Re: rwop

RWOP

Run With Owner Permissions



This means run the query as though the query owner was running it.



It allows you to remove all permissions for users on the tables.



Now if you create a query against those tables, the user won't be able to
run that query, because they don't have any permissions on the underlying
tables.



By putting WITH OWNERACCESS (making it RWOP) on the query, you are saying
'allow the user to run this query as though I, the owner of the query, am
running it'.



The owner of a query most often has full permission on the tables, so this
allows the user to run the query.



RWOP doesn't automatically mean that the user has all the permissions that
the query owner does. You still need to assign appropriate permissions on
the *query* in order for the user to run it. So you could assign read data
permissions on the query, and they'll only be able to read data, even though
the owner has full permissions on the underlying table(s).



Furthermore, if the query owner has only read data permissions on the
underlying tables, they can't assign update/insert/delete permissions on the
query and expect that to succeed. The user running the query will still be
restricted by the owner's permissions on the underlying queries.


Does that help?

--
Joan Wild
Microsoft Access MVP

hireagenius via AccessMonster.com wrote:
Hi again Heros,
I have reviewed the threads on RWOP queries, and that section in
Microsoft Security FAQ - I have gathered enough information about it
to know that I need a comprehensive understanding, an overview of
RWOP.

Is it appropriate for me to ask on this Discussion Group
for recommendations on books or any other publications on rwop
queries? If not, please forgive.

If so -

Please do so.

I have created a rwop on a secure database but I don't know which is
the cart and which is horse. If I knew more about rwop queries I
would better understand the sequence i should follow.

Thanks for any assistance.
CharlieHorse

--
Message posted via http://www.accessmonster.com


.

Relevant Pages

  • Re: RWOP query with parameters
    ... such a query is only designed to be run with the referenced form ... an RWOP via code then you stand the danger of altering the "owner". ... You could have a basic RWOP stored of course, ... If you write a SQL statement in the Recordsource and save ...
    (microsoft.public.access.security)
  • Re: rwop
    ... Your clarification of rwop does help me think through the process, ... If my query doesn't ... users from entering data, but no, they will have owner's permissions. ... permissions of the owner. ...
    (microsoft.public.access.security)
  • Re: Security without signon
    ... I have never had to give the query owner explicit permissions on the tables. ... Your super user should not need to inherit any permissions from any group, ...
    (microsoft.public.access.security)
  • Re: Security without signon
    ... > When you are using a workgroup file in which the owner of the RWOP ... > query /does/ exist, the query would also have the permissions of all ... For example, the RWOP ... The query would only have permissions for the BlahBlah group, ...
    (microsoft.public.access.security)
  • Re: Secured Temp database
    ... > 1) I thought that the word "Owner" in RWOP meant the owner of the backend ... > tables not the front-end query. ... workgroup files, remember that a user /can/ be a member of several ...
    (microsoft.public.access.security)