Setting User Permissions for an Object

With ADOX, you set permissions on an object by using the SetPermissions method. User-level security can be easier to manage if you set permissions only for groups, and then assign users to the appropriate groups. Recall that permissions set for the group are automatically inherited by all users in that group. The SetPermissions method, which can be used for setting both user and group permissions, has the following syntax:

GroupOrUser.SetPermissions(Name, ObjectType, Action, Rights[, Inherit] [,ObjectTypeID])

■ Name — The name of the object to set permissions on.

ObjectType — The type of object the permissions are set for. (See Figure 17-17 for the names of the ADOX built-in constants that can be used to specify the Type parameter.)

Action — The type of action to perform when setting permissions. Use the adAccessSet constant for Microsoft Access databases to specify that the group of users will have exactly the requested permissions. Rights —A Long value containing a bitmask indicating the permissions to set. The Rights argument can consist of a single permissions constant or several constants combined by using the OR operator. See Figure 17-18 for the names of the ADOX built-in constants that can be used in the Rights argument to specify the type of permissions to set.

^^ Note: A bitmask is a numeric value intended for a bit-by-bit value comparison with other numeric values, usually to flag options in parameters or return values. In Visual Basic, this comparison is done with bitwise logical operators, such as AND and OR. The ADOX GetPermissions and SetPermissions methods use the bitwise logical operator OR to retrieve the bitmask for the existing permissions and to add new permissions to the bitmask.

The example procedure in Hands-On 17-10 grants a user the permission to read (adRightRead), insert (adRightInsert), update (adRightUpdate), and delete (adRightDelete) records.

Creating and Manipulating Databases with ADO

The last two arguments (those in square brackets) are optional:

Inherit — A Long value that specifies how objects will inherit these permissions. The default value is adInheritNone. ObjectTypeId — A Variant value that specifies the GUID (global unique identifier) for a provider object type not defined by OLE DB. This parameter is required if ObjectType is set to adPermObjProvi-derSpecific (which is used for setting permissions for forms, reports, and macros); otherwise, it is not used.

Table 17-2: GUIDsfor provider objects

Object

GUID

Form

{c49c842e-9dcb-11d1-9f0a-00c04fc2c2e0}

Report

{c49c8430-9dcb-11d1-9f0a-00c04fc2c2e0}

Macro

{c49c842f-9dcb-11d1-9f0a-00c04fc2c2e0}

Classes

Members of 'RightsEnum*

fifi Procedures

-

a

adRighlCreate

¿SJ Properties

s

adRightDeiete

Jj$l Property

[=»

adRlgfilDrop

0 Table

adRlghlExtlusive

Tables

Q

adRighlExecute

0 User

Lit

adRighlFull

0 users

Ci)

adRlgbllnserl

View

0

a d Ri gtilMaximum Ailowe d

© Views

Q

adRightNone

ii?> AclionEnurn

Lit

adRlgfilRead

¿P AilowNuilsEnom

adRlgJilReadDesigri

dP Column Attribute sEn

li)

a d Ri ghlReadPe rmis s ions

DataTypeEnum

GD

adRighîReference

inherltTypeEnum

Lit

adRlgfiiUpdate

■JP KeyTypeEnum

lit

adRlgtifWilhOrant

>ip ObjeciTypeEnum

Q

adRighWVriteOesign

L=J

adRigfiWVriteOwrier

iiP RuieEnum

©

a d Ri gtuwritePerm issl one

■iP SortOrderEnum

v

Figure 17-18: In ADOX, you can use a great many security constants for setting permissions to database objects.

Figure 17-18: In ADOX, you can use a great many security constants for setting permissions to database objects.

(( Hands-On 17-10: Setting User Permissions for an Object

1. Insert a new module and, in the module's Code window, enter the Set_UserObjectPermissions procedure as shown below.

Sub Set_UserObjectPermissions() Dim conn As ADODB.Connection Dim cat As ADOX.Catalog Dim strDB As String Dim strSysDb As String

On Error GoTo ErrorHandle strDB = "C:\BookProject\SpecialDb.mdb" strSysDb = "C:\BookProject\Security.mdw"

' Open connection to the database using ' the specified system database Set conn = New ADODB.Connection

Part II

With conn

.Provider = "Microsoft.Jet.OLEDB.4.0" .Properties("Jet OLEDB:System Database") = strSysDb .Properties("User ID") = "Developer" .Properties("Password") = "chapter17" .Open strDB End With

' Open the catalog Set cat = New ADOX.Catalog cat.ActiveConnection = conn ' add a user account cat.Users.Append "PowerUser", "star"

' Set permissions for PowerUser on the Customers table cat.Users("PowerUser").SetPerrrrissions "Customers", _ adPermObjTable, _ adAccessSet, _ adRightRead Or _ adRightlnsert Or _ adRightUpdate Or _ adRightDelete

MsgBox "Read, Insert, Update and Delete permissions " & vbCrLf & " were set on Customers table " & _ "for PowerUser." ExitHere:

Set cat = Nothing conn.Close Set conn = Nothing Exit Sub ErrorHandle:

If Err.Number = -2147467259 Then

MsgBox "PowerUser user already exists." Resume Next

Else

MsgBox Err.Description Resume ExitHere End If End Sub

User arid Group Permissions

PamissiorB Change Owner

User/Group Name:

List: ® Users O Groups Permissions

I_I Open/Run

PI Read Design

□ Modify Design

□ Administer

Current User: Developer

Object Name:

PamissiorB Change Owner

User/Group Name:

Object Name:

Admin

<New Tables/Queries> a

Developer

Category

Employees

Order Details

Orders

Products

List: ® Users O Groups Permissions

I_I Open/Run

PI Read Design

□ Modify Design

□ Administer

Object Type: j

Table

E Read Data 0 Update Data 0 Insert Data B Delete Data

Object Type: j

Table

E Read Data 0 Update Data 0 Insert Data B Delete Data

Figure 17-19: The settings in the User and Group Permissions window for the SpecialDb database were set by the Set_ UserObjectPermissions procedure in Hands-On 17-10.

Creating and Manipulating Databases with ADO

0 0

Post a comment