Re: Query Security

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: TC (no_at_email.here)
Date: 05/04/04 

Date: Tue, 4 May 2004 15:59:58 +0930

"Jeff Conrad" <jeffc@ernstbrothers.com> wrote in message
news:7f9401c4319c$06d61890$a001280a@phx.gbl...
> >> WITH OWNER ACCESS OPTION is only relevant when one user
> >> (say 'A') runs a query that is owned by some >other<
> >> user 'B'. But, when a user runs code that creates a
> >> query, that query is owned by the user who ran that
> >> code.
> >>
> >> So, WITH OWNER ACCESS OPTION is irrelevant (and has no
> >> affect) for queries that are created programatically.
> >
> >Unless, of course, a high-permission user runs the code
> >that creates the query, then low-permission users are
> >allowed to log-in and run that query afterwards. But that
> >is not what you're suggesting here - >each user<
> >dynamically creating, then deleting the query.
>
> TC,
>
> Pure curiosity here (serious):
>
> What would happen if you created a temporary workspace of
> a "high-permissions" user, created the query in code with
> the Owner Access Option while in that workspace, saved the
> query, and then closed the temporary workspace? Would
> any "low-level" user be able to run this query? Would that
> query show in the Permissions area to be owned by
> the "high-level" user?

Hi Jeff

That is a very interesting question. I don't know the answer off the top of
my head. I do remember trying to programatically create a new database that
was owned by a user other-than the user running the code in question. I
don't remember the details of how I went about this - but it would cerainly
have involved creating a temporary workspace for the "other" user. I think
that I got mixed results: some of the objects in the new database were owned
by the expected "other" user, but some of them weren't.

The question really is, if you create a query off a workspace established
for some other user, is the new query owned by that other user, or is it
owned by the user actually running the code? The ownership of the query
would be established at the time that Jet created it. There is no way (IMO)
that closing the temporary workspace would change the query ownership.

Jeff, I'll definitely follow this up & post back to this thread in due
course. However, that might not be for a few days, because I just delivered
my only working PC to a local firm called "Doctor PC", for emergency
surgery! (I'm posting from an internet cafe PC that doesn't have Access.)

Cheers,
TC
(off for the day)

Relevant Pages

  • Re: Query Security
    ... >> the Owner Access Option while in that workspace, ... and then closed the temporary workspace? ... >> query show in the Permissions area to be owned by ... > that closing the temporary workspace would change the query ownership. ...
    (microsoft.public.access.security)
  • Re: Query Security
    ... >> WITH OWNER ACCESS OPTION is only relevant when one user ... >> query, that query is owned by the user who ran that ... >Unless, of course, a high-permission user runs the code ... and then closed the temporary workspace? ...
    (microsoft.public.access.security)
  • Re: Enter MULTIPLE Items in a Query (e.g. [Name:] ??
    ... >The user running the query will be prompted for first names. ... Here's the SQL view of that query. ... The field that is being querried on is "route" ... the chance of entry errors will hopefully be ...
    (microsoft.public.access.queries)
  • ENTER MULTIPLE Items in a Query Pop-Up PROMPT e.g. [Name:]
    ... >The user running the query will be prompted for first names. ... Here's the SQL view of that query. ... The field that is being querried on is "route" ... Seperating each by a comma will not be a problem. ...
    (microsoft.public.access.queries)
  • Select statement security
    ... My DB users are USR1 and USR2 ... ALL the rows if the user running the above query is USR1 ...
    (microsoft.public.sqlserver.security)