R
robert d via AccessMonster.com
I have created a second workgroup file (different from my developer file) for
distribution of my database. I followed the Access Security FAQ (Item 33).
It works and I can log on to the application using this second workgroup file.
In my application, I have custom menus. I use code to allow administrators
to create new users as opposed to allowing access to the menu item that does
this. The application has the following groups:
Admins
PowerUsers
Users
All permissions to the database have been revoked for the Users group and the
specific user known as Admin. Neither the Admin user or anyone solely in the
Users group can logon.
I discovered with my second workgroup file that I could create new users (who
are not administrators) and they could successfully log on to the application.
These users were created to be members of PowerUsers and Users groups.
However, creating additional administrators seemed to work, but these
individuals could not logon. Administrators were made members of the Admins
and Users group.
I thought maybe my code was in some way deficient, so I turned the Access
default menu bar back on and created the administrator using the menu item.
Again added to Admins and Users groups.
The new administrator could STILL NOT LOGON. Error message "You don't have
permission,,,,,,".
So it occurred to me to add the administrator to the PowerUsers group as well.
Voila, now the adminstrator can logon and does have full adminstrative rights.
I didn't see this wrinkle documented anywhere. It is documented that any new
user must be a part of the Users group. I guess the issue is that since I
revoked permissions to open the database to the Users group and since the
Admins groups are not identical between my developer workgroup file and this
second workgroup file, the only commonality between the two workgroup files
is the creation of the PowerUsers group. Hence every user must also be a
member of this group in order to be able to open the database.
This is easy to implement, but my question is:
Is my analysis correct? Do I uhderstand what happened here or is there
something else going on that I'm not aware of.
Thanks.
distribution of my database. I followed the Access Security FAQ (Item 33).
It works and I can log on to the application using this second workgroup file.
In my application, I have custom menus. I use code to allow administrators
to create new users as opposed to allowing access to the menu item that does
this. The application has the following groups:
Admins
PowerUsers
Users
All permissions to the database have been revoked for the Users group and the
specific user known as Admin. Neither the Admin user or anyone solely in the
Users group can logon.
I discovered with my second workgroup file that I could create new users (who
are not administrators) and they could successfully log on to the application.
These users were created to be members of PowerUsers and Users groups.
However, creating additional administrators seemed to work, but these
individuals could not logon. Administrators were made members of the Admins
and Users group.
I thought maybe my code was in some way deficient, so I turned the Access
default menu bar back on and created the administrator using the menu item.
Again added to Admins and Users groups.
The new administrator could STILL NOT LOGON. Error message "You don't have
permission,,,,,,".
So it occurred to me to add the administrator to the PowerUsers group as well.
Voila, now the adminstrator can logon and does have full adminstrative rights.
I didn't see this wrinkle documented anywhere. It is documented that any new
user must be a part of the Users group. I guess the issue is that since I
revoked permissions to open the database to the Users group and since the
Admins groups are not identical between my developer workgroup file and this
second workgroup file, the only commonality between the two workgroup files
is the creation of the PowerUsers group. Hence every user must also be a
member of this group in order to be able to open the database.
This is easy to implement, but my question is:
Is my analysis correct? Do I uhderstand what happened here or is there
something else going on that I'm not aware of.
Thanks.