Q: low permission cannot convert from A97 to A2000/2003

A

A C

Was meant to be a cross post (microsoft.public.access.security) but didnt,
sorry. I will copy all replies into the other group.

Hi

I have a situation where our "master operator" (admin permissions) only has
A97, but the database is sent out and used by contractors (user permissions)
who use A2000+. The privileges are causing conversion problems, and I need
either a solution or a good work-around.

Privileges are not being used for security reasons, the data is not
particularly sensitive. It is being used for application functionality and
data integrity reasons, such as deleting records. The security is to
prevent accidents.

The admin user has full privileges. The users group are not meant to delete
any records, and have a couple of tables they are not meant to view.
Pragmatically however it is only the deletion of records that is something
we really really want to keep, we would be happy enough to consider just
hiding the other tables and leaving it at that. Once the contractor has
edited/added the data they export only those tables into text file which the
master operator imports back into A97 - so basically if they stuff out the
tables they are not meant to see then it is not a disaster as we dont care
as we wont be importing those files from them, and the contractor will be
getting a brand new version from us each time they go out anyway.

Not deleting data means not allowing the user permission to modify table
design, it is not possible to set up permissions to allow table modification
but prevent record deletion (correct?).

The problem we are having is converting the database from A97 to 2000+. The
master cannot do it as they dont have anything other than A97. So the idea
is to give the contractor the A97 database and have them convert it to their
Access. But the contractor/user cannot do it either because their
permissions prevent them from doing so.

So what can we do? All help greatly appreciated.


So far I have come up with the following ideas, comments on any of them
would be good too:

1. Ignore record deletion permission. Pros - can ignore permissions
basically. Cons - really undesirable

2. Have 2 user logins both with admin privileges. Use code on startup to
adjust the permissions of the "user admin". Pros - should work. Cons -
lots of coding (and learning on my behalf!) to do, not sure adjustments are
permanent or single session, basically defeats the purpose and niceties of
using security in the first place, probably unworkable idea

3. Have 3 user logins. Admin and Admin_Convert = full admin privileges,
Userxx = user privileges (no delete records etc). When logging in detect
the user id and if Admin_Convert then post a message saying that conversion
has been done and exit Access. Only the master operator should know the
Admin user password, so only the users will be using Admin_Convert or Userxx
ids. If the user opens up the A97 database with Userxxx they will not be
able to convert the database and will get a message to that effect. That
will remind them that it is new and they need to initially logon using the
convert login. If the user opens up the (unconverted) A97 with the user
Admin_Convert then it has admin privileges so will convert properly, and
then will quit (eg put quit in autoexec, or on the splash screen etc). They
can then login using the regular user id. If they try and relogin using
Admin_Convert it will just keep quitting on them so even though it has admin
priv it is basically useless to them.
Pros: might work. Cons: very insecure, easy for someone to get access using
Admin_Convert simply by either stopping the quit happening or by connecting
remotely to that database with that login.


Thanks in advance
A
 
D

david epsom dot com dot au

Delete is a separate permission. You can remove
delete permission and retain modify permission.

You need open exclusive permission on the database to
convert the database. 'database' permissions are
on the form as table/query permissions, but you have
to scroll UP in the combo box to see 'database'.

Convert might mess up any owner-permission queries
that you have.

(david)
 
D

dennis

There is NO workaround or solution per se. I know this
because of issues we had with "deleted users" who owned
objects in a '97 database, which then had to be converted
to 2002. (The final result after WEEKS with MS senior tech
support: you can't get there from here".)

Realistically, the "roper" method would be to remove all
workgroup security on the "source" database, then apply
said security at the destination-end. There is no way
around MS workgroup security. If your 2002 workgroup
security file has the same usernames with the sames access
capbilites, you'll be okay. Else forget it.

You can IMPORT from a 97 to a "blank" 2002 database, but
you might not get all the objects, and any unresolvable
LINKS will be lost.
-----Original Message-----
Was meant to be a cross post
(microsoft.public.access.security) but didnt,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top