User permissions for an Access 2013 web app

Built an Access web app.  All is well, with a lot of help.  Now that we're ready to go live, need to get a handle on permissions to the database.  The major permission settings are obvious, in the desktop access ability to close write connections, for example.

But what about to the app. views, themselves?

Using the notion of managing SharePoint document libraries for example, it is possible to grant unique permissions at the library level.  A user not having permissions to a library, simply doesn't get to see the library, even in search results.

What is possible then for the access web app.?  Obviously the best case would be to set unique user permission to manage privilege to the app.  When a user doesn't have privilege, they can not even see the app. views, just as in a SharePoint library.  What is possible?
VirtualKansasAsked:
Who is Participating?
 
DatabaseMX (Joe Anderson - Microsoft Access MVP)Database ArchitectCommented:
Here is the response I got from Jeff ... probably the most knowledgeable persons around on Access Web Apps:
====

Hi Joe,

If I’m understanding the customer’s question correctly, the Access web apps will inherit the same permissions from the site they are currently hosted within. So, for example, if you don’t have permissions to a site or subsite, if you attempted to browse to an Access web app within that site or subsite, you would see the exact same message that you would for other SharePoint content (like lists). The user would see the generic, “This site has not been shared with you…” It will be some variation of text like that. You wouldn’t see any part of the Access web app if you don’t already have permissions to the site or subsite the Access web is contained within.  If you have read-only permissions to the site, then users can view the app in the browser but they won’t be able to make data changes. If the user has read/write, they can view and make data changes.

You can’t use the SharePoint permissions to get more granular control over Access web apps such as on a per table basis. If you need greater control than that, you might be able to craft something together using macros.

Does that help?

Concerning the customer’s comment here…
“The second source I tripped across suggested using macro's.  In a previous Q&A on change tracking, the OnUpdate macro was suggested as a solution to populate a field for the date/time of an update.  This did not work as it caused an infinite loop.  ”

To not get into a recursive loop in that scenario, you just need to first use the “Update” function in the data macro logic to test to see the field hasn’t already been updated.

--
Jeff Conrad - Access Junkie
Senior Content Developer - Microsoft Office Content Development Team
"Access 2013 – Changing the world one app at a time."

====
0
 
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
<<What is possible? >>

 Caveat; I haven't done a web app yet.

 What I've heard from others though is that you have two choices:

1. Read-only for a user
2. Read-write for a user

  That's app wide and there's nothing else besides no Access at all.

  Any security you need will need to be built into the app.

Jim.
0
 
VirtualKansasAuthor Commented:
The second source I tripped across suggested using macro's.  In a previous Q&A on change tracking, the OnUpdate macro was suggested as a solution to populate a field for the date/time of an update.  This did not work as it caused an infinite loop.  

What I found from a seriously helpful MSFT tech. support in Fargo ND of all places was to create a table to capture the change date/time and then present that table as a related control in the view and perfect.  Now keeps a running ledger of date/time changes to the table, where as desktop macro just updated the date/time to the latest.  Some downside in a maintenance shore cleaning the new table have to figure some automation for that, but the upside is great and solved the problem.

Now to apply the same logic, could we create a user table and use parameters to capture user account info. and only present views based on that info, using Parameters against the user table?  Possibly an OnClick for a control button?
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
<<The second source I tripped across suggested using macro's.  >>

 Well that's all you have in Access Web Apps and is as I said; you'd have to build whatever security you want in the app itself.  There is nothing in the product nor in SharePoint that will help.

Jim.
0
 
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
<<Now to apply the same logic, could we create a user table and use parameters to capture user account info. and only present views based on that info, using Parameters against the user table?  Possibly an OnClick for a control button? >>

 There's really not a whole lot to work with in web apps at the moment, which is one of the main reasons I haven't done any yet.   Any projects I've bumped into far exceed what's doable or easily doable in web apps at present.

 Hopefully Microsoft will expand their capabilities in the next release, but I'm not holding my breath.

Jim.
0
 
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
By the way, let's see if anyone else jumps in.  I strongly doubt anyone will however because hardly anyone here is doing web apps.

If no one does, then I'd like to delete this question.  I know what I offered is correct, but I don't feel like it really is giving you a good answer to your problem.

Jim.
0
 
DatabaseMX (Joe Anderson - Microsoft Access MVP)Database ArchitectCommented:
I've pinged Jeff Conrad at Microsoft to see if he can shed any light on this ...

mx
0
 
VirtualKansasAuthor Commented:
Appreciate the follow through.  MSFT support has been very helpful, been going that route for most effort.  I get the gist of Jeff's response at the site level.  Am sure there is a more granular solution to add value in the app. itself, but looks like I'm on my own there.
0
 
DatabaseMX (Joe Anderson - Microsoft Access MVP)Database ArchitectCommented:
I highly recommend you get Jeff's Book Access 2013 Inside Out (Amazon - I reviewed the book) if you will be working will Access Web Apps.  I will be seeing Jeff in about 4 weeks at the MVP Summit in Redmond :-)

mx
0
 
VirtualKansasAuthor Commented:
I have Access 2013 the missing manual by McDonald, which did have a great section on web apps.  Helped.  

Just bought: Professional Access 2013 Programming by Teresa Hennig (Author), Ben Clothier (Author), George Hepworth (Author), Dagi (Doug) Yudovich (Author)  Reported to have macro solutions for granular control over in app. views.  Will have it, next week.

Will add Jeff's to the collection.

TY
0
 
VirtualKansasAuthor Commented:
BTW, tell Jeff he has great colleagues in Dennis from Fargo, ND and Kathy in Dallas, TX that are rooting through an unrelated issue for me.  Super helpful support.
0
 
DatabaseMX (Joe Anderson - Microsoft Access MVP)Database ArchitectCommented:
And that was the other book I have and was about to recommend also ... Teresa's book. I will be seeing (most) all of the authors also at the Summit.
The first 600+ pages of Jeff's book are devoted entirely to Web Apps ... and he has a load of real world 2013 Web Apps you can download and mess with.

Take care ...
mx
0
 
DatabaseMX (Joe Anderson - Microsoft Access MVP)Database ArchitectCommented:
Here is one more response from Jeff:
====

Hi Joe,

One of the main reasons you can’t get too fine of a control over the web app contents (like on a per table basis) is because the app itself is a complete SQL Azure database behind the scenes and we’re just using SharePoint to host the UI. A user could use SSMS and/or ODBC connections to directly add, edit, and delete data. In that scenario, SharePoint is really out of the picture there since you’re really only using the backend at that point. If you choose to try and craft something together using macros, you can get a little more control over the UI for users only using their web browser. It’s extra work though so you have to gauge whether the work is worth the effort.

For the two support engineers listed below, I’ve never met them personally because of their locations, but I’ve worked them very often on many issues in the past. I will make sure they hear about this feedback directly. I’m sure they’d like to hear this feedback.
====
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.