Re: limiting table access and RWOP queries

Hi John

John Welch (remove remove) wrote:
> Thanks for your reply TC-
> I'm confused though - what you said and what I notice seem to disagree.
> I'm trying to run this code:
>
> CurrentDb.Execute ("delete * from tblLocalCompanyCityLookup")

First, you shouldn't use currentdb() like that. You should always cache
its value in a variable:

dim db as database
set db = currentdb
db. ... whatever
set db = nothing

For supporting references, just google the groups on "currentdb cache
kaplan" without the quotes.

Second, your code is not executing a stored query. RWOP is only useful
with stored queries. Queries that are executed through code, like the
one in your example, are /always/ executed with the permissions of the
user who is running the code. In that regard, /all/ such queries are
effectively RWOP queries. You can include the "WITH OWNERACCESS OPTION"
phrase, or not, as you please, & it will make no difference to a query
that is executed through code.



> The table tblLocalCompanyCityLookup has no permissions for members of the
> users group.
> If I log in as the owner of the table, the query executes.
> If I log in as a 'user', it says I don't have permissions on the table.

As expected! The owner of an object always has (or can regain) full
access to that object. And if the 'user' in question does not have
access to the table, either directly, or through his group membership,
then: he will not get access to the table!

IOW the example you give is nothing to do with using owner-access
queries. An owner access query is only useful when (1) it is a stored
query, and (2) you carefully choose the /owner/ of the query - distinct
from the user /running/ the query.


> I said I was intimidated by the allowbypass code because in reading through
> the newsgroup archives, I've seen that people have had problems with
> ChangePropertyDdl and I don't really understand what it's doing - setting a
> property only an admin can change. ??

Yes - but don't use vague terms like "an admin"! If you set the 4th(?)
parameter of the CreaateProperty method to True, then, the only users
who can change the value of that property, are members of the Admins
group of the workgroup file which was in effect when the database was
first created.

HTH,
TC

.

Relevant Pages

  • msystables? / users saving their own queries?
    ... I want the users of this system to be able to save custom queries based on ... tables that they have permission to and run and save a query. ... MSysObjects -> owner is Engine ...
    (microsoft.public.access.security)
  • bottleneck problems
    ... apps and execute the queries, ... results are as expected, the smaller query comes back straight away, whereas ... When simultaneously executing both queries, ... the result is back as i would have expected - the request causing the ...
    (microsoft.public.dotnet.framework.remoting)
  • Re: Invalidate cache
    ... I run my queries on a machine that is doing nothing except executing my ... Before every query I execute ... The host machine is only executing VMware. ...
    (comp.databases.ingres)
  • Re: User has group permissions to object, but still denied access.
    ... When I look at the owner, it says that it is sysadm. ... I found that I was able to delete the queries, so I began looking for a way ... SQL text into a newly created Query with the same name) and found that every ... She's also unable to edit them when given explicit full ...
    (microsoft.public.access.security)
  • web client disconnects from SQL Server - IIS timing out?
    ... I am having a problem executing long running queries from an ASP application ... continue beyond the first query if it takes a while to run. ... connection to SQL Server is just dropped for some reason. ...
    (microsoft.public.inetserver.asp.db)