One User in Several Groups?

C

croy

This is sounding like a dumb question, but is there any
reason why a user should, or shouldn't be in more than one
custom group.

It seems like a dumb question because even someone in the
admins group is also in the users group, and they can't be
removed from the users group.

But I've also read about permissions being an accumulation
of the least permissions (my wording is poor).

Is there any reason why someone assigned to the admins group
should, or shouldn't also be in a lesser-priviledged group
(besides User).
 
J

Joan Wild

A user can certainly be in more than one group. Every user must be a member of the Users Group - something that is sometimes overlooked when programmatically creating users.

If a user is a member of more than one group, they will have the permissions of the group with the most permissions (my wording ain't so great either). If you put someone in a 'read only' group, and also put them in a group that can delete records, then they'll be able to delete.

Since the Admins group most often has full permissions to everything, there is little point in putting them in a lesser-privileged group. They'll still have the permissions of the Admins group.

There is no right or wrong about it; it just depends on your needs. You might have two groups
enter data
run reports

It's quite possible that a user would be in one or the other or both groups.

Alternatively, you might set up your groups so that they build on the permissions of a lesser group.
read only, run reports
enter/edit data, and the previous
delete data, and all the previous
full administration
 
G

Guest

But I've also read about permissions being an accumulation
of the least permissions (my wording is poor).
Click to expand...

Permissions are an accumulation of the maximum permissions,
not the least permissions.

So the more groups you are in, the more permissions you can have.

But it is more common to have each group more powerful than
the last group, so you only have to be member of one group.

Equal but different groups are used when you give different
groups access to different data. The Access user security
model does not directly support record-level security, so
multiple-membership of equal-but-different groups is not often
used in Access.

(david)
 
C

croy

This is sounding like a dumb question, but is there any
reason why a user should, or shouldn't be in more than one
custom group.

It seems like a dumb question because even someone in the
admins group is also in the users group, and they can't be
removed from the users group.

But I've also read about permissions being an accumulation
of the least permissions (my wording is poor).

Is there any reason why someone assigned to the admins group
should, or shouldn't also be in a lesser-priviledged group
(besides User).
Click to expand...


Many thanks for the good info from Joan and David. I now
realize the stickiness was coming from code behind the form
that was trying to update tables directly (without going
thru an "owner's permissions" query. Oh, those little
changes!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

users not assigned to groups 1
User has group permissions to object, but still denied access. 3
Permissions for Default Groups 3
Remove user from group 2
Default Admins Group & Admin User Account 2
How are they opening this form? 3
Can't read table permissions! 10
No user with admin permissions 6

Top