Security question

[Guest]

Is there a way to programmically view what security grooups are assigned to
which objects?

Also, can the security on specific objects be changed through programming?

I deploy a front end database to various offices throughout the company and
often have to rebuild the security after the database is deployed, it would
be really handy to be able to print out what the groups are and who has what
rights and then to use a utility inside the program to edit those rights.

 

[Joan Wild]

The permissions are stored in the mdb file, so I don't understand why you
have to rebuild the security after deployment. When you distribute the new
mdb, you'll overwrite the existing mdb. The new one will have the
permissions as you set them.

 

[Guest]

Actually it has been my experience that when the new MDB gets over written
that certain objects no longer work and users are restricted from using
objects until I go back into security and re-assign the security groups to
the changed forms, tables or queries. it is a really big pain when your
deploying the front end over a network to an office a couple thousand miles
away. All the mdw files are different at the different locations.

 

[Joan Wild]

Then something is amiss. Are you always assigning permissions to groups
(not users)? Do all the mdw files have the same groups (name and PID)?

Are you using any make table queries?

 

[Guest]

I don't understand why you say "all the mdw files are different at the
different locations". You're supposed to have one mdw file, and each location
HAS to have a "copy" of it. Everyone using your application must be connected
to the mdw file that you distribute to them. When you deploy the front end,
then you have to deploy the mdw file (if you made new changes to it).

 

[Guest]

Oh.

The person that previously managed this program built new mdw files for each
office. I beleive they did that for security reasons, but it would make
perfect sence if all the users where in just one mdw file.

Hum, i guess then that answers my question. what i think I will do then is
gather all the users up and build one mdw file and deploy it with the
frontend.

Thank you. This is a great help.

 

[Joan Wild]

Well, for the record, each location can have a different mdw, however the
groups inside them must be the same i.e if you have a 'DataEntry' Group in
one then it must be exactly the same as in another mdw - that the same name
and PID must be used. Otherwise, Access will treat it as a different group.

 

[Guest]

Absolutely, it is the groups (and or) users that must be identical in each
mdw file. But to make life easier for everyone, it is recommended to just
have one mdw for each application and to distribute copies of it to all sites.

It's a lot easier to make a copy of the mdw file than to have to create the
same groups/users in separate mdw files. We want to make life easier for us
developers.

Ray

 

[Joan Wild]

If you assign permissions to groups, then the users don't have to be
identical. There are advantages to having a separate mdw for development vs
production (read the FAQ)

 

[Keith Wilby]

But to make life easier for everyone, it is recommended to just
have one mdw for each application and to distribute copies of it to all
sites.

It's a lot easier to make a copy of the mdw file than to have to create
the
same groups/users in separate mdw files. We want to make life easier for
us
developers.

With the gretest of respect Ray, lecturing Joan about ULS is like telling
Paul McCartney how to write a smashing tune ;-)

Regards,
Keith.

 

[Guest]

Who's lecturing? I was agreeing with her. She opted to get into more details.

 

[Keith Wilby]

Who's lecturing? I was agreeing with her. She opted to get into more
details.

My apologies, I misunderstood.

Keith.