rwop

[hireagenius via AccessMonster.com]

Hi again Heros,
I have reviewed the threads on RWOP queries, and that section in Microsoft
Security FAQ - I have gathered enough information about it to know that I
need a comprehensive understanding, an overview of RWOP.

Is it appropriate for me to ask on this Discussion Group
for recommendations on books or any other publications on rwop queries? If
not, please forgive.

If so -

Please do so.

I have created a rwop on a secure database but I don't know which is the cart
and which is horse. If I knew more about rwop queries I would better
understand the sequence i should follow.

Thanks for any assistance.
CharlieHorse

 

[Joan Wild]

RWOP

Run With Owner Permissions



This means run the query as though the query owner was running it.



It allows you to remove all permissions for users on the tables.



Now if you create a query against those tables, the user won't be able to
run that query, because they don't have any permissions on the underlying
tables.



By putting WITH OWNERACCESS (making it RWOP) on the query, you are saying
'allow the user to run this query as though I, the owner of the query, am
running it'.



The owner of a query most often has full permission on the tables, so this
allows the user to run the query.



RWOP doesn't automatically mean that the user has all the permissions that
the query owner does. You still need to assign appropriate permissions on
the *query* in order for the user to run it. So you could assign read data
permissions on the query, and they'll only be able to read data, even though
the owner has full permissions on the underlying table(s).



Furthermore, if the query owner has only read data permissions on the
underlying tables, they can't assign update/insert/delete permissions on the
query and expect that to succeed. The user running the query will still be
restricted by the owner's permissions on the underlying queries.


Does that help?

 

[hireagenius via AccessMonster.com]

Joan,Thanks once again for your response. That does help.

Your clarification of rwop does help me think through the process, esecially
concerning how I have set the permissions for users. If my query doesn't
work, it may not be the query itself, it could be how I have set up the
security.

I had a question for you but as I articulated it, the answers began coming to
me so I am ready to test my logic. You don't know how much you have helped.
Having someone to ask these questions to forces me to clarify in my own mind
what I need to do. Beforehand, I was thinking that the rwop would prevent
users from entering data, but no, they will have owner's permissions. That
was what I meant regarding the cart and horse. How can users view data they
entered if they can't enter data. Your explanation of rwop really helped. I
guess I was thinking that it meant with permission of the owner not with the
permissions of the owner. With that and the CurrentUser() i am ready to
begin.

Thank you
Charlie

RWOP

Run With Owner Permissions

This means run the query as though the query owner was running it.

It allows you to remove all permissions for users on the tables.

Now if you create a query against those tables, the user won't be able to
run that query, because they don't have any permissions on the underlying
tables.

By putting WITH OWNERACCESS (making it RWOP) on the query, you are saying
'allow the user to run this query as though I, the owner of the query, am
running it'.

The owner of a query most often has full permission on the tables, so this
allows the user to run the query.

RWOP doesn't automatically mean that the user has all the permissions that
the query owner does. You still need to assign appropriate permissions on
the *query* in order for the user to run it. So you could assign read data
permissions on the query, and they'll only be able to read data, even though
the owner has full permissions on the underlying table(s).

Furthermore, if the query owner has only read data permissions on the
underlying tables, they can't assign update/insert/delete permissions on the
query and expect that to succeed. The user running the query will still be
restricted by the owner's permissions on the underlying queries.

Does that help?

Hi again Heros,
I have reviewed the threads on RWOP queries, and that section in

[quoted text clipped - 19 lines]

 

[Joan Wild]

Here's another tip for you. You can create a RWOP query for each of your
tables, and remove all permissions from the tables for users. Use these
base queries as the basis for all other queries/forms/reports. Only the
base queries need to be RWOP; the queries based on these do not.

--
Joan Wild
Microsoft Access MVP

Joan,Thanks once again for your response. That does help.

Your clarification of rwop does help me think through the process,
esecially concerning how I have set the permissions for users. If my
query doesn't work, it may not be the query itself, it could be how I
have set up the security.

I had a question for you but as I articulated it, the answers began
coming to me so I am ready to test my logic. You don't know how much
you have helped. Having someone to ask these questions to forces me
to clarify in my own mind what I need to do. Beforehand, I was
thinking that the rwop would prevent users from entering data, but
no, they will have owner's permissions. That was what I meant
regarding the cart and horse. How can users view data they entered if
they can't enter data. Your explanation of rwop really helped. I
guess I was thinking that it meant with permission of the owner not
with the permissions of the owner. With that and the CurrentUser()
i am ready to begin.

Thank you
Charlie

RWOP

Run With Owner Permissions

This means run the query as though the query owner was running it.

It allows you to remove all permissions for users on the tables.

Now if you create a query against those tables, the user won't be
able to run that query, because they don't have any permissions on
the underlying tables.

By putting WITH OWNERACCESS (making it RWOP) on the query, you are
saying 'allow the user to run this query as though I, the owner of
the query, am running it'.

The owner of a query most often has full permission on the tables,
so this allows the user to run the query.

RWOP doesn't automatically mean that the user has all the
permissions that the query owner does. You still need to assign
appropriate permissions on the *query* in order for the user to run
it. So you could assign read data permissions on the query, and
they'll only be able to read data, even though the owner has full
permissions on the underlying table(s).

Furthermore, if the query owner has only read data permissions on the
underlying tables, they can't assign update/insert/delete
permissions on the query and expect that to succeed. The user
running the query will still be restricted by the owner's
permissions on the underlying queries.

Does that help?

Hi again Heros,
I have reviewed the threads on RWOP queries, and that section in

[quoted text clipped - 19 lines]

 

[hireagenius via AccessMonster.com]

Joan,
I will keep your tip mind as I proceed to the production database. right now
I don't understand the implications. The practical application that I can
think of is in conjunction with =CurrentUser so that every record on every
table that the restricted User sees is their own.

I posted a rwop success story in the wrong place - under forms. I oultined
the steps I used.
Many thanks to you and other solutions people.
Charlie

Here's another tip for you. You can create a RWOP query for each of your
tables, and remove all permissions from the tables for users. Use these
base queries as the basis for all other queries/forms/reports. Only the
base queries need to be RWOP; the queries based on these do not.

Joan,Thanks once again for your response. That does help.

[quoted text clipped - 55 lines]

I have reviewed the threads on RWOP queries, and that section in
[quoted text clipped - 19 lines]