Reading Permissions

As mentioned earlier, object permissions are stored in two main places: the Permissions property of Document objects, and the Permissions property of Container objects, the latter being where the permissions for future objects is defined. But before you get too carried away with this new found knowledge, you might be interested to know that object permissions are stored in a Long Integer bit field. To get at individual permissions, you need to perform a bitwise operation, which is not very difficult.

To determine the permissions that the current user has to Table1, for example, just read the Permissions property of its Document object.

Debug.Print dbs.Containers("Tables").Documents("Table1").Permissions

You should be aware that the Permissions property only returns explicit permissions, which are those that are explicitly defined for that particular user. Implicit permissions, which are returned by the AllPermissions property, are the sum of all the permissions the user has, whether explicitly granted, or the ones they inherited by virtue of their membership of one or more groups.

For example, let us suppose that Fred Nurk belongs to a group called Data Entry, and the Data Entry group has dbSecInsertData and dbSecReplaceData permissions to Table1, but that the administrator has explicitly granted him dbSecDeleteData permissions, but accidentally revoked his individual dbReplaceData permissions to the same table. Fred's total permissions are the sum of all permissions—dbSecInsertData + dbSecDeleteData.

To determine if the current user has particular permissions to an object, you must explicitly test for those permissions. The following example demonstrates this:

Public Function HasDeletePermissons( _

strTableName As String, Optional strUser As String) As Boolean 'Checks if the current user has Delete 'permissions to a specific table Dim dbs As Database Dim doc As DAO.Document

Set dbs = CurrentDb

'Set a reference to the table's Document

Set doc = dbs.Containers!Tables.Documents(strTableName)

'Specify the user

If strUser <> "" Then doc.UserName = strUser

'Test for explicit permissions only HasDeletePermissons = _

((doc.Permissions And dbSecDeleteData) = dbSecDeleteData)

'To test for implicit permissions, 'uncomment the following line 'HasDeletePermissons = _

((doc.AllPermissions And dbSecDeleteData) = dbSecDeleteData)

Set doc = Nothing Set dbs = Nothing End Function

The more observant reader might have noticed that you can, in fact, specify the user name. The default setting for the Document object's UserName property is that of the current user, but if you set the UserName property prior to reading the Permissions property, you can check the permissions for any user or group in the workgroup.

The following code shows how to determine the exact object permissions for a specific user or group:

Public Sub WhichPermissions( _

strTableName As String, Optional strUser As String) 'Determines the specific permissions a 'specific user has to a specific table Dim dbs As Database Dim doc As DAO.Document Dim lngPermission As Long

Set dbs = CurrentDb

'Set a reference to the table's Document

Set doc = dbs.Containers!Tables.Documents(strTable)

'Specify the user

If strUser <> "" Then doc.UserName = strUser

'Retrieve the permissions lngPermission = doc.AllPermissions

'Determine the user's implicit permissions Debug.Print "Permissions granted to " & _

strUser & " for " & strTable If ((doc.AllPermissions And dbSecNoAccess) = _ dbSecNoAccess) Then Debug.Print vbTab & "dbSecNoAccess" End If

If ((doc.AllPermissions And dbSecFullAccess) = _ dbSecFullAccess) Then Debug.Print vbTab & "dbSecFullAccess" End If

If ((doc.AllPermissions And dbSecDelete) = _ dbSecDelete) Then Debug.Print vbTab & "dbSecDelete" End If

If ((doc.AllPermissions And dbSecReadSec) = _ dbSecReadSec) Then Debug.Print vbTab & "dbSecReadSec" End If

If ((doc.AllPermissions And dbSecWriteSec) = _ dbSecWriteSec) Then Debug.Print vbTab & "dbSecWriteSec" End If

If

((doc.AllPermissions

And dbSecWriteOwner) = _

dbSecWriteOwner)

Then

Debug.Print vbTab &

"dbSecWriteOwner"

End

If

Set

doc = Nothing

Set

dbs = Nothing

End Sub

So far, we've covered how to check the permissions for existing Jet and Access objects, but what about objects that will be created in the future? DAO provides a facility for this too. You can retrieve the default permissions that have been set for any new objects, by checking the Permissions property of the Document object's parent—the Container object.

Debug.

Print

dbs.

. Containers.

¡Tables.

. AllPermissions

Debug.

Print

dbs.

. Containers.

¡Tables.

.Permissions

Was this article helpful?

0 0

Post a comment