Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Getting incorrect return from AllPermissions

Posted on 2008-10-09
5
Medium Priority
?
502 Views
Last Modified: 2013-11-27
I am having a problem trying to create data protection on a form. I am trying to create Edit, Add, Update features on the form, because users are accidentally editing information in a table. However I want to be able to disable the "Edit" command button if the user does not have more than "Read Data" permissions on the underlying table. However, when I test the permissions for the test user it I get a return from AllPermisions saying that the user has permissions he doesn't have.

?(currentdb.Containers("tables").Documents(me.recordsource).AllPermissions and dbSecInsertData) = dbSecInsertData
True

?me.RecordSource
tblParticipants

If I then put in the immediate pane -> me.RecordsetClone.addnew I get an error.

?"err - " & err & " [" & err.Description & "]"
err - 3033 [You do not have the necessary permissions to use the 'tblParticipants' object.  Have your system administrator or the person who created this object establish the appropriate permissions for you.]

my test user is a member of only two groups Users (required) and MyDatabaseUsers. I have created a new database under a user named MyDatabaseOwner and have removed all permissions for all the tables from Admin and Users. I have given only Read Data (which also requires Read Structure) permission to MyDatabaseUsers.

All the security is in the backend with the tables at the moment. In the form that uses a table in the backend with group permissions set to read data for the MyDatabaseUsers account I stop the code using a timer after the form is loaded.

My understanding is that AllPermissions returns a long of all the permissions inherited from the groups, but there are only two groups; one with no permissions and one with only read permissions. What am I doing wrong?
0
Comment
Question by:StepCart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 10

Assisted Solution

by:Smart_Man
Smart_Man earned 200 total points
ID: 22683820
The Permissions property returns only the explicit permissions that are granted to the current user. These permissions do not include the implicit permissions that the user inherits because the user is also a member of group accounts.


please refer to

http://support.microsoft.com/?scid=kb%3Ben-us%3B142093&x=15&y=14

maybe we can find a trick if you said what you are exactly looking to do

waiting for your reply
0
 
LVL 1

Author Comment

by:StepCart
ID: 22687233
Hey Smart Man,

Thanks for your reply.

 I am aware that the Permissions property is the permissions given exclusively to the user, but the AllPermissions property is supposed to return the permissions that are inherited from the groups (as stated in the link you sent). When I used the Permissions property I correctly get a value of 0 and, in this case, I should also be getting a value of 0 from the AllPermissions property, because the only permission granted to either of the groups the user is a member of is "read."

Perhaps I should have be clearer in my original request, but what I am trying to do is determine if a user has rights to edit the data in the form's underlying table before allow a command button on the form to be enabled that would open the form for editiing.
0
 
LVL 1

Accepted Solution

by:
StepCart earned 0 total points
ID: 22688661
I have found the answer to my question.

The AllPermissions propety is displaying the permissions for the linked table in the frontend (which has default security, ie users group has all permissions on the object). It does not see the permissions of the table in the linked db. I had to create a database obect of the backend and query for the permissions on the table there.

Please forgive me, but I am display code from both the module and the immediate pane here:

    Dim dbBackEnd As Database
?currentdb.TableDefs(me.RecordSource).Connect
;DATABASE=V:\PathToMyDatabase\MyBackend.mdb
set dbBackEnd = OpenDatabase("V:\PathToMyDatabase\MyBackend.mdb")
?dbBackEnd.Containers("tables").Documents(Me.RecordSource).AllPermissions and dbSecRetrieveData
 20
?dbBackEnd.Containers("tables").Documents(Me.RecordSource).AllPermissions and dbSecInsertData
 0

0
 
LVL 1

Author Comment

by:StepCart
ID: 22689432
Have created code to add to my Form_Load event that looks like this:

    Dim blnDoesUserHaveEditPermissions As Boolean
    Dim intStartPos As Integer
    Dim intEndPos As Integer
    Dim intPathLen As Integer
    Dim strConnect As String
    Dim dbBackEnd As Database
    Dim strBEPath As String
           
'?CurrentDb.Containers("tables").Documents(Me.RecordSource).AllPermissions
'?DBEngine.Workspaces(0).UserName
   
    strConnect = CurrentDb.TableDefs(Me.RecordSource).Connect
    intStartPos = InStr(1, strConnect, ";DATABASE=")
    If intStartPos = 0 Then
        blnDoesUserHaveEditPermissions = (CurrentDb.Containers("tables").Documents(Me.RecordSource).AllPermissions And dbSecReplaceData) = dbSecReplaceData
    Else
        intStartPos = intStartPos + Len(";DATABASE=")
        intEndPos = InStr(intStartPos, strConnect, ";")
        If intEndPos = 0 Then
            strBEPath = Mid(strConnect, intStartPos)
        Else
            intPathLen = intEndPos - intStartPos
            strBEPath = Mid(strConnect, intStartPos, intPathLen)
        End If
        Set dbBackEnd = OpenDatabase(strBEPath)
'Add error trap here for bad directory, filename, or not database file.
        blnDoesUserHaveEditPermissions = (dbBackEnd.Containers("tables").Documents(Me.RecordSource).AllPermissions And dbSecReplaceData) = dbSecReplaceData
    End If
   
    cmdEdit.Enabled = blnDoesUserHaveEditPermissions
0
 
LVL 10

Expert Comment

by:Smart_Man
ID: 22689606
thank you for posting the solution that worked for you. and yes i assumed you are using a single mdb not front/back applications.

glad you got it solved
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Traditionally, the method to display pictures in Access forms and reports is to first download them from URLs to a folder, record the path in a table and then let the form or report pull the pictures from that folder. But why not let Windows retr…
If you need a simple but flexible process for maintaining an audit trail of who created, edited, or deleted data from a table, or multiple tables, and you can do all of your work from within a form, this simple Audit Log will work for you.
Learn how to number pages in an Access report over each group. Activate two pass printing by referencing the pages property: Add code to the Page Footers OnFormat event to capture the pages as there occur for each group. Use the pages property to …
What’s inside an Access Desktop Database. Will look at the basic interface, Navigation Pane (Database Container), Tables, Queries, Forms, Report, Macro’s, and VBA code.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question