Re: Basing Object Permissions on Ownership
- From: "Brian Smith" <dcg_brian@xxxxxxxxxxx>
- Date: Tue, 1 Nov 2005 13:29:50 -0700
"Tom Stoddard" <tomshome@xxxxxxxxxx> wrote in message
news:%23ThysSd3FHA.472@xxxxxxxxxxxxxxxxxxxxxxx
>
> > I'm creating a database where I'd like to prevent users from making any
> > design changes, etc. to objects that I've created but at the same time I
> > want them to be able to create their own objects. One problem I'm trying
> to
> > overcome is how to handle situations where I want to be able to send
them
> > new objects I've created without them inheriting all of the permissions
> I've
> > assigned to New Objects. Is there a way of assigning permissions to
> > individual objects based on ownership of the object through VBA or some
> > other method? Hopefully what I'm trying to do is clear. I should also
> point
> > out that the security is working on the objects I've created in the past
> so
> > that is not an issue.
>
> I believe that a user can create their own objects regardless of what
> permissions they have on new objects. If your user creates a new object
then
> they will be the owner of that object and they will be able to do whatever
> they want to do with that object. As long as they don't have modify design
> permissions on new objects then they won't be able to change the design of
> objects which you create and add to the database (or objects created by
> anyone else for that matter) but they will still be able to create their
own
> objects.
After spending many hours testing out various permissions I discovered the
same thing. It would be nice if this was explained more clearly in the help
files. Maybe I'm an idiot but to me giving no permissions on <New Object>
would seem to imply that users in that group do not have the ability to
create objects of that type.
This is really the first time I've ever used Access's security model and
there are clearly a lot of things I don't fully understand. One of them is
why does the model not include the ability to stop users from creating
objects of a given type. It seems like you have to go to a lot of trouble to
prevent users from creating their own objects and this shouldn't be the
case. Or am I missing something in Microsoft's logic when they setup up the
security model?
> For example, if a user has read design permissions on new queries but does
> not have modify design permissions then they would be able to open and
view
> a query which you created but they wouldn't be able to modify the design
of
> the query or to delete the query. They would, however, be able to create
> their own queries and do whatever they want to those queries because they
> would be the owner of those queries which would give them inherent
> permissions to those queries.
>
> I'm not suggesting that it's a good idea to let users create their own
> objects but if you have no choice, this would do what you want.
Based on other people's suggestions I think I've decided on a route to take
except for in one case. I'm going to start a new thread for that though so
it doesn't got lost in this one.
Brian
.
- Follow-Ups:
- Prev by Date: Re: security with system.mdw
- Next by Date: Creating Object and Setting Permissions for it Through Code--Is it possible?
- Previous by thread: How can I find the user id in a mdw file
- Next by thread: Re: Basing Object Permissions on Ownership
- Index(es):
Relevant Pages
|
