Dual Workgroup - Problem with creating administrators

  • Thread starter robert d via AccessMonster.com
  • Start date
R

robert d via AccessMonster.com

I have created a second workgroup file (different from my developer file) for
distribution of my database. I followed the Access Security FAQ (Item 33).
It works and I can log on to the application using this second workgroup file.


In my application, I have custom menus. I use code to allow administrators
to create new users as opposed to allowing access to the menu item that does
this. The application has the following groups:

Admins
PowerUsers
Users

All permissions to the database have been revoked for the Users group and the
specific user known as Admin. Neither the Admin user or anyone solely in the
Users group can logon.

I discovered with my second workgroup file that I could create new users (who
are not administrators) and they could successfully log on to the application.
These users were created to be members of PowerUsers and Users groups.
However, creating additional administrators seemed to work, but these
individuals could not logon. Administrators were made members of the Admins
and Users group.

I thought maybe my code was in some way deficient, so I turned the Access
default menu bar back on and created the administrator using the menu item.
Again added to Admins and Users groups.

The new administrator could STILL NOT LOGON. Error message "You don't have
permission,,,,,,".

So it occurred to me to add the administrator to the PowerUsers group as well.
Voila, now the adminstrator can logon and does have full adminstrative rights.


I didn't see this wrinkle documented anywhere. It is documented that any new
user must be a part of the Users group. I guess the issue is that since I
revoked permissions to open the database to the Users group and since the
Admins groups are not identical between my developer workgroup file and this
second workgroup file, the only commonality between the two workgroup files
is the creation of the PowerUsers group. Hence every user must also be a
member of this group in order to be able to open the database.

This is easy to implement, but my question is:

Is my analysis correct? Do I uhderstand what happened here or is there
something else going on that I'm not aware of.

Thanks.
 
G

Guest

Your analysis seems correct.

Every user must have permission to open the database.

Administrators can have permission to open the database, by

Having assigned personal permission
or
Member of a group that has assigned permission
or
Owner of the database
or
Member of the Admins Group which created the database.


You created a new user and assigned that user to the Admins group.
If you use this workgroup, that user will now be able to enter any
database CREATED WITH THIS WORKGROUP.

As you can see, this new user cannot enter a database created with
some other workgroup.

But this user still won't be able to enter a database created with
this (new) workgroup unless they are logged on with this workgroup
(or a copy of this workgroup), because this workgroup has the list
which says that this user is currently a member of this Admins group.

The only person who only has to be a User, without any permission,
is the Owner of the database. The Owner just has to be a User to
login. Doesn't have to be a member of any Admins group. Doesn't
have to have Open permission.

(david)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top