Help with Access 2013 database permissions.

I have an access 2013 database installed on the Server.

When I right click on the database, and click the Security tab, I see 4 users listed there.  

User #1 and user #3 have the permission level set to "Modify, Read & Execute, Read and Write".

User #2 and user #4 have the permission level set to "Read & Execute" and "Read".

The only problem I am having, is that when User #2 and User #4 open the database, this message is displayed

                               "READ-ONLY  This database has been opened read-only.  
                               You can only change data in linked tables.  To make design changes, save a copy of the database.
     
                               Then the "Save As ..." button is displayed.

Is there anyway I can prevent that "read-only" message from being displayed?
eemmpphAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DatabaseMX (Joe Anderson - Microsoft Access MVP)Database Architect / Systems AnalystCommented:
For an Access back end as in this case .... All Users need FULL Permissions on the Folder containing the back end in order to use the db.
This is due in part to Access needing to create and delete the LDB/LACCDB file.
0
eemmpphAuthor Commented:
I signed in as user #2 (read only) and everything works okay:
    I can not change any fields.
    I can search for records successfully.
    I can print records successfully.  
    Which are the only things I want user #2 (and user #4) to do.

Users 1 and 3 can do anything to the database.
0
DatabaseMX (Joe Anderson - Microsoft Access MVP)Database Architect / Systems AnalystCommented:
"I can not change any fields."

Well ... it doesn't work that way.

"When I right click on the database, and click the Security tab, I see 4 users listed there."
You should be right clicking on the Folder containing the DB.

All Users need FULL Permissions on the Folder containing the back end in order to use the db.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

eemmpphAuthor Commented:
The folder location where the database resides, gives all users, all permissions.

I right clicked on the "clients.accdb", and clicked the Properties tab, then the Security tab.

I unchecked the box that reads "Include inheritable permissions from this object's parent".
I deleted all existing users.

I added users 1 and 3, giving "full controll" permissions.
I added users 2 and 4, giving only "Read & Execute, Read" permissions.

Users 1 and 2 opened the database at the same time, and can do there respective tasks successfully.
0
DatabaseMX (Joe Anderson - Microsoft Access MVP)Database Architect / Systems AnalystCommented:
OK ... I've never has to mess with specific user permissions at the physical db lever per se.

So you're saying it's working"
0
eemmpphAuthor Commented:
Yes, it is.
0
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
<<I added users 2 and 4, giving only "Read & Execute, Read" permissions.>>

  I'm surprised this "works" and I think what you'll find is that depending on who is in the DB first and who is doing what will make a difference.

  The issue is that even if I only want to read records, when you open the database, a login process occurs which involves writing to the database header page, which is the first 4K of the DB file.

  If the user does not have update rights for the DB file, that can't happen.

  As for the rest of the directory, it's as Joe said, they need full rights.   And by "Full", we are not talking about "Full Control" in the security tab, but the ability to read, write, create, and delete files.  Typically that's done only with the "Modify" permission in the security tab.  

  The database login process works with the LDB file to track locks for multi-user use.   The file needs to be created if it doesn't exist.

   You can remove Delete permission on the DB file, but that's as far as you can take it.

  So in short, you will have either:

a. Problems accessing the DB file with multiple users.

or

b. Locking issues in the DB with multiple users in (and these may not be obvious at first)

  If users don't have the proper directory and file security.

 As I said in your other question, restrictions to what the user and do and see in terms of records must be done within the DB and the application itself.   You can't control it fully with directory/file permissions unless your willing to live with the limitations.

Jim.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
eemmpphAuthor Commented:
Hi Jim, welcome back.  I used Access 2013 to open my Access 2002 clients.mdb database, and did a "save as"  clients.accdb.

I am not familiar with setting limitations within "within the DB and the application itself".

I set limitations on the file level within Windows Explorer on the Server.
0
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
<<I am not familiar with setting limitations within "within the DB and the application itself".>>

 I thought this was related to your other questions:

https://www.experts-exchange.com/questions/29091673/How-can-I-give-permissions-for-some-users-to-update-an-Access-2002-database-which-is-located-in-a-folder-on-the-Server-while-limiting-others-to-read-only.html

<<I set limitations on the file level within Windows Explorer on the Server.>>

  and more than likely, you will have some issues as a result.

Jim.
0
eemmpphAuthor Commented:
Yes Jim, that was me (when I was using the Access 2002) database.  Now I have "upgraded" the same database to an Access 2013 database.
0
eemmpphAuthor Commented:
You have the correct solution Jim.  That is, to use the Microsoft Access 2013 application to limit user access, but I don't know how to do that, but will give you the credit for the solution.
0
eemmpphAuthor Commented:
Jim's answer is the correct solution:  ". . . restrictions to what the user and do and see in terms of records must be done within the DB and the application itself".
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.