Solved

Getting incorrect return from AllPermissions

Posted on 2008-10-09
5
497 Views
Last Modified: 2013-11-27
I am having a problem trying to create data protection on a form. I am trying to create Edit, Add, Update features on the form, because users are accidentally editing information in a table. However I want to be able to disable the "Edit" command button if the user does not have more than "Read Data" permissions on the underlying table. However, when I test the permissions for the test user it I get a return from AllPermisions saying that the user has permissions he doesn't have.

?(currentdb.Containers("tables").Documents(me.recordsource).AllPermissions and dbSecInsertData) = dbSecInsertData
True

?me.RecordSource
tblParticipants

If I then put in the immediate pane -> me.RecordsetClone.addnew I get an error.

?"err - " & err & " [" & err.Description & "]"
err - 3033 [You do not have the necessary permissions to use the 'tblParticipants' object.  Have your system administrator or the person who created this object establish the appropriate permissions for you.]

my test user is a member of only two groups Users (required) and MyDatabaseUsers. I have created a new database under a user named MyDatabaseOwner and have removed all permissions for all the tables from Admin and Users. I have given only Read Data (which also requires Read Structure) permission to MyDatabaseUsers.

All the security is in the backend with the tables at the moment. In the form that uses a table in the backend with group permissions set to read data for the MyDatabaseUsers account I stop the code using a timer after the form is loaded.

My understanding is that AllPermissions returns a long of all the permissions inherited from the groups, but there are only two groups; one with no permissions and one with only read permissions. What am I doing wrong?
0
Comment
Question by:StepCart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 10

Assisted Solution

by:Smart_Man
Smart_Man earned 50 total points
ID: 22683820
The Permissions property returns only the explicit permissions that are granted to the current user. These permissions do not include the implicit permissions that the user inherits because the user is also a member of group accounts.


please refer to

http://support.microsoft.com/?scid=kb%3Ben-us%3B142093&x=15&y=14

maybe we can find a trick if you said what you are exactly looking to do

waiting for your reply
0
 
LVL 1

Author Comment

by:StepCart
ID: 22687233
Hey Smart Man,

Thanks for your reply.

 I am aware that the Permissions property is the permissions given exclusively to the user, but the AllPermissions property is supposed to return the permissions that are inherited from the groups (as stated in the link you sent). When I used the Permissions property I correctly get a value of 0 and, in this case, I should also be getting a value of 0 from the AllPermissions property, because the only permission granted to either of the groups the user is a member of is "read."

Perhaps I should have be clearer in my original request, but what I am trying to do is determine if a user has rights to edit the data in the form's underlying table before allow a command button on the form to be enabled that would open the form for editiing.
0
 
LVL 1

Accepted Solution

by:
StepCart earned 0 total points
ID: 22688661
I have found the answer to my question.

The AllPermissions propety is displaying the permissions for the linked table in the frontend (which has default security, ie users group has all permissions on the object). It does not see the permissions of the table in the linked db. I had to create a database obect of the backend and query for the permissions on the table there.

Please forgive me, but I am display code from both the module and the immediate pane here:

    Dim dbBackEnd As Database
?currentdb.TableDefs(me.RecordSource).Connect
;DATABASE=V:\PathToMyDatabase\MyBackend.mdb
set dbBackEnd = OpenDatabase("V:\PathToMyDatabase\MyBackend.mdb")
?dbBackEnd.Containers("tables").Documents(Me.RecordSource).AllPermissions and dbSecRetrieveData
 20
?dbBackEnd.Containers("tables").Documents(Me.RecordSource).AllPermissions and dbSecInsertData
 0

0
 
LVL 1

Author Comment

by:StepCart
ID: 22689432
Have created code to add to my Form_Load event that looks like this:

    Dim blnDoesUserHaveEditPermissions As Boolean
    Dim intStartPos As Integer
    Dim intEndPos As Integer
    Dim intPathLen As Integer
    Dim strConnect As String
    Dim dbBackEnd As Database
    Dim strBEPath As String
           
'?CurrentDb.Containers("tables").Documents(Me.RecordSource).AllPermissions
'?DBEngine.Workspaces(0).UserName
   
    strConnect = CurrentDb.TableDefs(Me.RecordSource).Connect
    intStartPos = InStr(1, strConnect, ";DATABASE=")
    If intStartPos = 0 Then
        blnDoesUserHaveEditPermissions = (CurrentDb.Containers("tables").Documents(Me.RecordSource).AllPermissions And dbSecReplaceData) = dbSecReplaceData
    Else
        intStartPos = intStartPos + Len(";DATABASE=")
        intEndPos = InStr(intStartPos, strConnect, ";")
        If intEndPos = 0 Then
            strBEPath = Mid(strConnect, intStartPos)
        Else
            intPathLen = intEndPos - intStartPos
            strBEPath = Mid(strConnect, intStartPos, intPathLen)
        End If
        Set dbBackEnd = OpenDatabase(strBEPath)
'Add error trap here for bad directory, filename, or not database file.
        blnDoesUserHaveEditPermissions = (dbBackEnd.Containers("tables").Documents(Me.RecordSource).AllPermissions And dbSecReplaceData) = dbSecReplaceData
    End If
   
    cmdEdit.Enabled = blnDoesUserHaveEditPermissions
0
 
LVL 10

Expert Comment

by:Smart_Man
ID: 22689606
thank you for posting the solution that worked for you. and yes i assumed you are using a single mdb not front/back applications.

glad you got it solved
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview: This article:       (a) explains one principle method to cross-reference invoice items in Quickbooks®       (b) explores the reasons one might need to cross-reference invoice items       (c) provides a sample process for creating a M…
A simple tool to export all objects of two Access files as text and compare it with Meld, a free diff tool.
In Microsoft Access, learn how to “cascade” or have the displayed data of one combo control depend upon what’s entered in another. Base the dependent combo on a query for its row source: Add a reference to the first combo on the form as criteria i…
In Microsoft Access, learn how to use Dlookup and other domain aggregate functions and one method of specifying a string value within a string. Specify the first argument, which is the expression to be returned: Specify the second argument, which …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question