Relinking code and user-level security

  • Thread starter Thread starter BruceM
  • Start date Start date
B

BruceM

I have a split database with user-level security. I am using code to
refresh the links to the back end tables. Since I am not offering users the
option of navigating to the correct file to reset the links if there is a
problem (the users cannot be counted on to do this), I am using a simpler
version of the code than was at the MVP site. It is in a standard module,
and is as follows (error handling is somewhat simplified):

Public Function RelinkBE() As Boolean

On Error GoTo ReLinkBE_Error

Dim tdf As TableDef
Dim strMsg As String

RelinkBE = True

For Each tdf In CurrentDb.TableDefs
If Len(tdf.Connect) > 0 Then
tdf.RefreshLink
End If
Next tdf
Set tdf = Nothing

ReLinkBE_Exit:
On Error GoTo 0
Exit Function

ReLinkBE_Error:

Select Case Err.Number
Case 3011 'Bad Table Name
strMsg = "Table Not Found."
Case 3024 'File Name Not Found
strMsg = "Database File Name Not Found."
Case 3044 'Path Not found
strMsg = "Database Path Not Found."
Case Else
strMsg = "Error " & Err.Number & " (" & Err.Description & _
") in function ReLinkBE of Module mdlRelink"
End Select

MsgBox strMsg, vbExclamation, "Call Support"
RelinkBE = False

Resume ReLinkBE_Exit

End Function

The code is called in the startup form's Open event. It seems to work as
intended to refresh the links, but it seems that it requires all users to
have full permissions (except Administer) to tables and queries. If a
(test) user is a member of a group that does not have these permissions,
Access throws error message 3033 (You do not have the necessary permissions
to use the "tblMain" object....). The message originates from the ReLinkBE
function.
I would guess the act of refreshing the links involves breaking and
restoring them. To Access, breaking the links before refreshing them is
probably interpreted as deleting the tables, thus full permissions are
needed. This seems to defeat much of the purpose of user level security
(although I have some FE code that restricts permission to the person who
created the record).
Does anybody know what's up here?
 
The permissions required for the link definitions
are seperate to the permissions required on the back
end tables.

You need read-data permissions on the back end
tables.

You need create-delete permissions for new tables
(and the old tabledefs) in the front end database.

The exact details have changed with different
versions of Access: probably best to create
new copies of the FE, BE and MDW if you have
changed versions.

Access.security is a good place to ask this
kind of question: I don't think .multiuser
is relevant.

(david)
 
Thanks for the reply. I realized after reading your posting that the table
defs in the FE do not need to be treated like the tables themselves. I have
now restricted the permissions to the BE tables, which will overrule weaker
permissions in the FE, while allowing the FE the functionality it needs.

BTW, I took the unusual (for me) step of cross-posting, since I didn't know
in which group to ask the question.
 
Back
Top