Re: Relink question
- From: "Graham Mandeno" <Graham.Mandeno@xxxxxxxxxxxxx>
- Date: Tue, 25 Nov 2008 10:04:48 +1300
Hi Bruce
You're correct about "source" and "destination". Source is where you are
linking *from* (backend) and destination is where you are linking *to*
(frontend).
You're also correct about the FAQ being a difficult document to grasp. In
its defence, it covers a lot of information about a very complex area, but
it was also written by quite a number of people over a number of years and
versions, and it would definitely benefit from a rewrite. For a start, I
doubt anyone is interested in the Access 2.0 bits any more! Unfortunately,
since ULS is the baby that MS has thrown out with the bathwater, putting
resources into a rewrite is unlikely :-(
Basically, any user who may relink tables (and for me this means any user
who may open the frontend) should have all permissions to <New
tables/queries> in the frontend (see section 16.3). Then, provided they
have Open/Run permissions on the backend (which they would need to read the
data anyway), they can link tables using the delete-and-recreate-TableDef
method (section 14.3).
Sorry if you already told me, but how did you get on with reading/writing
the INI file?
--
Good Luck :-)
Graham Mandeno [Access MVP]
Auckland, New Zealand
"BruceM" <bamoob@xxxxxxxxxxxxxxxx> wrote in message
news:OHbbUajTJHA.5860@xxxxxxxxxxxxxxxxxxxxxxx
It's not ULS that's the impenetrable thicket, it's the documentation. ULS
is a bit difficult to follow at first (Jack MacDonald's paper of the
subject was the one that finally led me to understand what is going on),
but the FAQ is helpful only after the subject has been learned elsewhere.
I still think they could have updated the FAQ at least to include Access
2003 in the title.
I think I have found enough clues in the documentation to deduce that the
destination database is the FE and the source database is the BE. Section
14.3 states that the Connect property can be used as long as there are
"full permissions in the destination (FE) database and Open/Run
permissions on the source database (BE) - no permissions at all are
necessary on the source tables." Assuming this literally referes to
database permissions rather permissions to any tables, queries, etc., it
either says that there are no security implications to granting all users
full permissions to the FE database, or that I would need to use the code
in the faq_SetPermissions function to change permissions temporarily.
However, the documentation for that function "assumes that a member of the
Admins group will be executing the code". I'm not sure why it assumes
that, since the group name apparentlly is passed to the function, but
assuming it is necessary to pass the Admins group name, either the code
can be run only by members of the Admins group or everybody needs to be a
member of the group. If membership in the Admins group is necessary to
run the code either everybody needs to be a member of the Admins group
(which pretty much wipes out security), or only a few users can relink
tables. Or maybe the faq_SetPermissions function is not necessary. In any
case, it seems that using the Connect property is possible
I could be mistaken about the meaning of "source" and "destination". The
source could be the origin of data (FE) that flows to the destination
(BE), or the source could be the collection of data (BE) that flows to the
destination where it will be seen and used (the FE). Figurative language
should be defined. Maybe I'm supposed to know the meaning of the two
terms, but I have not found a way to frame the search question. If I had
to bet I would say the source is the BE.
For now users will get an error message if the table link is not
successfully refreshed, and I will fix it. This has not happened, so
maybe I will continue to be lucky for a while longer. Beyond that maybe I
can use the code at the mvps web site (RefreshLink), modified to remove
some or all of the prompts. Maybe I can combine it with an ini file that
lists the path.
Beyond that I don't have a prayer, at least not until I have a few more
years experience behind me. I am extremely frustrated by my inability to
sort this out, but at least I am old enough that I know when to admit I am
beaten. Thanks for trying to help. I really do appreciate the time you
have put into your responses.
"Graham Mandeno" <Graham.Mandeno@xxxxxxxxxxxxx> wrote in message
news:E019493E-A1FE-46CC-842F-5C60C1C464BA@xxxxxxxxxxxxxxxx
Hi Bruce
The method I use (and would recommend) is the one in 14.3, because it
*always* works, no matter what the permissions on the backend tables.
Note that allowing all permissions on the linked tables in the frontend
does not grant permissions to the *data*. It just allows the user to
delete and relink the tables.
Yes, you're right, user-level security can seem like an "impenetrable
thicket", but if properly implemented it works well and is sufficiently
secure for most applications. I am one among many who are very
disappointed that it has been canned in A2007.
--
Good Luck :-)
Graham Mandeno [Access MVP]
Auckland, New Zealand
"BruceM" <bamoob@xxxxxxxxxxxxxxxx> wrote in message
news:eYgtJF$SJHA.5268@xxxxxxxxxxxxxxxxxxxxxxx
I have full permissions for all users on the BE tables, and table
permissions restricted in the FE depending on the group. The Users group
has no permissions anywhere. I think that means some variant of the code
in 14.1 of the FAQ would work (which seems to be the same general idea as
the code at the mvps web site, I think).
I have to say I marvel anew at the Security FAQ each time I see it. It
is an almost inpenetrable thicket, further impeded by instructions and
information going back to Access 2.0.
Since I do not have RWOP queries I think I can use RefreshLink. The FAQ
states:
"The best way to implement this [it is not clear in context to what
"this" refers; maybe it means restricting access to the data, or maybe
RWOP] is to remove ALL permissions from the underlying table(s) and use
only queries to get at the data you want your users to have."
But later is seems to suggest that full permissions can be assigned to
the tables in the destination database. It would help if I knew whether
the destination database is the link's destination (i.e. the BE) or if
"destination" means something else.
Anyhow, I have not found a need for RWOP queries, so I think I'm OK with
RefreshLink. If I have a problem that could be solved through the use
of RWOP queries I have not been able to identify that a RWOP query is
what I need. I think Joan Wild has some more information about this on
her web site. Yet another thing to sort out.
I do appreciate your pointing this out. I have to say, though, that it
will take a lot of development time I do not have right now to sort out
how to read the correct path from an ini file or somewhere, check the
existing link against that, and refresh the link if need be. For now
the users will get an error message, and I will fix it. I wish there
was another way, but a better solution will have to wait.
"Graham Mandeno" <Graham.Mandeno@xxxxxxxxxxxxx> wrote in message
news:A66CBCB9-26A2-4784-A941-8086AD04AF0D@xxxxxxxxxxxxxxxx
Hi Bruce
Finally, if you use user-level security then I recommend you read the
section on linked tables (section 14) in the Access Security FAQ:
http://support.microsoft.com/support/access/content/secfaq.asp
--
Good Luck :-)
Graham Mandeno [Access MVP]
Auckland, New Zealand
"BruceM" <bamoob@xxxxxxxxxxxxxxxx> wrote in message
news:u0vgJpwSJHA.5056@xxxxxxxxxxxxxxxxxxxxxxx
I declare every variable. I have chosen Option Explicit as the default
option, so Access won't let me implicitly declare. It has been a great
help with debugging.
I didn't know that about using an extension other that mdb for BE
files. ABE is not a registered file type on my machine, so I suppose
that means I would need to add it. I use user-level security for my
split databases (which is all of my newer ones), so a user who
attempts to open the file, either FE or BE, by double clicking the
icon will receive a message about insufficient permissions. The only
way in is through a shortcut that temporarily joins the user to the
secure workgroup file.
Thanks again for the information. This is an area of Access with
which I have had little experience, due in large part to a lack of
information. I have lots of information now, so I can work on gaining
experience.
"Graham Mandeno" <Graham.Mandeno@xxxxxxxxxxxxx> wrote in message
news:OTS5XKpSJHA.1908@xxxxxxxxxxxxxxxxxxxxxxx
Hi Bruce
Yes, you should Dim dbBE as DAO.Database. (It could be declared as
Object, but every database should have a reference to DAO anyway, so
early binding is faster and gives better compile-time checking.) In
any case, it will need to be declared.
BTW, EVERY variable you use should be declared. using implicit
declaration is asking for trouble. EVERY module, including Form and
Report modules should have Option Explicit at the top.
The path to the backend is just that - the full file path - for
example:
"\\MyServer\SomeShare\My App Folder\Back-end file.mdb"
BTW, there is no law that says an Access database must have the
extension "MDB". All my backends are .ABE files (Access Back-End).
It at least discourages users from double-clicking on them to open
them!
--
Good Luck :-)
Graham Mandeno [Access MVP]
Auckland, New Zealand
"BruceM" <bamoob@xxxxxxxxxxxxxxxx> wrote in message
news:OiysMhoSJHA.5900@xxxxxxxxxxxxxxxxxxxxxxx
I'll give that a try when I have a chance to get back to it, which
may not be tomorrow. Two more questions for now: Is there any need
to made the dbBE variable a DAO.Database? And is the path to the
back end a path first to the Access executable, followed by a switch
that includes the path to the BE (like with decompile, etc.), or is
it just a direct path to the BE file?
BTW, I don't think I have a project so far with more than maybe 20
tables in a single BE database.
.
- Follow-Ups:
- Re: Relink question
- From: BruceM
- Re: Relink question
- References:
- Relink question
- From: BruceM
- Re: Relink question
- From: Graham Mandeno
- Re: Relink question
- From: BruceM
- Re: Relink question
- From: Graham Mandeno
- Re: Relink question
- From: BruceM
- Re: Relink question
- From: Graham Mandeno
- Re: Relink question
- From: BruceM
- Re: Relink question
- From: Graham Mandeno
- Re: Relink question
- From: BruceM
- Re: Relink question
- From: Tony Toews [MVP]
- Re: Relink question
- From: BruceM
- Re: Relink question
- From: Graham Mandeno
- Re: Relink question
- From: BruceM
- Re: Relink question
- From: Graham Mandeno
- Re: Relink question
- From: BruceM
- Re: Relink question
- From: Graham Mandeno
- Re: Relink question
- From: BruceM
- Re: Relink question
- From: Graham Mandeno
- Re: Relink question
- From: BruceM
- Relink question
- Prev by Date: Convert Columns to Rows and insert into another table based on values in columns
- Next by Date: can't get SELECT to work
- Previous by thread: Re: Relink question
- Next by thread: Re: Relink question
- Index(es):
Relevant Pages
|
Loading
