Managing Permissions

Permission is what your parents denied you when you wanted to eat chocolates all day. In my house, permission to eat chocolates was granted only under certain conditions.

The notion of permission is the same in computer systems, except that computers don't keep chocolates in a cupboard; they keep objects and data, to which many would like access.

Computer systems grant or deny access to objects and data, based on the rights that users or groups of users, are granted by the system administrator. Further, specific users can be granted or denied special access in addition to the rights of the group to which they belong. This is like your mother ruling that all children under the age of 10 are permitted to snack on the fruit biscuits in the cupboard, but not the chocolates. The exception being that little Johnny (age 8) may also eat any chocolate he wants, but only from the red box (laxatives).

In Access, user and group permissions are defined in two places: Permissions relating to individual objects are stored in the Permissions property of Document objects. Permissions for future objects are stored in the Permissions property of Container objects.

Depending on the specific object, different permissions can be granted. The following tables list those permissions, and the constants that define them.

Object

Permission Constant

Value

Description

Container

DbSecNoAccess

0

No access to the object

DbSecFullAccess

1048575

Full access to the object

DbSecDelete

65536

Can delete the object

DbSecReadSec

131072

Can read the object's security information

DbSecWriteSec

262144

Can change the object's security

information

DbSecWriteOwner

524288

Can change the ownership of the object

Table

DbSecCreate

1

Can create new Document objects (valid

only with a Container object)

DbSecReadDef

4

Can read the table definition

DbSecWriteDef

65548

Can modify or change the table definition

DbSecRetrieveData

20

Can retrieve data from the Document

object

DbSecInsertData

32

Can add records

DbSecReplaceData

64

Can modify records

DbSecDeleteData

128

Can delete records

Database

dbSecDBAdmin

8

Assigns admin rights—can create

replicas, change the database password,

and set startup properties

dbSecDBCreate

1

Can create new databases (valid only on

the Databases container object in the

Workgroup Information File

dbSecDBExclusive

4

Can open the database exclusively

DbSecDBOpen

2

Can open the database

Macro

AcSecMacExecute

8

Can run the macro

AcSecMacReadDef

10

Can read the macro's definition

AcSecMacWriteDef

65542

Can modify the macro's definition

acSecFrmRptExecute

256

Can open the form or report

acSecFrmRptReadDef

4

Can read the form's or report's definition

and its module

acSecFrmRptWriteDef

65548

Can modify the form's or report's

definition and its module

0 0

Post a comment