Group permissions set at startup?

  • Thread starter Thread starter Leif
  • Start date Start date
L

Leif

I've got VBA code that successful adds a group to a user
during database startup using Access 2000 Jet. I can see
the user is in the group from the User and Group
Accounts... dialog.

However, it appears the permissions from this group are
not given right away. The user must log-off first, then
back on, to get the group permissions. This defeats my
whole purpose, however, which is to set the user to the
correct group on startup, and to remove the group on
shutdown.

It does make some sense, I guess, that it works this way.
Users and Groups are in separate files from the
permissions and data.

I tried adding a .refresh to the user and group, but that
does not help. Is there any work around?

Thanks,
Leif
 
Leif said:
I've got VBA code that successful adds a group to a user
during database startup using Access 2000 Jet. I can see
the user is in the group from the User and Group
Accounts... dialog.

However, it appears the permissions from this group are
not given right away. The user must log-off first, then
back on, to get the group permissions. This defeats my
whole purpose, however, which is to set the user to the
correct group on startup, and to remove the group on
shutdown.

It does make some sense, I guess, that it works this way.
Users and Groups are in separate files from the
permissions and data.

I tried adding a .refresh to the user and group, but that
does not help. Is there any work around?
Click to expand...


I suspect (but am not 100% sure) that if you change the permissions of
the *current user*, that change will not take effect until the user
has logged-off, then logged back on again. This because the logged-on
user's permissions are stored in an internal memory structure for the
duration of their session. The content of that structure is determine
at log-on time. It is possibly not refreshed thereafter, for the
duration of that session.

Thus, you can add the user to the group - and see that change appear
in the relevant collections - but change won't actually take effect
until the user logs back in - thereby reconstructing the in-memory
structure.

TC
 
Hi TC,

I agree. However, I think it goes even farther. I my
experience if I'm connected to a database as Admins, and
another user is connected not as Admins, and I add the
user to a group, that user must first log off Access and
back on to get the permissions of that new group. So,
I'm starting to conclude that group level permissions are
set at login to the database, for everyone, not just the
*current user*.

However, if your talking about individual permissions,
such as to a table or form, that seems to be more
dynamic. If duing login, in an autoexec procedure, the
individual access to db objects (i.e., tables) can be
changed, *In that session*, by connecting in VBA via an
Admins user and making the change.

Anyone elses experience different?

Leif
 
Leif said:
Hi TC,

I agree. However, I think it goes even farther. I my
experience if I'm connected to a database as Admins, and
another user is connected not as Admins, and I add the
user to a group, that user must first log off Access and
back on to get the permissions of that new group. So,
I'm starting to conclude that group level permissions are
set at login to the database, for everyone, not just the
*current user*.
Click to expand...

Yes. Thinking about it, if what I said was true, then, it would be
true for every user who logs-in to the database.

However, if your talking about individual permissions,
such as to a table or form, that seems to be more
dynamic. If duing login, in an autoexec procedure, the
individual access to db objects (i.e., tables) can be
changed, *In that session*, by connecting in VBA via an
Admins user and making the change.
Click to expand...

Interesting! This would be worthy of further investigation.
 
Hi TC,

If you are interested in the dynamic assignment of table
(or other DB objects) permissions download the file
SECFAQ.DOC from MSDN. It has procedures to do that. I
implemented them, and they work. I was just hoping to
simplify my code by dynamically assigning rights to users
using groups instead of individuals tables. However, it
looks like even though you can assign the groups, the
permissions associated with those groups are not dynamic.

Regards,
Leif
 
Back
Top