Results 1 to 5 of 5
  1. #1
    5 Star Lounger
    Join Date
    Mar 2001
    Posts
    989
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Permissions for different objects (2002)

    When securing a database and setting permissions, how do the different objects 'co-ordinate' together? How would you plan this? For example, if a user is given permission to read but not edit a table but then given permission to read and edit a query based on this table, how do this two options work together?

    Thanks, Andy.

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Permissions for different objects (2002)

    If a user belongs to different groups, the least restrictive permissions are applied to an object. Example: User1 is a member of GroupA and GroupB. GroupA can edit and add records in Table1, GroupB can edit and delete records in Table1. User1 can edit, add AND delete records in Table1.

    The most restrictive permissions on a query and on the underlying tables are applied. Example: User1 can (based on group memberships etc.) add and edit records in Query1, and only edit records in the underlying Table1. User1 can effectively only edit records, not add records, because (s)he lacks permission to add records in the table.
    However, queries have a Run Permissions property. By default, this is set to User's, i.e. the user's permissions determine what the user may do. If it is set to Owner's, the user runs the query as if (s)he were logged in as the owner of the query. You could take away ALL permissions to the table, and only give the user permissions on the query. Since the query runs with the Owner's permission, the user can view and edit records as set for the owner.

    See the Access Security FAQ.

  3. #3
    Gold Lounger
    Join Date
    Feb 2004
    Location
    Cape Town, RSA
    Posts
    3,444
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Permissions for different objects (2002)

    <hr>if a user is given permission to read but not edit a table but then given permission to read and edit a query based on this table, how do this two options work together?<hr>
    That will not happen as the security (read and edit) is bound to the data! If the person cannot edit the data in the table, he will automatically not be able to edit the data in the query, as the query reflects the tables data.

    It is generally up to the administrator to plan and design the security before changes are made. One way to co-ordinate security effectively is to set up user groups and then assign security to the groups. (Never to induviduals) That becomes a nightmare to manage!!!
    Regards,
    Rudi

  4. #4
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Permissions for different objects (2002)

    That is not true if the query is run with owner's permissions. Those override the individual user permissions.
    Charlotte

  5. #5
    Gold Lounger
    Join Date
    Feb 2004
    Location
    Cape Town, RSA
    Posts
    3,444
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Permissions for different objects (2002)

    I did not consider that....thanx for the correction Charlotte!
    Regards,
    Rudi

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •