User permissions that actually work!

[Guest]

Ooooookaaaaay! You get yourself out of one hole only to plummet head first
into another. I was able to set up several different users with a user name
and password. I then went into Tools: Security: User and Group Permissions. I
went through deciding what permissions each user should and should not have.
As a test, I chose NOT to give test user Batman the ability to read the
design of any form.

So, I close out, go into the form and login as Batman. I click design view
and it takes me to design view!!!! Batman shouldn't be able to read the
design at all! Not only that, in setting everything up, I gave Batman NO
administrative rights, yet he can change user permissions. What am I doing
wrong?! This is getting so frustrating! I thought I had it, but now it is
ignoring the permissions I do and do not grant.

--
Have a nice day!

~Paul
Express Scripts,
Charting the future of pharmacy

 

[Jeff Conrad]

in message:

Ooooookaaaaay! You get yourself out of one hole only to plummet head first
into another. I was able to set up several different users with a user name
and password. I then went into Tools: Security: User and Group Permissions. I
went through deciding what permissions each user should and should not have.
As a test, I chose NOT to give test user Batman the ability to read the
design of any form.

So, I close out, go into the form and login as Batman. I click design view
and it takes me to design view!!!! Batman shouldn't be able to read the
design at all! Not only that, in setting everything up, I gave Batman NO
administrative rights, yet he can change user permissions. What am I doing
wrong?! This is getting so frustrating! I thought I had it, but now it is
ignoring the permissions I do and do not grant.

Breathe Paul, breathe!!
Nice cleansing breaths....exhale....repeat...

Ok, now that you are in your happy place a couple of points.

1. Generally you do not give individual users permissions. You
assign the permissions you desire to specific *Groups* and then
assign users to those groups. Managing the security becomes way
more easier.

2. What security resources have you consulted? User Level Security (ULS)
can be a very challenging concept to grasp the first couple of times.
Don't worry, you will "get" it, just allow yourself some time. I would
study some (all would be better) of the ULS information I have accumulated
here:

http://home.bendbroadband.com/conradsystems/accessjunkie/resources.html#Security

At a guess Batman belongs to a Group that does have permissions to
the form. Also, you probably still have some permissions granted to the
built in Users group. The Users group should have zero permissions to
anything, and that includes the database itself.

Also, before you go any further who is the Owner of the database and
all objects. If it is Admin we need to do some additional steps right now.

One last thing. You said this:

"So, I close out, go into the form and login as Batman."

Did you completely close the database and Access when you did this?

 

[Guest]

Ahhhhhhh.... breathing exercises really do work. ;-) Anyway, thanks a
million! That worked! Jeepers, you ladies and gents seem to be able to answer
every one of my questions. I am still confused as to why it would let you
change the permissions for each user if it is just going to go by the
permissions you set for their group, but who cares? It is working. Why mess
with a good thing?

--
Have a nice day!

~Paul
Express Scripts,
Charting the future of pharmacy

 

[Jeff Conrad]

in message:

Ahhhhhhh.... breathing exercises really do work. ;-)

Very good.

Anyway, thanks a million! That worked! Jeepers, you ladies and gents
seem to be able to answer every one of my questions.

You're welcome.

I am still confused as to why it would let you
change the permissions for each user if it is just going to go by the
permissions you set for their group, but who cares? It is working. Why mess
with a good thing?

There are times where you want to grant specific permissions to
a user so the need may be there.

I see from an earlier post you are using the security wizard. While the
wizard can be a useful tool I think it should only be used by someone
knowledgeable about ULS. Otherwise, just like in your situation, something
does not work quite right and you are left wondering what happened.

Here is some comments I have posted in the past:
Implementing Access User Level Security (ULS) *IS* a complicated process
until you get the hang of it. Diligent study of the topic from various sources
and practicing on dummy databases until you "got it down" is really the
best advice. Once you understand ULS it becomes a very valuable tool
in your arsenal. You have more control over the application and what
people can and cannot do.

Quite often people just jump into the subject without study by using the
Security Wizard. Although the wizard is a very useful tool, it takes away
the *knowledge* out of the equation. When something does not quite work
properly (and most often something will) then the user is left with, "Now
what did I just do?" And more importantly, "How do I fix this?!"

Even worse off some people just jump into the Security menus and screens
and start "playing" with things, not even realizing they are messing up their
default system workgroup file! I think it would be great if Access could
automatically detect if you are modifying the system.mdw and just pop
up a warning message box saying something like:

"You are about to modify the system workgroup file. This will affect
all databases you use on this machine. Are you sure you wish to proceed
with these changes?"

Also, the first screen of the Security Wizard should present a form that
has links to the Microsoft security information articles and some text about
*suggesting* reading up on the subject if you are a first time security user.

Just my 2 cents.