One User in Several Groups?

  • Thread starter Thread starter croy
  • Start date Start date
C

croy

This is sounding like a dumb question, but is there any
reason why a user should, or shouldn't be in more than one
custom group.

It seems like a dumb question because even someone in the
admins group is also in the users group, and they can't be
removed from the users group.

But I've also read about permissions being an accumulation
of the least permissions (my wording is poor).

Is there any reason why someone assigned to the admins group
should, or shouldn't also be in a lesser-priviledged group
(besides User).
 
A user can certainly be in more than one group. Every user must be a member of the Users Group - something that is sometimes overlooked when programmatically creating users.

If a user is a member of more than one group, they will have the permissions of the group with the most permissions (my wording ain't so great either). If you put someone in a 'read only' group, and also put them in a group that can delete records, then they'll be able to delete.

Since the Admins group most often has full permissions to everything, there is little point in putting them in a lesser-privileged group. They'll still have the permissions of the Admins group.

There is no right or wrong about it; it just depends on your needs. You might have two groups
enter data
run reports

It's quite possible that a user would be in one or the other or both groups.

Alternatively, you might set up your groups so that they build on the permissions of a lesser group.
read only, run reports
enter/edit data, and the previous
delete data, and all the previous
full administration
 
But I've also read about permissions being an accumulation
of the least permissions (my wording is poor).
Click to expand...

Permissions are an accumulation of the maximum permissions,
not the least permissions.

So the more groups you are in, the more permissions you can have.

But it is more common to have each group more powerful than
the last group, so you only have to be member of one group.

Equal but different groups are used when you give different
groups access to different data. The Access user security
model does not directly support record-level security, so
multiple-membership of equal-but-different groups is not often
used in Access.

(david)
 
This is sounding like a dumb question, but is there any
reason why a user should, or shouldn't be in more than one
custom group.

It seems like a dumb question because even someone in the
admins group is also in the users group, and they can't be
removed from the users group.

But I've also read about permissions being an accumulation
of the least permissions (my wording is poor).

Is there any reason why someone assigned to the admins group
should, or shouldn't also be in a lesser-priviledged group
(besides User).
Click to expand...


Many thanks for the good info from Joan and David. I now
realize the stickiness was coming from code behind the form
that was trying to update tables directly (without going
thru an "owner's permissions" query. Oh, those little
changes!
 
Back
Top