Our Quality Assurance and Marketing people have asked me to help secure an
Access database they have on the network. This is used for customer
comments and will be reviewed by some managers. They are looking at 3
levels of security (I'm dealing with 2 levels in getting it set up). They
want a managers' level group to be able to change objects, revise and run
queries and update data. They want another group to be able to enter data,
but not to revise existing data. They want a third group to be able to
enter and modify data, but not be able to change forms or run queries.
Anyone not in one of these 3 groups is not to have access to the database.
(I was told this project was not an option for the Series i - it is to
replace an Excel spreadsheet and they wanted it to run on an Office
application.) I'm the "expert" as I taught some entry level Office courses,
along with RPG, for 5 years some time ago at a local university. One
resource I found was at <
http://office.microsoft.com/en-us/ork2000/HA011381161033.aspx>. (Note,
Admin is a user, Admins is a group - both defaults.)
I've made a copy of the database and have done the following with the copy:
- Clicked on Tools, Security, User and Group Accounts and clicked on
the Group tab. I created a Managers and a Staff group.
- Clicked on Tools, Security, User and Group Permissions, clicked on
Groups under List: and did the following:
- Users – unchecked all and clicked Apply for all object types.
- Staff – checked Insert Data (Read Design and read Data were
automatically checked) and clicked Apply for all object types.
- Managers – checked Administrator (all others automatically
checked) and clicked Apply for all object types.
- Admins – none checked by default
- Clicked on Tools, Security, User and Group Accounts and
clicked on the Users tab.
- At Name: clicked New and typed in the network ID of the new
user (currently just me)
- Under Group Membership, added the new user to the proper
groups (Manager and/or Staff)
- I tried selecting User Admin and unchecking all, but doing so
prevented access to the table I'm working with even though I'm in the
Managers and Staff groups (also in the Admins and User groups as those
cannot be removed).
I do see when I'm in Tools, Security, User and Group Permissions, that the
current user is Admin (not my signon ID) - could this be an issue?
When testing, another programmer who is not entered as a user (and of
course, not part of a group), is able to edit a table.
Under User and Group Permissions, for the Users, Admin and my ID are both
listed (I'm the only user right now). Neither user Admin nor my ID have any
rights. For the Groups, Admins does not have any rights to any of the
objects. Managers have all rights to the database, form, reports, macro,
table and query, As currently set up, Staff have no rights to the database,
form, reports and macro, and Insert Data, Read Design and Read Data rights
to the table and query. As noted above, my user ID is in the Managers and
Staff groups.
I changed the owner (under permissions) from user Admin to group Managers
because of the document I'm following saying "When you establish user-level
security, make sure that the Admin user does not own or have any permissions
on objects that you want to help secure." Then I removed all rights from
user Admin. Once I've did this and tried to work with the table, I recieved
a "Could not read definitions; no read definitions permissions for table or
query '2008 Customer Correspondence" message (so does the programmer I'm
using as a guinea pig to test security).
Any ideas on where to go next? Am I on the right track or should I be
handling this a different way?
Thanks.
Mark Plank
As an Amazon Associate we earn from qualifying purchases.