses my secure database, he is logged on as a member of the
"Engineers" group. When he switches to the Drawings database, he becomes a
member of that database's Users group (and has a problem with the Add form).
However, when he closes Access and reopens the Drawings database (joined to
the default System.mdw), he doesn't have a problem--because that database
has not been secured and he is logging on as "Admin" with full rights. I
plan to fix the User rights in the Drawing database and see if that solves
the problem.

Vivian

----- Vivian Carroll wrote: -----

In Access 2000, I created a database and because different groups within the
dept needed different access rights, I created "dept.mdw" to define the
groups and users and then in the database I gave appropriate rights to the
users. When the users "join" dept.mdw, they get the proper access to the
database.

However, then they don't get proper access to the existing databases that
the dept has been using. For example, a member of the "engineers" group can
no longer create records in the drawings database because that database only
has "Admins" and "Users" groups. If an engineer has joined dept.mdw and
opens the drawings database, he can no longer edit records and only sees the
header and footer of the "add records" form because he is no longer logged
on as "Admin" so he no longer has add/edit rights. I assume this is normal.
But what is the normal work around? Do I have to teach the engineers the
clumsy process of switching back and forth from being joined to their
C:\...System.mdw and my dept.mdw? Or, do I have to go into every database
anyone who joins my dept.mdw group will ever use and define the same groups
in those databases and assign rights there too?

TIA,
Vivian Carroll


If you go to Tools - Security - User and Group Permissions for any of

those other databases, I think you will find that the Users group has full
permissions for any object. Any member of the 'engineers' group is also
automatically a member of Users (that's a given). So any user will be O.K.