Security--permissions not working properly

Re: Security--permissions not working properly

"Janross" <janross@aol.co m> wrote in message
news:2004021615 2827.25740.0000 1670@mb-m23.aol.com...[color=blue]
> I'm having trouble with security on an A97 database.
>
> First, yes I've read the white paper several times, followed all the
> directions, and got security established correctly (or so I thought).[/color]
There[color=blue]
> are two problems, however.
>
> One just occurred in the past couple of days. I added a new feature to a[/color]
form,[color=blue]
> which is a button that pops up a new form showing some summary data. The[/color]
popup[color=blue]
> form has a query as its recordsource, and the run permissions on the query[/color]
are[color=blue]
> set to Owner. Yet when a user who has only limited permissions clicks the
> button, they get the error message 3112, no read permissions on the query[/color]
that[color=blue]
> drives the form.
>
> The other is recurring but not consistent. The main database[/color]
administrator[color=blue]
> (this is my client), who has admin permissions and thus should be able to[/color]
do[color=blue]
> everything, is occasionally thwarted in trying to do something because the
> system says she doesn't have the proper permissions to do it. If she[/color]
signs out[color=blue]
> and signs in again as me (I have the same permissions as she does but I'm[/color]
also[color=blue]
> the "owner" since I designed the db), she can do whatever she likes.[/color]
Frankly,[color=blue]
> this problem isn't as big as the first one because she can in fact always[/color]
just[color=blue]
> sign in again as me and do what she needs to do, but it's annoying[/color]
nonetheless.[color=blue]
>
> I don't know what to do about this. Seems like maybe security is[/color]
corrupted[color=blue]
> somehow? Is there a way to rebuild it? Other ways around these issues?
>
> TIA
>
> Jan
> Jan Stempel
> Stempel Consulting[/color]


Have you got any idea how long it would take you to re-set the security from
scratch? If it was a straight-forward set up, it might be under 5 minutes.
You could join the workgroup as yourself, create a new database and import
all the objects into the new one - so that the new one is unsecured. You
can now re-join the system.mdw and use a shortcut to open the database using
the other mdw file.
Start the workgroup administrator, and select a group, eg "Standard Users"
then highlight all the forms including new forms (use ctrl / shift keys to
select several forms at a time) and set Open / Run to true and the rest to
false. Then the same with Database, Tables, Reports, etc. That could take
30 seconds to set all permissions for one group. Now the next group
"Read-Only Users", etc, etc.
You may realise this already, but my point is simply to highlight the fact
that if (especially if you suspect something is wrong) then completely
re-setting security may be only take you as long as it took me to write
this.

Fletcher

Re: Security--permissions not working properly

>> I'm having trouble with security on an A97 database.[color=blue][color=green]
>>
>> First, yes I've read the white paper several times, followed all the
>> directions, and got security established correctly (or so I thought).[/color]
>There[color=green]
>> are two problems, however.
>>
>> One just occurred in the past couple of days. I added a new feature to a[/color]
>form,[color=green]
>> which is a button that pops up a new form showing some summary data. The[/color]
>popup[color=green]
>> form has a query as its recordsource, and the run permissions on the query[/color]
>are[color=green]
>> set to Owner. Yet when a user who has only limited permissions clicks the
>> button, they get the error message 3112, no read permissions on the query[/color]
>that[color=green]
>> drives the form.
>>
>> The other is recurring but not consistent. The main database[/color]
>administrato r[color=green]
>> (this is my client), who has admin permissions and thus should be able to[/color]
>do[color=green]
>> everything, is occasionally thwarted in trying to do something because the
>> system says she doesn't have the proper permissions to do it. If she[/color]
>signs out[color=green]
>> and signs in again as me (I have the same permissions as she does but I'm[/color]
>also[color=green]
>> the "owner" since I designed the db), she can do whatever she likes.[/color]
>Frankly,[color=green]
>> this problem isn't as big as the first one because she can in fact always[/color]
>just[color=green]
>> sign in again as me and do what she needs to do, but it's annoying[/color]
>nonetheless.[color=green]
>>
>> I don't know what to do about this. Seems like maybe security is[/color]
>corrupted[color=green]
>> somehow? Is there a way to rebuild it? Other ways around these issues?
>>
>> TIA
>>
>> Jan
>> Jan Stempel
>> Stempel Consulting[/color]
>
>
>Have you got any idea how long it would take you to re-set the security from
>scratch? If it was a straight-forward set up, it might be under 5 minutes.
>You could join the workgroup as yourself, create a new database and import
>all the objects into the new one - so that the new one is unsecured. You
>can now re-join the system.mdw and use a shortcut to open the database using
>the other mdw file.
>Start the workgroup administrator, and select a group, eg "Standard Users"
>then highlight all the forms including new forms (use ctrl / shift keys to
>select several forms at a time) and set Open / Run to true and the rest to
>false. Then the same with Database, Tables, Reports, etc. That could take
>30 seconds to set all permissions for one group. Now the next group
>"Read-Only Users", etc, etc.[/color]


Thanks. I thought that might be the solution, just didn't know exactly how to
do it once security is established. I'll give it a try (won't be for a couple
of days though as I have to go out of town for a different client tomorrow,
then play catch-up). Will write again if it doesn't work.

Jan
Jan Stempel
Stempel Consulting

Re: Security--permissions not working properly

Janross (janross@aol.co m) wrote:
<snip>
: I'll give it a
: try (won't be for a couple of days though as I have to go out of town
: for a different client tomorrow, then play catch-up). Will write
: again if it doesn't work.
:
: Jan
: Jan Stempel
: Stempel Consulting

I'll be curious to see any solutions -- I'm running into the same issue,
even on queries/tables where I'm the owner (no delete permissions on...
messages).
--
Please remove the under_scores if sending me mail.

Re: Security--permissions not working properly

janross@aol.com (Janross) wrote:
[color=blue]
> One just occurred in the past couple of days. I added a new feature to
> a form, which is a button that pops up a new form showing some summary
> data. The popup form has a query as its recordsource, and the run
> permissions on the query are set to Owner. Yet when a user who has
> only limited permissions clicks the button, they get the error message
> 3112, no read permissions on the query that drives the form.[/color]

Even if the query is set to Owner Access, your users *still* need
permissions to read the query. Owner Access gives owner permissions to the
underlying table, not the query itself.

HTH - Keith.

Re: Security--permissions not working properly

janross@aol.com (Janross) wrote:
[color=blue]
> The other is recurring but not consistent. The main database
> administrator (this is my client), who has admin permissions and thus
> should be able to do everything, is occasionally thwarted in trying to
> do something because the system says she doesn't have the proper
> permissions to do it. If she signs out and signs in again as me (I
> have the same permissions as she does but I'm also the "owner" since I
> designed the db), she can do whatever she likes. Frankly, this problem
> isn't as big as the first one because she can in fact always just sign
> in again as me and do what she needs to do, but it's annoying
> nonetheless.[/color]

I'm not sure, but this may be to do with who owns the objects. Try setting
ownership to the admin group and not a specific admin user.

Re: Security--permissions not working properly

Keith Wilby <keith.wilby@Aw ayWithYerCrap.c om> wrote in message > Even if the query is set to Owner Access, your users *still* need[color=blue]
> permissions to read the query. Owner Access gives owner permissions to the
> underlying table, not the query itself.
>
> HTH - Keith.
> www.keithwilby.org.uk[/color]

And for split databases, you need to have permissions for the table
LINKS and the tables on the backend. I was having a similar 'crazy'
problem until I realized that I hadn't reset the backend tables'
security settings!


Pete

Re: Security--permissions not working properly

pshappyman@zomb ieworld.com (Pete) wrote:
[color=blue]
> And for split databases, you need to have permissions for the table
> LINKS and the tables on the backend.[/color]

A fair comment in isolation, but in this context the whole point of the
Owner Access property is to give the ordinary user the same rights to the
data in your tables as the owner! It would be unusual, to say the least,
for the owner of a table to not have full permissions to the data by
default ...

Re: Security--permissions not working properly

Thanks to all for your help. In starting to do the fix that Fletcher suggested
(rebuild security) I discovered the cause of the first problem (where basic
users couldn't get to one popup form). Turns out when I set security in the
first place, I didn't give basic users read-write access to new queries, so
when I created a new form driven by a query, they didn't in fact have
permission for it! Stupid mistake, now fixed.

As for the other, more confusing problem, in which a user in the admins group
is periodically denied permission to do things, I'll have to pursue the rebuild
to see if that helps (I stopped the process since I solved the first more
pressing problem; save it for when I have more time). And since that problem
is so intermittent, it will take a while to figure out if it's fixed.

Thanks again.

Jan
Jan Stempel
Stempel Consulting