Solved

User permissions for an Access 2013 web app

Posted on 2014-10-01
14
1,555 Views
Last Modified: 2014-10-02
Built an Access web app.  All is well, with a lot of help.  Now that we're ready to go live, need to get a handle on permissions to the database.  The major permission settings are obvious, in the desktop access ability to close write connections, for example.

But what about to the app. views, themselves?

Using the notion of managing SharePoint document libraries for example, it is possible to grant unique permissions at the library level.  A user not having permissions to a library, simply doesn't get to see the library, even in search results.

What is possible then for the access web app.?  Obviously the best case would be to set unique user permission to manage privilege to the app.  When a user doesn't have privilege, they can not even see the app. views, just as in a SharePoint library.  What is possible?
0
Comment
Question by:VirtualKansas
  • 5
  • 4
  • 4
14 Comments
 
LVL 57
ID: 40355629
<<What is possible? >>

 Caveat; I haven't done a web app yet.

 What I've heard from others though is that you have two choices:

1. Read-only for a user
2. Read-write for a user

  That's app wide and there's nothing else besides no Access at all.

  Any security you need will need to be built into the app.

Jim.
0
 

Author Comment

by:VirtualKansas
ID: 40355648
The second source I tripped across suggested using macro's.  In a previous Q&A on change tracking, the OnUpdate macro was suggested as a solution to populate a field for the date/time of an update.  This did not work as it caused an infinite loop.  

What I found from a seriously helpful MSFT tech. support in Fargo ND of all places was to create a table to capture the change date/time and then present that table as a related control in the view and perfect.  Now keeps a running ledger of date/time changes to the table, where as desktop macro just updated the date/time to the latest.  Some downside in a maintenance shore cleaning the new table have to figure some automation for that, but the upside is great and solved the problem.

Now to apply the same logic, could we create a user table and use parameters to capture user account info. and only present views based on that info, using Parameters against the user table?  Possibly an OnClick for a control button?
0
 
LVL 57
ID: 40355775
<<The second source I tripped across suggested using macro's.  >>

 Well that's all you have in Access Web Apps and is as I said; you'd have to build whatever security you want in the app itself.  There is nothing in the product nor in SharePoint that will help.

Jim.
0
 
LVL 57
ID: 40355783
<<Now to apply the same logic, could we create a user table and use parameters to capture user account info. and only present views based on that info, using Parameters against the user table?  Possibly an OnClick for a control button? >>

 There's really not a whole lot to work with in web apps at the moment, which is one of the main reasons I haven't done any yet.   Any projects I've bumped into far exceed what's doable or easily doable in web apps at present.

 Hopefully Microsoft will expand their capabilities in the next release, but I'm not holding my breath.

Jim.
0
 
LVL 57

Assisted Solution

by:Jim Dettman (Microsoft MVP/ EE MVE)
Jim Dettman (Microsoft MVP/ EE MVE) earned 250 total points
ID: 40355787
By the way, let's see if anyone else jumps in.  I strongly doubt anyone will however because hardly anyone here is doing web apps.

If no one does, then I'd like to delete this question.  I know what I offered is correct, but I don't feel like it really is giving you a good answer to your problem.

Jim.
0
 
LVL 75
ID: 40355817
I've pinged Jeff Conrad at Microsoft to see if he can shed any light on this ...

mx
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 75

Accepted Solution

by:
DatabaseMX (Joe Anderson - Access MVP) earned 250 total points
ID: 40357717
Here is the response I got from Jeff ... probably the most knowledgeable persons around on Access Web Apps:
====

Hi Joe,

If I’m understanding the customer’s question correctly, the Access web apps will inherit the same permissions from the site they are currently hosted within. So, for example, if you don’t have permissions to a site or subsite, if you attempted to browse to an Access web app within that site or subsite, you would see the exact same message that you would for other SharePoint content (like lists). The user would see the generic, “This site has not been shared with you…” It will be some variation of text like that. You wouldn’t see any part of the Access web app if you don’t already have permissions to the site or subsite the Access web is contained within.  If you have read-only permissions to the site, then users can view the app in the browser but they won’t be able to make data changes. If the user has read/write, they can view and make data changes.

You can’t use the SharePoint permissions to get more granular control over Access web apps such as on a per table basis. If you need greater control than that, you might be able to craft something together using macros.

Does that help?

Concerning the customer’s comment here…
“The second source I tripped across suggested using macro's.  In a previous Q&A on change tracking, the OnUpdate macro was suggested as a solution to populate a field for the date/time of an update.  This did not work as it caused an infinite loop.  ”

To not get into a recursive loop in that scenario, you just need to first use the “Update” function in the data macro logic to test to see the field hasn’t already been updated.

--
Jeff Conrad - Access Junkie
Senior Content Developer - Microsoft Office Content Development Team
"Access 2013 – Changing the world one app at a time."

====
0
 

Author Closing Comment

by:VirtualKansas
ID: 40357723
Appreciate the follow through.  MSFT support has been very helpful, been going that route for most effort.  I get the gist of Jeff's response at the site level.  Am sure there is a more granular solution to add value in the app. itself, but looks like I'm on my own there.
0
 
LVL 75
ID: 40357743
I highly recommend you get Jeff's Book Access 2013 Inside Out (Amazon - I reviewed the book) if you will be working will Access Web Apps.  I will be seeing Jeff in about 4 weeks at the MVP Summit in Redmond :-)

mx
0
 

Author Comment

by:VirtualKansas
ID: 40357755
I have Access 2013 the missing manual by McDonald, which did have a great section on web apps.  Helped.  

Just bought: Professional Access 2013 Programming by Teresa Hennig (Author), Ben Clothier (Author), George Hepworth (Author), Dagi (Doug) Yudovich (Author)  Reported to have macro solutions for granular control over in app. views.  Will have it, next week.

Will add Jeff's to the collection.

TY
0
 

Author Comment

by:VirtualKansas
ID: 40357760
BTW, tell Jeff he has great colleagues in Dennis from Fargo, ND and Kathy in Dallas, TX that are rooting through an unrelated issue for me.  Super helpful support.
0
 
LVL 75
ID: 40357785
And that was the other book I have and was about to recommend also ... Teresa's book. I will be seeing (most) all of the authors also at the Summit.
The first 600+ pages of Jeff's book are devoted entirely to Web Apps ... and he has a load of real world 2013 Web Apps you can download and mess with.

Take care ...
mx
0
 
LVL 75
ID: 40358014
Here is one more response from Jeff:
====

Hi Joe,

One of the main reasons you can’t get too fine of a control over the web app contents (like on a per table basis) is because the app itself is a complete SQL Azure database behind the scenes and we’re just using SharePoint to host the UI. A user could use SSMS and/or ODBC connections to directly add, edit, and delete data. In that scenario, SharePoint is really out of the picture there since you’re really only using the backend at that point. If you choose to try and craft something together using macros, you can get a little more control over the UI for users only using their web browser. It’s extra work though so you have to gauge whether the work is worth the effort.

For the two support engineers listed below, I’ve never met them personally because of their locations, but I’ve worked them very often on many issues in the past. I will make sure they hear about this feedback directly. I’m sure they’d like to hear this feedback.
====
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a multiple monitor setup, if you don't want to use AutoCenter to position your popup forms, you have a problem: where will they appear?  Sometimes you may have an additional problem: where the devil did they go?  If you last had a popup form open…
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.
In Microsoft Access, learn different ways of passing a string value within a string argument. Also learn what a “Type Mis-match” error is about.

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

30 Experts available now in Live!

Get 1:1 Help Now