Getting incorrect return from AllPermissions

I am having a problem trying to create data protection on a form. I am trying to create Edit, Add, Update features on the form, because users are accidentally editing information in a table. However I want to be able to disable the "Edit" command button if the user does not have more than "Read Data" permissions on the underlying table. However, when I test the permissions for the test user it I get a return from AllPermisions saying that the user has permissions he doesn't have.

?(currentdb.Containers("tables").Documents(me.recordsource).AllPermissions and dbSecInsertData) = dbSecInsertData
True

?me.RecordSource
tblParticipants

If I then put in the immediate pane -> me.RecordsetClone.addnew I get an error.

?"err - " & err & " [" & err.Description & "]"
err - 3033 [You do not have the necessary permissions to use the 'tblParticipants' object.  Have your system administrator or the person who created this object establish the appropriate permissions for you.]

my test user is a member of only two groups Users (required) and MyDatabaseUsers. I have created a new database under a user named MyDatabaseOwner and have removed all permissions for all the tables from Admin and Users. I have given only Read Data (which also requires Read Structure) permission to MyDatabaseUsers.

All the security is in the backend with the tables at the moment. In the form that uses a table in the backend with group permissions set to read data for the MyDatabaseUsers account I stop the code using a timer after the form is loaded.

My understanding is that AllPermissions returns a long of all the permissions inherited from the groups, but there are only two groups; one with no permissions and one with only read permissions. What am I doing wrong?
LVL 1
StepCartAsked:
Who is Participating?
 
StepCartConnect With a Mentor Author Commented:
I have found the answer to my question.

The AllPermissions propety is displaying the permissions for the linked table in the frontend (which has default security, ie users group has all permissions on the object). It does not see the permissions of the table in the linked db. I had to create a database obect of the backend and query for the permissions on the table there.

Please forgive me, but I am display code from both the module and the immediate pane here:

    Dim dbBackEnd As Database
?currentdb.TableDefs(me.RecordSource).Connect
;DATABASE=V:\PathToMyDatabase\MyBackend.mdb
set dbBackEnd = OpenDatabase("V:\PathToMyDatabase\MyBackend.mdb")
?dbBackEnd.Containers("tables").Documents(Me.RecordSource).AllPermissions and dbSecRetrieveData
 20
?dbBackEnd.Containers("tables").Documents(Me.RecordSource).AllPermissions and dbSecInsertData
 0

0
 
Smart_ManConnect With a Mentor Commented:
The Permissions property returns only the explicit permissions that are granted to the current user. These permissions do not include the implicit permissions that the user inherits because the user is also a member of group accounts.


please refer to

http://support.microsoft.com/?scid=kb%3Ben-us%3B142093&x=15&y=14

maybe we can find a trick if you said what you are exactly looking to do

waiting for your reply
0
 
StepCartAuthor Commented:
Hey Smart Man,

Thanks for your reply.

 I am aware that the Permissions property is the permissions given exclusively to the user, but the AllPermissions property is supposed to return the permissions that are inherited from the groups (as stated in the link you sent). When I used the Permissions property I correctly get a value of 0 and, in this case, I should also be getting a value of 0 from the AllPermissions property, because the only permission granted to either of the groups the user is a member of is "read."

Perhaps I should have be clearer in my original request, but what I am trying to do is determine if a user has rights to edit the data in the form's underlying table before allow a command button on the form to be enabled that would open the form for editiing.
0
 
StepCartAuthor Commented:
Have created code to add to my Form_Load event that looks like this:

    Dim blnDoesUserHaveEditPermissions As Boolean
    Dim intStartPos As Integer
    Dim intEndPos As Integer
    Dim intPathLen As Integer
    Dim strConnect As String
    Dim dbBackEnd As Database
    Dim strBEPath As String
           
'?CurrentDb.Containers("tables").Documents(Me.RecordSource).AllPermissions
'?DBEngine.Workspaces(0).UserName
   
    strConnect = CurrentDb.TableDefs(Me.RecordSource).Connect
    intStartPos = InStr(1, strConnect, ";DATABASE=")
    If intStartPos = 0 Then
        blnDoesUserHaveEditPermissions = (CurrentDb.Containers("tables").Documents(Me.RecordSource).AllPermissions And dbSecReplaceData) = dbSecReplaceData
    Else
        intStartPos = intStartPos + Len(";DATABASE=")
        intEndPos = InStr(intStartPos, strConnect, ";")
        If intEndPos = 0 Then
            strBEPath = Mid(strConnect, intStartPos)
        Else
            intPathLen = intEndPos - intStartPos
            strBEPath = Mid(strConnect, intStartPos, intPathLen)
        End If
        Set dbBackEnd = OpenDatabase(strBEPath)
'Add error trap here for bad directory, filename, or not database file.
        blnDoesUserHaveEditPermissions = (dbBackEnd.Containers("tables").Documents(Me.RecordSource).AllPermissions And dbSecReplaceData) = dbSecReplaceData
    End If
   
    cmdEdit.Enabled = blnDoesUserHaveEditPermissions
0
 
Smart_ManCommented:
thank you for posting the solution that worked for you. and yes i assumed you are using a single mdb not front/back applications.

glad you got it solved
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.