Solved

Getting incorrect return from AllPermissions

Posted on 2008-10-09
5
479 Views
Last Modified: 2013-11-27
I am having a problem trying to create data protection on a form. I am trying to create Edit, Add, Update features on the form, because users are accidentally editing information in a table. However I want to be able to disable the "Edit" command button if the user does not have more than "Read Data" permissions on the underlying table. However, when I test the permissions for the test user it I get a return from AllPermisions saying that the user has permissions he doesn't have.

?(currentdb.Containers("tables").Documents(me.recordsource).AllPermissions and dbSecInsertData) = dbSecInsertData
True

?me.RecordSource
tblParticipants

If I then put in the immediate pane -> me.RecordsetClone.addnew I get an error.

?"err - " & err & " [" & err.Description & "]"
err - 3033 [You do not have the necessary permissions to use the 'tblParticipants' object.  Have your system administrator or the person who created this object establish the appropriate permissions for you.]

my test user is a member of only two groups Users (required) and MyDatabaseUsers. I have created a new database under a user named MyDatabaseOwner and have removed all permissions for all the tables from Admin and Users. I have given only Read Data (which also requires Read Structure) permission to MyDatabaseUsers.

All the security is in the backend with the tables at the moment. In the form that uses a table in the backend with group permissions set to read data for the MyDatabaseUsers account I stop the code using a timer after the form is loaded.

My understanding is that AllPermissions returns a long of all the permissions inherited from the groups, but there are only two groups; one with no permissions and one with only read permissions. What am I doing wrong?
0
Comment
Question by:StepCart
  • 3
  • 2
5 Comments
 
LVL 10

Assisted Solution

by:Smart_Man
Smart_Man earned 50 total points
Comment Utility
The Permissions property returns only the explicit permissions that are granted to the current user. These permissions do not include the implicit permissions that the user inherits because the user is also a member of group accounts.


please refer to

http://support.microsoft.com/?scid=kb%3Ben-us%3B142093&x=15&y=14

maybe we can find a trick if you said what you are exactly looking to do

waiting for your reply
0
 
LVL 1

Author Comment

by:StepCart
Comment Utility
Hey Smart Man,

Thanks for your reply.

 I am aware that the Permissions property is the permissions given exclusively to the user, but the AllPermissions property is supposed to return the permissions that are inherited from the groups (as stated in the link you sent). When I used the Permissions property I correctly get a value of 0 and, in this case, I should also be getting a value of 0 from the AllPermissions property, because the only permission granted to either of the groups the user is a member of is "read."

Perhaps I should have be clearer in my original request, but what I am trying to do is determine if a user has rights to edit the data in the form's underlying table before allow a command button on the form to be enabled that would open the form for editiing.
0
 
LVL 1

Accepted Solution

by:
StepCart earned 0 total points
Comment Utility
I have found the answer to my question.

The AllPermissions propety is displaying the permissions for the linked table in the frontend (which has default security, ie users group has all permissions on the object). It does not see the permissions of the table in the linked db. I had to create a database obect of the backend and query for the permissions on the table there.

Please forgive me, but I am display code from both the module and the immediate pane here:

    Dim dbBackEnd As Database
?currentdb.TableDefs(me.RecordSource).Connect
;DATABASE=V:\PathToMyDatabase\MyBackend.mdb
set dbBackEnd = OpenDatabase("V:\PathToMyDatabase\MyBackend.mdb")
?dbBackEnd.Containers("tables").Documents(Me.RecordSource).AllPermissions and dbSecRetrieveData
 20
?dbBackEnd.Containers("tables").Documents(Me.RecordSource).AllPermissions and dbSecInsertData
 0

0
 
LVL 1

Author Comment

by:StepCart
Comment Utility
Have created code to add to my Form_Load event that looks like this:

    Dim blnDoesUserHaveEditPermissions As Boolean
    Dim intStartPos As Integer
    Dim intEndPos As Integer
    Dim intPathLen As Integer
    Dim strConnect As String
    Dim dbBackEnd As Database
    Dim strBEPath As String
           
'?CurrentDb.Containers("tables").Documents(Me.RecordSource).AllPermissions
'?DBEngine.Workspaces(0).UserName
   
    strConnect = CurrentDb.TableDefs(Me.RecordSource).Connect
    intStartPos = InStr(1, strConnect, ";DATABASE=")
    If intStartPos = 0 Then
        blnDoesUserHaveEditPermissions = (CurrentDb.Containers("tables").Documents(Me.RecordSource).AllPermissions And dbSecReplaceData) = dbSecReplaceData
    Else
        intStartPos = intStartPos + Len(";DATABASE=")
        intEndPos = InStr(intStartPos, strConnect, ";")
        If intEndPos = 0 Then
            strBEPath = Mid(strConnect, intStartPos)
        Else
            intPathLen = intEndPos - intStartPos
            strBEPath = Mid(strConnect, intStartPos, intPathLen)
        End If
        Set dbBackEnd = OpenDatabase(strBEPath)
'Add error trap here for bad directory, filename, or not database file.
        blnDoesUserHaveEditPermissions = (dbBackEnd.Containers("tables").Documents(Me.RecordSource).AllPermissions And dbSecReplaceData) = dbSecReplaceData
    End If
   
    cmdEdit.Enabled = blnDoesUserHaveEditPermissions
0
 
LVL 10

Expert Comment

by:Smart_Man
Comment Utility
thank you for posting the solution that worked for you. and yes i assumed you are using a single mdb not front/back applications.

glad you got it solved
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I see at least one EE question a week that pertains to using temporary tables in MS Access.  But surprisingly, I was unable to find a single article devoted solely to this topic. I don’t intend to describe all of the uses of temporary tables in t…
A simple tool to export all objects of two Access files as text and compare it with Meld, a free diff tool.
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
Using Microsoft Access, learn some simple rules for how to construct tables in a relational database. Split up all multi-value fields into single values: Split up fields that belong to other things into separate tables: Make sure that all record…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now