Access (security: ownership)

A

Access101

If USER_A & USER_B both have Admin priveledges, but one is the owner of all
the objects (USER_A created the db and assigned Admin rights to USER_B), what
ability does USER_A have over USER_B.

Only the ability to give away ownership of objects?

And if USER_A leaves the company without assigning object owership over to
USER_B, is USER_B left without some important abilities?

Any light shedding is appreciated.
 
S

S Panja

Even if User_A has assigned all administrative privileges and transferred all
object ownership to User_B, the database ownership remains with User_A. If
User_A leaves the company permanently, User_B should attempt taking over
database ownership.
 
A

Access101

What would User_B's attempt at taking over ownership look like?

The only way would be to take over User_A's logon?
 
A

Access101

First of all thank you for your response

Although my User_B is an Admin but not an owner -- User_A is
Admin/Owner of everything--what privileges or drawbacks does User_B have.
What
can’t they do in this scenario. I assume they can do everything User_A does,
except ____
 
T

TC

I suggest that you do not use terms like "an Admin" when discussing
Access security. It just gets way too confusing. You might mean the
standard Admin user, or, a member of the Admins group. And,the standard
Admin user might or might not have administrative priviliges to the
database.

HTH,
TC
 
A

Access101

From what I gather in what you wrote, my initial description of USER_A who is
"an Admin/Owner of EVERYTHING" has more than one logical scenario:

1. This user is an Admin who has ownership of everything including the db
itself, AND has Administrative priviledges

2. This user is an Admin who has ownership of everything including the db
itself, BUT has NO Administrative priviledges ... aka, is not an
Administrator.
 
J

Joan Wild

You keep muddying things...I'll see if I can clarify.
From what I gather in what you wrote, my initial description of
USER_A who is "an Admin/Owner of EVERYTHING" has more than one
logical scenario:

If userA is a member of the Admins Group and Owns everything then
1. This user is an Admin who has ownership of everything including
the db itself, AND has Administrative priviledges

is true.
2. This user is an Admin who has ownership of everything including
the db itself, BUT has NO Administrative priviledges ... aka, is not
an Administrator.

That would be true if they weren't a member of the Admins Group.

(you see why you are causing confusion when you use the term 'Admin' - that
has specific meaning in Access - also there is a difference between
'Admin'(the user) and 'Admins' (the group). Your use of Admin isn't clear).

Back to your original question, if I could re-word it (tell us if I got it
wrong)
Although my User_B is a member of the Admins Group but not an owner --
User_A is
a member of the Admins Group and is Owner of everything--what privileges or
drawbacks does User_B have.

I can't think of anything. If they are a member of the Admins group, they
can assign/change permissions on any object.

Why are you asking? What's the scenario you envision?
 
A

Access101

Joan thanks for your patience and explanation. It sounds like things are a
little muddy.

I had hoped that although I was "generically" using the word Admin, that it
could still be ascertained from my original posting ("USER_A is an
Admin/Owner of EVERYTHING") that:

"UserName" = USER_A
"AN ADMIN" = Administrative Priviledges
"AN ADMIN/Owner of EVERYTHING" = Definately Administrative Priviledges

But onward and upward.

My concern is this:

UserName User_A created the database, and has all ownership and
Administrative Priviledges.

I have created another username: User_B, who has no ownership, but all
Administrative priviledges.

One day, I (UserName: User_A) might leave the company (i.e. taking my
UserName User_A "with me").

If UserName: User_B is now the only person with an administrative logon -
cause no one is using my logon anymore of UserName: User_A.

Will username User_B be impeded in managing the database in any way given
the fact that he doesn't OWN ANY of the objects, including the database
itself.

Because UserName User_A who has left the company was the logon with all the
ownership.



If I don't hand over Ownership to
 
J

Joan Wild

Access101 said:
Joan thanks for your patience and explanation. It sounds like things
are a little muddy.

I had hoped that although I was "generically" using the word Admin,
that it could still be ascertained from my original posting ("USER_A
is an Admin/Owner of EVERYTHING") that:

In Access there is a distinct meaning to the word 'Admin' - it is a user
that in a properly secured database should have *no* permissions; yet you
continue to use that term. Are your users (A+/or B) members of the Admins
Group, or are you talking about an 'adminstrative group' that you created
yourself - IT MATTERS!
"UserName" = USER_A
"AN ADMIN" = Administrative Priviledges

Does it equal = member of Admins Group?
"AN ADMIN/Owner of EVERYTHING" = Definately Administrative Priviledges

But onward and upward.

I'm sorry, but I'm not joining you onward or upward, until you clarify.
My concern is this:
One day, I (UserName: User_A) might leave the company (i.e. taking my
UserName User_A "with me").

Well, in all honesty, that probably isn't kosher. Your company has rights
to the database you created while under their employ, and therefore you
can't take anything with you.
You are obligated to give them your username/password.

Nonetheless, I don't see anything impeding User_B from taking
over/ownership.
 
T

TC

The term "an Admin" does not have a clear meaning. I suggest that you
stop using it.

HTH,
TC
 
A

Access101

Thanks for staying with me onward and upward.

Username User_A is in the Admins Group, and has all Administrative
Priviledges along with ownership of everything.

The UserName Admin has no priviledges.

From what you wrote, I'm understanding that I can, upon leaving the company,
delete my UserName, User_A. And although User_A had ownership of all the
objects, somehow User_B (who is also a member of the Admins group but not an
owner of anything) will not be hindered in any way in the future going
forward with completely being able to manage the database.
 
S

S Panja

Reading Joan and Lynn together, there is nothing impeding User_B from logging
on, creating a new blank database and importing all the objects from the
previous database.
 
J

Joan Wild

Access101 said:
From what you wrote, I'm understanding that I can, upon leaving the
company, delete my UserName, User_A. And although User_A had
ownership of all the objects, somehow User_B (who is also a member of
the Admins group but not an owner of anything) will not be hindered
in any way in the future going forward with completely being able to
manage the database.

True
 
T

TC

Remember the three users who have full access to & control of an
object:

1. The owner of the object;

2. Any member of the Admins group of the workgroup file which was in
effect when the database was first created, and

3. Any user who has explicitly been granted 'Administer' permission to
the object.

If you delete user 1., you still have all the user 2.'s.

The key point, IMHO, is always to remember the Name, Organization and
Wordgroup ID (WID) of the securing workgroup file. Write those details
down somewhere. Then you can /always/ regain full control of the
database, by creating a new workgroup file, using those details, then
logging on "silently" as the default Admin user - who (a) will be a
member of the Admins group, (b) will therefore have full administrative
control of the database, and (c) will not have a password in that file
yet.

HTH,
TC
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top