Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
ACC: Ability to Add Users Without Permission to View Design
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.| Article ID | : | 120911 |
| Last Review | : | January 19, 2007 |
| Revision | : | 2.2 |
This article was previously published under Q120911
SUMMARY
Advanced: Requires expert coding, interoperability, and multiuser skills.
You may need to create a database in which some users have the ability to
add other users, but don't have the ability to view the design of objects
in the database. You can accomplish this by setting the ownership of
different objects, and then shipping your application together with a
different system database than the one that was used to create it. The
system database is usually the System.mdw (or SYSTEM.MDA in version 2.0).
Back to the top
MORE INFORMATION
The following example demonstrates how to make a user named Mary able to
create new user accounts but unable to view the design of existing objects
in the database:
| 1. | Quit Microsoft Access if it is running, and then make a backup copy
of your System.mdw file (or SYSTEM.MDA in version 2.0).
|
| 2. | Using the Workgroup Administrator program, create and join a new
workgroup. Make note of the Name, Organization, and Workgroup ID values
used to create the new workgroup. These values are combined to create
the group Security ID (SID) for the Admins group.
|
| 3. | Start Microsoft Access, open any database, and
In Microsoft Access 7.0 and 97:
| a. | On the Tools menu, click Security and then click User and Group
Accounts. In the User and Group Accounts dialog box click the
Change Logon Password tab. Assign a password for the Admin user. | | b. | On the Tools menu, click Security, and then click User and Group
Accounts. On the Users tab, click New, and then create a new user
called Developer. Make note of the Personal ID that you assign for
the new user. Make the Developer user a member of the Admins group. |
In Microsoft Access 2.0
| a. | On the Security menu, click Change Password. Assign a password for
the Admin user. | | b. | On the Security menu, click Users. Click New, and then create a new
user called Developer. Make note of the Personal ID that you assign
for the new user. Make the Developer user a member of the Admins
group. |
|
| 4. | Quit and then restart Microsoft Access. Log on to Microsoft Access as
the Developer user.
|
| 5. | Create a new database called Mydb.mdb. Create a new module in the data-
base, and then enter the following function in the module:
Function TestSecurity ()
MsgBox "This is a test of Security"
End Function
Save the module as TestModule. Because you are logged on as Developer,
the owner of this new module will be the Developer user.
|
| 6. | Remove all permissions on the TestModule module from the Users and
Admins groups. Make sure that only the Developer user has any
permissions on the TestModule module.
|
| 7. | Quit Microsoft Access, and then use the Workgroup Administrator program
to create and join a new workgroup. Make sure to use a different
Workgroup ID than you did when you created the workgroup in step 2. If
you do not, the module you created in step 5 will not be secure.
|
| 8. | Start Microsoft Access and open the Mydb.mdb database.
|
| 9. | Re-create the user named Developer that you created in step 3b. Make
sure to use the same Personal ID that you used in step 3b. Make the
Developer user a member of the Admins group.
|
| 10. | Create a new user called Mary. Make Mary a member of the Admins
group. Because Mary was not a member of the Admins group in the
system database in use when the database was created, Mary will not
have permissions on objects that already exist in the database.
|
| 11. | Assign a password for the Admin user as per step 3a above.
|
| 12. | Quit and then restart Microsoft Access. Log on to Microsoft Access
as Mary and then open the Mydb.mdb database. Note that although Mary
is a member of the Admins group, and can create new users, Mary has
no permissions on the TestModule module.
|
| 13. | To test the security, quit and then restart Microsoft Access. Log on
to Microsoft Access as Developer, and note that you have permissions
on the TestModule module.
|
Back to the top
REFERENCES
For more information about Microsoft Access security and how to secure your
application, search the Help Index for "security accounts," or ask the
Microsoft Access 97 Office Assistant.
Back to the top
APPLIES TO
| • | Microsoft Access 2.0 Standard Edition |
| • | Microsoft Access 95 Standard Edition |
| • | Microsoft Access 97 Standard Edition |
Back to the top
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
Be the first to leave feedback, to help others about this knowledge base
article.
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please
