ADOX.GetPermissions Method Mystery - Help!

[rj_budz]

I must be missing something, because this issue is not addressed anywhere and
it seems to be a significant omission:

I'm attempting to get the permissions of all my users for all the objects
within a database (with a networked system.mdw), using VBA so I can export
it to Excel to play with.

I can get all user names, all groups, all forms, tables, etc. so it's just a
matter of looping through everything to get what I want. As a trial run I
hard coded the user group, object name and object type in GetPermissions
within a Function.

The problem arises with the function's return value.
The answer I get is: 147456

What does this mean? Please don't tell my "What is life, the universe and
everything?" though I wouldn't be overly surprised.

Microsoft has the GetPermissions fuction being fed into a function called
‘DecodePerms()’ which is all well and good if they had that code as well,
which they don't.

Here is the pertinent code from Microsoft:

==================================================================

Set catDB = New ADOX.Catalog

With catDB
' Open Catalog object by using connection to current database.
.ActiveConnection = CurrentProject.Connection


( ...)


' Retrieve current permissions and display them in the Immediate window.
lngRightsNow = .Groups(strGroup).GetPermissions(varObjName,
lngObjectType, _
varObjectID)
Debug.Print DecodePerms(lngRightsNow)
End With

==================================================================

It seems kind of dumb to spend the time to create an explanation if it
leaves out the most important part, don’t ya think?

Someone must have used the GetPermissions method at some point in history
and survived to write about it.

Any help out there?

 

[Dirk Goldgar]

I must be missing something, because this issue is not addressed
anywhere and it seems to be a significant omission:

I'm attempting to get the permissions of all my users for all the
objects within a database (with a networked system.mdw), using VBA so
I can export it to Excel to play with.

I can get all user names, all groups, all forms, tables, etc. so it's
just a matter of looping through everything to get what I want. As a
trial run I hard coded the user group, object name and object type in
GetPermissions within a Function.

The problem arises with the function's return value.
The answer I get is: 147456

What does this mean? Please don't tell my "What is life, the
universe and everything?" though I wouldn't be overly surprised.

Microsoft has the GetPermissions fuction being fed into a function
called 'DecodePerms()' which is all well and good if they had that
code as well, which they don't.

Here is the pertinent code from Microsoft:

==================================================================

Set catDB = New ADOX.Catalog

With catDB
' Open Catalog object by using connection to current database.
.ActiveConnection = CurrentProject.Connection


( ...)


' Retrieve current permissions and display them in the Immediate
window. lngRightsNow = .Groups(strGroup).GetPermissions(varObjName,
lngObjectType, _
varObjectID)
Debug.Print DecodePerms(lngRightsNow)
End With

==================================================================

It seems kind of dumb to spend the time to create an explanation if it
leaves out the most important part, don't ya think?

Someone must have used the GetPermissions method at some point in
history and survived to write about it.

Any help out there?

Well ... if you look in the help topic for the GetPermissions method in
the ADOX help file, you'll see that the method "Returns a Long value
that specifies a bitmask containing the permissions that the group or
user has on the object. This value can be one or more of the RightsEnum
constants." And if you click through to the topic on RightsEnum, you'll
see a table that I'll try to reproduce readably below:

Constant / Value / Description
==============================
adRightCreate / 16384 (&H4000) / The user or group has permission to
create new objects of this type.

adRightDelete / 65536 (&H10000) / The user or group has permission to
delete data from an object. For objects such as Tables, the user has
permission to delete data values from records.

adRightDrop / 256 (&H100) / The user or group has permission to remove
objects from the catalog. For example, Tables can be deleted by a DROP
TABLE SQL command.

adRightExclusive / 512 (&H200) / The user or group has permission to
access the object exclusively.

adRightExecute / 536870912 (&H20000000) / The user or group has
permission to execute the object.

adRightFull / 268435456 (&H10000000) / The user or group has all
permissions on the object.

adRightInsert / 32768 (&H8000) / The user or group has permission to
insert the object. For objects such as Tables, the user has permission
to insert data into the table.

adRightMaximumAllowed / 33554432 (&H2000000) / The user or group has the
maximum number of permissions allowed by the provider. Specific
permissions are provider-dependent.

adRightNone / 0 / The user or group has no permissions for the object.

adRightRead / -2147483648 (&H80000000) / The user or group has
permission to read the object. For objects such as Tables, the user has
permission to read the data in the table.

adRightReadDesign / 1024 (&H400) / The user or group has permission to
read the design for the object.

adRightReadPermissions / 131072 (&H20000) / The user or group can view,
but not change, the specific permissions for an object in the catalog.

adRightReference / 8192 (&H2000) / The user or group has permission to
reference the object.

adRightUpdate / 1073741824 (&H40000000) / The user or group has
permission to update the object. For objects such as Tables, the user
has permission to update the data in the table.

adRightWithGrant / 4096 (&H1000) / The user or group has permission to
grant permissions on the object.

adRightWriteDesign / 2048 (&H800) / The user or group has permission to
modify the design for the object.

adRightWriteOwner / 524288 (&H80000) / The user or group has permission
to modify the owner of the object.

adRightWritePermissions / 262144 (&H40000) / The user or group can
modify the specific permissions for an object in the catalog.
==============================

The permissions are combined by "ORing" them, and you can check for each
permission value by ANDing it to the combined permissions and seeing if
the result is nonzero. So, what does 147456 mean? Let's see, in
hexadecimal that would be &H24000, which is equivalent to

&H20000 (adRightReadPermissions)
OR
&H4000 (adRightCreate)

So the group has permissions to create objects of this type, as well as
to read permissions for this object.

If you understand how that works, you should be able to create your own
DecodePerms() function.

 

[rj_budz]

Thank you Dirk,

I did find the bit about a bitmask after sending in the question, , but
didn't really "get" it.
Thanks for the insight. I'm sure I can work it out from here.

:
(... )

 

[Brendan Reynolds]

For whatever it may be worth, from various references at MSDN, it would
appear that the DecodeParms procedure was probably included in
AccessSecurity.mdb on the CD that accompanied the Office 2000 Developer's
Guide.

 

[rj_budz]

I read that too. Wouldn't it have been nice to include this info in the
explanation?
I'm glad someone was able to answer my question, don't get me wrong, but
when you research an problem, you hope to find the complete answer.