Any way that non-Admin group users can add like-kind users?

  • Thread starter Thread starter kiln
  • Start date Start date
K

kiln

Has anyone come up with a scheme that would allow "power user" type
logins to create like-kind and more restrictive user logins? IE, a power
user that can add and edit and delete in the db but has no ability to
create forms or view them in design mode would be allowed to create
other users like themselves, and perhaps "read only" users too. But they
wouldn't have real Admin group privs. As far as I can see, only a full
Admin group user can create manage and delete users and memberships. But
if so, it's pretty tough using the Access security stuff for an app that
is supposed to be run and managed by clients who are not supposed to
have access to the app IP.
 
Has anyone come up with a scheme that would allow "power user" type
logins to create like-kind and more restrictive user logins? IE, a power
user that can add and edit and delete in the db but has no ability to
create forms or view them in design mode would be allowed to create
other users like themselves, and perhaps "read only" users too. But they
wouldn't have real Admin group privs. As far as I can see, only a full
Admin group user can create manage and delete users and memberships. But
if so, it's pretty tough using the Access security stuff for an app that
is supposed to be run and managed by clients who are not supposed to
have access to the app IP.
Click to expand...
Ah, looks like item 33 in the Security FAQ is in the ballpark; I'd
forgotten about it.
 
I actually had trouble getting this to work, and I'd be
interested to hear from someone else.

I found that I could move users IN and OUT of groups,
but had trouble CHANGING PERMISSIONS on a person or
group, to allow them to CHANGE PERMISSON on a person
or group.

That is, my administrator in the distribution workgroup
couldn't create new administrators.

So I did it by creating an admin GROUP, which I could move
people in and out of: I didn't have to change permissions at
all.

Which I guess is as it should be anyway.

I don't know if this is generally true, or if I just
got something wrong along the way.

(david)
 
Back
Top