User and Group Privileges

I'm attempting to implement User-level security on an Access 2003
database in Access 2000 format and have hit a brick wall. I created a
Workgroup Information File with myself as admin and added users without
any privileges as suggested by Access. Next, I created a Group with only
Read-Only access and added one of the users to that group. I then
assigned a temporary password to each user and finally set a password for
the admin group so access to the database by User Name and password must
be done each time the database is accessed. I did all of the above
without using the wizard. After closing the database and Access, I logged
on the database as one of the new users, supplying their User ID and new
password, so the Workgroup is active. However, that user who is a member
of the Read-Only Group can add, modify records, open the Access Data
Window, etc. Could this be caused by the default admin privileges not
being revoked for the new user, and if so, how are these privileges
revoked?

Re: User and Group Privileges

"Don Calloway" wrote in message
news:yL7aj.3773$Uq4.864@trnddc06...
> I'm attempting to implement User-level security on an Access 2003
> database in Access 2000 format and have hit a brick wall. I created a
> Workgroup Information File with myself as admin and added users without
> any privileges as suggested by Access. Next, I created a Group with only
> Read-Only access and added one of the users to that group. I then
> assigned a temporary password to each user and finally set a password for
> the admin group so access to the database by User Name and password must
> be done each time the database is accessed. I did all of the above
> without using the wizard. After closing the database and Access, I logged
> on the database as one of the new users, supplying their User ID and new
> password, so the Workgroup is active. However, that user who is a member
> of the Read-Only Group can add, modify records, open the Access Data
> Window, etc. Could this be caused by the default admin privileges not
> being revoked for the new user, and if so, how are these privileges
> revoked?

What did you use as a guide? The help is pretty rubbish IIRC. What you
should be using is the MS FAQ, there's a link to it on my web site. You
need to follow all of the steps in the order stated, omitting nothing. The
example on my web site might be of use too.

HTH - Keith.
www.keithwilby.com

Re: User and Group Privileges

On Wed, 19 Dec 2007 12:02:38 GMT, Don Calloway
wrote:

You can't implement workgroup-level security by guessing at the steps.
It's an advanced topic which requires that you download, study, and
fully understand the microsoft security faq.
This link may also help: www.jmwild.com/AccessSecurity.htm

-Tom.


>I'm attempting to implement User-level security on an Access 2003
>database in Access 2000 format and have hit a brick wall. I created a
>Workgroup Information File with myself as admin and added users without
>any privileges as suggested by Access. Next, I created a Group with only
>Read-Only access and added one of the users to that group. I then
>assigned a temporary password to each user and finally set a password for
>the admin group so access to the database by User Name and password must
>be done each time the database is accessed. I did all of the above
>without using the wizard. After closing the database and Access, I logged
>on the database as one of the new users, supplying their User ID and new
>password, so the Workgroup is active. However, that user who is a member
>of the Read-Only Group can add, modify records, open the Access Data
>Window, etc. Could this be caused by the default admin privileges not
>being revoked for the new user, and if so, how are these privileges
>revoked?

Re: User and Group Privileges

Tom van Stiphout wrote:
> On Wed, 19 Dec 2007 12:02:38 GMT, Don Calloway
> wrote:
>
> You can't implement workgroup-level security by guessing at the steps.
> It's an advanced topic which requires that you download, study, and
> fully understand the microsoft security faq.
> This link may also help: www.jmwild.com/AccessSecurity.htm
>
> -Tom.
>

I've seen it mentioned that wrkgroup level security has been removed in
A2007. I've talked to some folks that refuse to work with A2007 because
of its removal. I'm sure they have their reasons and opinions.

One of the things I like is the ability to use "currentuser" to retrieve
the user id instead of getting back "admin". Is "currentuser" removed
in A2007? Does one use a function like the one found at
http://www.mvps.org/access/api/api0008.htm that returns the Network
login ID for A2007 now?

Just curious.

Re: User and Group Privileges

"Salad" wrote in message
news:13mif7nah9j43ff@corp.supernews.com...
>
> One of the things I like is the ability to use "currentuser" to retrieve
> the user id instead of getting back "admin". Is "currentuser" removed in
> A2007?

ULS is still supported in A2k7 in the mdb format so I assume that built-in
function will still work.

Keith.

Re: User and Group Privileges

On Wed, 19 Dec 2007 13:37:31 +0000, Keith Wilby wrote:

> "Don Calloway" wrote in message
> news:yL7aj.3773$Uq4.864@trnddc06...
>> I'm attempting to implement User-level security on an Access 2003
>> database in Access 2000 format and have hit a brick wall. I created a
>> Workgroup Information File with myself as admin and added users without
>> any privileges as suggested by Access. Next, I created a Group with
>> only Read-Only access and added one of the users to that group. I then
>> assigned a temporary password to each user and finally set a password
>> for the admin group so access to the database by User Name and password
>> must be done each time the database is accessed. I did all of the
>> above without using the wizard. After closing the database and Access,
>> I logged on the database as one of the new users, supplying their User
>> ID and new password, so the Workgroup is active. However, that user
>> who is a member of the Read-Only Group can add, modify records, open
>> the Access Data Window, etc. Could this be caused by the default admin
>> privileges not being revoked for the new user, and if so, how are these
>> privileges revoked?
>
> What did you use as a guide? The help is pretty rubbish IIRC. What you
> should be using is the MS FAQ, there's a link to it on my web site. You
> need to follow all of the steps in the order stated, omitting nothing.
> The example on my web site might be of use too.
>
> HTH - Keith.
> www.keithwilby.com

Thank you very much for your response. Your website looks very helpful.
I'll give your implementation advise a go.

Re: User and Group Privileges

On Wed, 19 Dec 2007 07:47:03 -0800, Salad wrote:

Keith is right. It's only been removed from accdb files.

First time I get the opportunity to work with accdb and security, I
will write a few functions to setup Active Directory based security. I
think that will work great. Then admins can assign users to groups in
AD, and administer security levels that way.

-Tom.



>Tom van Stiphout wrote:
>> On Wed, 19 Dec 2007 12:02:38 GMT, Don Calloway
>> wrote:
>>
>> You can't implement workgroup-level security by guessing at the steps.
>> It's an advanced topic which requires that you download, study, and
>> fully understand the microsoft security faq.
>> This link may also help: www.jmwild.com/AccessSecurity.htm
>>
>> -Tom.
>>
>
>I've seen it mentioned that wrkgroup level security has been removed in
>A2007. I've talked to some folks that refuse to work with A2007 because
>of its removal. I'm sure they have their reasons and opinions.
>
>One of the things I like is the ability to use "currentuser" to retrieve
>the user id instead of getting back "admin". Is "currentuser" removed
>in A2007? Does one use a function like the one found at
>http://www.mvps.org/access/api/api0008.htm that returns the Network
>login ID for A2007 now?
>
>Just curious.