Re: Username and Usergroup

From: '69 Camaro (ForwardZERO_SPAM.To.69Camaro_at_Spameater.orgZERO_SPAM)
Date: 09/20/04

Next message: Neil Cash: "Re: Go to Record on Open"
Previous message: Michel Walsh: "Re: Sending bug reprots to Microsoft."
In reply to: TK: "Re: Username and Usergroup"
Next in thread: TK: "Re: Username and Usergroup"
Reply: TK: "Re: Username and Usergroup"
Messages sorted by: [ date ] [ thread ]

Date: Mon, 20 Sep 2004 04:58:54 -0700

Hi, TK.

> I'm curious - what is the point of this function? If the user is not in
the
> group that has the permissions to run the query in question, or open the
> form, etc. - they already won't be able to do so

You have a valid point about the security permissions for running queries or
opening forms. However, Jokobe didn't ask how to control these operations.
While you may disagree with me, after reading the request I interpreted
Jokobe to be requesting information for how to capture the user name and
group name to _use_ for some queries and forms:

> > > Within the database I
> > > do need the username and the usergroup for some
> > > queries/and forms. Is there a chance to catch the username
> > > when starting the database?

Access developers who need to customize database applications require a lot
more flexibility than just the ability to limit who runs which queries or
who opens which forms. These two functions I posted below allow much more
granularity of the security permissions assigned and help prevent
duplication of development and maintenance efforts.

For example, a form that has multiple inputs from various users of two
groups, "Data_Input" and "Supervisors," should have sufficient permissions
to enable both groups to open the form. However, the form's "Approved"
field should be locked for the "Data_Input" users so that they can't make
changes to it. If a developer didn't have the ability to determine whether
the current user was not a member of the "Supervisors" group in order to
lock that field when the form opens, then there would have to be two
different forms, one for members of the Data_Input" group (which lacks an
"Approved" field) and another one for members of the "Supervisors" group
(which displays all fields). Having two separate forms doubles the
developer's efforts required to make changes to the form, so this is not
desirable.

Queries can also be customized by filtering records from tables that
multiple groups are permitted to view, including when certain fields are not
necessary for members of some of the groups. Instead of creating multiple
queries that are nearly identical, one for each group, a single query can be
created and filtered with the WHERE clause, HAVING clause, and/or IIF( )
function.

> So why are you trapping that when opening the db?

I didn't mention it, but with the functions I posted below, there's no need
to trap the user name or user group upon opening the database. These
functions will return the correct values at any time while the database
application is running, so there's no need to capture and save them for
later use.

Does this explanation satisfy your curiosity?

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)

"TK" <sprdthword@hotmail.com> wrote in message
news:O56HR4vnEHA.3680@TK2MSFTNGP10.phx.gbl...
> I'm curious - what is the point of this function? If the user is not in
the
> group that has the permissions to run the query in question, or open the
> form, etc. - they already won't be able to do so and Access will gladly
let
> them know.
> So why are you trapping that when opening the db?
> Just wondering.
> TK
>
> "'69 Camaro" <ForwardZERO_SPAM.To.69Camaro@Spameater.orgZERO_SPAM> wrote
in
> message news:%23hL3I$unEHA.744@TK2MSFTNGP10.phx.gbl...
> > Hi.
> >
> > After the user has successfully logged into the secure database, use the
> > following function to determine the user's UserID:
> >
> > CurrentUser( )
> >
> > Since users are often members of multiple groups, it would probably be
> > better to find out whether the current user was a member of a specific
> group
> > that has the permissions to run a certain query or open a certain form.
> You
> > can use code such as the following to determine whether a user is a
member
> > of a specific group:
> >
> > '=======================================
> > ' Function: isMemberOfGrp( )
> > ' Returns True if the user is in the group.
> > ' Usage: isMemberOfGrp(CurrentUser(), "Admins")
> > '=======================================
> >
> > Public Function isMemberOfGrp(sUserName As String, sGrpName As String)
> >
> > On Error Resume Next
> >
> > Dim junk As String
> >
> > junk = DBEngine(0).Users(sUserName).Groups(sGrpName).Name
> >
> > '-------------------------------------------------------------------
> > ' Determine whether checking this Property
> > ' caused an error or not.
> > '-------------------------------------------------------------------
> >
> > If (Err.Number = 0) Then
> > isMemberOfGrp = True
> > Else
> > isMemberOfGrp = False
> > End If
> >
> > Err.Clear
> >
> > End Function
> >
> > HTH.
> >
> > Gunny
> >
> > See http://www.QBuilt.com for all your database needs.
> > See http://www.Access.QBuilt.com for Microsoft Access tips.
> >
> > (Please remove ZERO_SPAM from my reply E-mail address, so that a message
> > will be forwarded to me.)
> >
> >
> > "jokobe" <anonymous@discussions.microsoft.com> wrote in message
> > news:447f01c49ee9$837cf6b0$a601280a@phx.gbl...
> > > Hi ng,
> > >
> > > when starting a secure database(ACC2000) the user have to
> > > give his username and his password. Within the database I
> > > do need the username and the usergroup for some
> > > queries/and forms. Is there a chance to catch the username
> > > when starting the database?
> > >
> > > thanks in advance
> > >
> > > jokobe
> >
> >
>
>

Next message: Neil Cash: "Re: Go to Record on Open"
Previous message: Michel Walsh: "Re: Sending bug reprots to Microsoft."
In reply to: TK: "Re: Username and Usergroup"
Next in thread: TK: "Re: Username and Usergroup"
Reply: TK: "Re: Username and Usergroup"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Report in Active Directory
... I want to query the members of some groups and print the report. ... permissions are set correctly. ...
(microsoft.public.win2000.active_directory)
Re: retrieve sub form button
... To restrict the query to the currently displayed record on ... the members form, use a criteria like this in the Criteria ... Your suggestion on sub forms opens another area of unknowns for me. ...
(microsoft.public.access.formscoding)
Re: Change data on Form and NOT on Table
... > 1) How to make sure that the members of a group can only change data ... Deny that group all permissions on the tables - they should have no ... When any member of the group opens the form, they will be able to read and ... or is it enough to copy the MDW file as well as the shortcut? ...
(microsoft.public.access.gettingstarted)
choosing between queries when opening form
... I have two queries. ... list of current members only and one gives a list of past members only. ... would like to have a form that asks me what query to use when it opens. ...
(microsoft.public.access.formscoding)
[UNIX] Privilege Escalation Vulnerability on phpBB
... permissions), so although admin rights are needed to view the page, anyone ... Goto the board you wish to change the permissions for in the normal way ... Find the base directory location of the board for the script, ... This bulletin is sent to members of the SecuriTeam mailing list. ...
(Securiteam)