Windows permissions problem: cannot lock file

[Nemo]

I have a secured, split database. Works fine on my computer. I have
Admin permissions both with Access DB and with Windows.

Took the database to the user. Same setup. User has "PowerUser"
permissions. Got a "cannot lock file" error message. Only when the
user got full Windows Admin rights, would things work.Is there a way
to get things to work without full Windows Admin rights?

Using Access 2003, Windows XP, Novell network. Only 1 user was trying
to use the database.
The database was not at the root of the drive. The network is
shared. The database is 5 levels down in the UNC path.

Thanks for all your help.
Nadine

 

['69 Camaro]

Hi, Nadine.

User has "PowerUser"
permissions.

The Windows Administrator lied to you. This user has "Crippled User"
permissions.

Got a "cannot lock file" error message.

That's because the user doesn't have create or modify permissions on the
files in that directory. Access needs to create an LDB (locking database)
file or else set the exclusive lock in the MDB file, but your user can't
write to either of those files without the proper permissions.

Is there a way
to get things to work without full Windows Admin rights?

The quickest and easiest method is to give Full Control Windows security
permissions on the directory, but your Windows Administrator is likely to
die of a heart attack after he screams, "That's not secure!!!"

Your Access users need read, write, create, modify, and delete permissions
on that directory. They don't need "List folder contents," but that
permission comes in handy when you think about it. (Without it, users can't
see the files in the directory or check their permissions, but they can
still exercise any other allowed permissions, such as reading and writing
files.) And they don't need to create and delete subdirectories and set the
permissions for the current directory and those subdirectories, but even
those advanced permssions come in handy, particularly when the Windows
Administrator can't get it right the first three or four times. That's all
the permissions that "Full Control" gives the user that the Windows
Administrator is screaming is not secure.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
Blogs: www.DataDevilDog.BlogSpot.com, www.DatabaseTips.BlogSpot.com
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

 

[David W. Fenton]

Your Access users need read, write, create, modify, and delete
permissions on that directory.

No, they don't need DELETE permissions. They do need all the others.

 

['69 Camaro]

Hi, David.

No, they don't need DELETE permissions. They do need all the others.

Would you like to have paid $10 to $100 less in U.S. federal taxes every
year for at least the previous ten years (and every year in the future)?
You could have, and every other U.S. taxpayer could have, too, but we
didn't. The reason we didn't is because of the expensive (and all too
common) work stoppages at U.S. government contractors who are using Access
database applications where the users don't have delete permissions on the
directory. I know of quite a few Access database applications where each
one to three hour work stoppage costs $10,000 to $20,000+ while the users
wait for a manager or a Windows administrator to come and delete the .LDB
file for them so that they can open the database again to do their jobs.
Only the managers have delete permissions, but unfortunately, the managers
never use the applications, and they are never around to delete the .LDB
file when needed.

I'd say that's an expensive policy, wouldn't you? Since it's so easy to
give the users delete permissions to avoid such costly work stoppages, the
punishment of $10 to $100 for every taxpayer every year for the luxury of
preventing accidental deletions of the MDB files by a few computer users
doesn't seem worth it. I hate paying that needless premium, so I always
advocate giving delete permissions to the users. Non-government
organizations are paying the costs for work stoppages as well, and customers
absorb those costs. As a customer, I'd rather not pay those costs, either.

When was the last time you accidentally deleted an Access database file and
wished you hadn't been given delete permissions on that directory as the
only solution to the problem? Never? You -- and the rest of us -- have
alternative solutions to accidental deletions, rather than prohibiting
delete permissions.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
Blogs: www.DataDevilDog.BlogSpot.com, www.DatabaseTips.BlogSpot.com
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

 

[David W. Fenton]

Would you like to have paid $10 to $100 less in U.S. federal taxes
every year for at least the previous ten years (and every year in
the future)? You could have, and every other U.S. taxpayer could
have, too, but we didn't. The reason we didn't is because of the
expensive (and all too common) work stoppages at U.S. government
contractors who are using Access database applications where the
users don't have delete permissions on the directory. I know of
quite a few Access database applications where each one to three
hour work stoppage costs $10,000 to $20,000+ while the users wait
for a manager or a Windows administrator to come and delete the
.LDB file for them so that they can open the database again to do
their jobs. Only the managers have delete permissions, but
unfortunately, the managers never use the applications, and they
are never around to delete the .LDB file when needed.

That's bad management, and the solution is not to provide users with
DELETE permission, but to fix the management problem.

I'd say that's an expensive policy, wouldn't you?

I think you're pulling it out of your ass. I've got an app that's
been running since 1998 on servers with no delete permission (5-15
simultaneous users), and it's never caused any problems itself.

Now, there have been cases where the LDB file needed to be manually
deleted, but that was not caused by not giving users delete
permission, but by other issues entirely.

Since it's so easy to
give the users delete permissions to avoid such costly work
stoppages, the punishment of $10 to $100 for every taxpayer every
year for the luxury of preventing accidental deletions of the MDB
files by a few computer users doesn't seem worth it. I hate
paying that needless premium, so I always advocate giving delete
permissions to the users. Non-government organizations are paying
the costs for work stoppages as well, and customers absorb those
costs. As a customer, I'd rather not pay those costs, either.

But then you expose the data file to the possibility of accidental
deletion. Given that I'm experienced in running this kind of
scenario and have never seen any problems from it, it seems to me
that it is without cost.

When was the last time you accidentally deleted an Access database
file and wished you hadn't been given delete permissions on that
directory as the only solution to the problem? Never? You -- and
the rest of us -- have alternative solutions to accidental
deletions, rather than prohibiting delete permissions.

Well, I respectfully disagree.

And you are discussing something different -- you said categorically
that DELETE permission was required. I said it wasn't.

Now you're arguing not that it is required, only that it is
desirable. On that we disagree.

On whether or not it is required, you would be wrong to claim that
it is.