Admin user rights

  • Thread starter Thread starter tw
  • Start date Start date
T

tw

Please don't think I'm in the dark here... even though I may be, but I've
seen multiple posts that the admin group should have no permission once
usl is set up. I'm just wondering why. Shouldn't you have users log in
under their user password when they are just doing regular data entry or
whatever there job entails... with no users having administrator rights,
but when a case comes up when someone needs administrator rights, then
they could log in as ... guess what would seem appropriate... the admin
user. Why shouldn't the admin user have any rights? If the usl is set up
appropriately, why couldn't the admin (with a password) have admin rights?
 
tw said:
Please don't think I'm in the dark here... even though I may be, but
I've seen multiple posts that the admin group should have no
permission once usl is set up.
Click to expand...

No you haven't seen that. Your subject line says Admin user, but your
statement refers to admin group. The Admin User and the Users Group should
have no permission to anything (unless you want everyone to have
permissions) nor own anything. The Admins Group can have permissions to
objects and usually does. The person who is a member of this group is
likely the owner of all objects.
I'm just wondering why. Shouldn't
you have users log in under their user password when they are just
doing regular data entry or whatever there job entails... with no
users having administrator rights, but when a case comes up when
someone needs administrator rights, then they could log in as ...
guess what would seem appropriate... the admin user. Why shouldn't
the admin user have any rights? If the usl is set up appropriately,
why couldn't the admin (with a password) have admin rights?
Click to expand...

Because the admin user is common to all workgroup files. If you give the
Admin user permission, then anyone in the world with Access has the same
Admin user in their workgroup file, and therefore would have those
permissions. The Admins Group however is not common to every workgroup
file.
 
This is because they could then use their default workgroup (which will sign
them in as ADMIN) and they would have full access. In other words, you
would only be locking out people on your computer. You would be leaving a
HUGE back door open.

Rick B
 
Thanks
Wouldn't it make more sense for Access not to name a user admin then... I
guess that is for discussion elsewhere.
 
The default name "Admin" is terrible IMO. It implies that this user
always has administrative priviliges. That is true initially, but not
once the database has been secured. What sense is an "admin" user with
no administrative priviliges? No wonder people get confused. Better to
have called him Default, or Guest, or somesuch, IMO.

TC
 
Back
Top