Read-0nly user can alter table relationships?

[Gabe]

I have administrative priveliges on a secured and shared
database I'm testing. I logged on as one of the read-
only users to verify security was working correctly.
Everything seemed O.K. until I tried to alter the table
relationships and succeeded! I was able to save the
changes. Does anybody have an explanation? Thanks, gabe

 

[Lynn Trapp]

What permissions does the Users Group have to the table? Access uses the
Least Restrictive method of security. Thus, since all users (including
read-only users) are members of the Users Group, if the Users Group has
update permissions, then the user will have them. You need to remove ALL
permissions to ALL objects from the Users Group and grant your permissions
to the appropriate groups that you create.

 

[Joan Wild]

I would say the security settings are not what you think they are for this
'read-only' user.

I just tested it and wasn't able to modify the relationships.

What are the permissions given to the user in the backend database for
1. the database object
2. the tables

 

[Joan Wild]

Also check the permissions for the group(s) that this user belongs to.

 

[Gabe]

I used the wizard to secure this database and I am sure
that I assigned no additional permissions to the users
group. I don't see any permissions when I go to the user
and group permissions tab then click on groups and select
users, all the boxes are white. Is that what you meant by
the backend?

 

[Gabe]

Thanks, I will go through it step by step Monday when I
get back to work and let you know. Although shouldn't
this already be the case if I secured this with the Wizard
and assigned no addtional permissions to the users group?
I then added the users once I created the user groups, (so
I never assigned priveliges to the user themselves). Gabe

 

[Joan Wild]

Open the backend mdb (I assume you are using a split database setup). When
you go to Tools, Security, Permissions, choose Groups, and then Users. What
permissions do they have for the 'database' object and for 'table' objects.

Also choose Users, and select the user you set up to belong to the read-only
group. What permissions does this user have on the 'database' object and
for the table objects.

Go to Tools, Security, Accounts and choose the username you think is
read-only. What group(s) does this user belong to? Go back to Tools,
Security, Permissions, choose Groups, and then look at the permissions for
each of the groups the user is a member of - again what permissions do these
groups have on the database and table objects?

 

[Gabe]

By the way, I created my user groups first and then added
the users to them. I didn't assign any priveliges to the
users group or any of the users themselves. I thought
priveliges are all supposed to be determined by group that
way>-----Original Message-----

 

[Bruce M. Thompson]

By the way, I created my user groups first and then added

the users to them. I didn't assign any priveliges to the
users group or any of the users themselves. I thought
priveliges are all supposed to be determined by group that
way

If you haven't already, you should download a copy of the Access Security FAQ
and read it carefully. This is the "Bible" of Access security and the steps
contained therein must be followed *to the letter* to ensure that your
application will be properly secured. Keep it handy as you go about setting up
your groups and permissions. The FAQ is available at
http://support.microsoft.com/default.aspx?scid=kb;[LN];207793