By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,476 Members | 1,553 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,476 IT Pros & Developers. It's quick & easy.

who can add users and change passwords?

P: n/a
Jan
Hi:

I have created a secured database for a client. For various reasons, I
don't want the client to have full persmissions for the database; they
aren't in the admins group. I have instead tried to create a second
group, called "localAdmin," for the admin-type person at the client. I
want this group to be able to do some basic admin-type stuff, including
adding new users and clearing passwords if users forget theirs.

I can't seem to accomplish this, though. When signing on as someone in
the LocalAdmin group, if I try to go to Tools/Security/user & group
accounts, I get the error message about not having read permissions for the
msysUserlist table and msysGroupList table. If I try to add a user via
VBA code, I get error
3033--you don't have permissions for the Tables object (code is below
for your reference).

Dim wrkDefault As Workspace
Dim usrNew As User
Dim usrTemp As User

Set wrkDefault = DBEngine.Workspaces(0)

With wrkDefault
' Create and append new User.
Set usrNew = .CreateUser(Me!username)
usrNew.pid = Me!pid
.Users.Append usrNew------------------>it fails here
the code goes on

I tried giving the localAdmin group administer permissions for the
database (which I hate to do, frankly), but even that didn't work.

Is there no way to accomplish this?

TIA

Jan
Apr 21 '06 #1
Share this Question
Share on Google+
6 Replies


P: n/a

"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...
Hi:

I have created a secured database for a client. For various reasons, I
don't want the client to have full persmissions for the database; they
aren't in the admins group. I have instead tried to create a second
group, called "localAdmin," for the admin-type person at the client. I
want this group to be able to do some basic admin-type stuff, including
adding new users and clearing passwords if users forget theirs.

I can't seem to accomplish this, though. When signing on as someone in
the LocalAdmin group, if I try to go to Tools/Security/user & group
accounts, I get the error message about not having read permissions for
the
msysUserlist table and msysGroupList table. If I try to add a user via
VBA code, I get error
3033--you don't have permissions for the Tables object (code is below
for your reference).

Dim wrkDefault As Workspace
Dim usrNew As User
Dim usrTemp As User

Set wrkDefault = DBEngine.Workspaces(0)

With wrkDefault
' Create and append new User.
Set usrNew = .CreateUser(Me!username)
usrNew.pid = Me!pid
.Users.Append usrNew------------------>it fails here
the code goes on
I tried giving the localAdmin group administer permissions for the
database (which I hate to do, frankly), but even that didn't work.

Is there no way to accomplish this?

TIA

Jan



In order to add and delete users, you normally need to be a member of the
admins group. However, it would be possible for you to create a workspace
with the credentials of an Administrator programatically, so that a
non-admin person just presses a button and a new user is created. One way I
do this is to create an account with the name Automation, then I can create
the workspace:

Set wks = DBEngine.CreateWorkspace("Jet", "Automation", "MyPassword",
dbUseJet)

and do whatever from there. If your application is an mde, the code is
compiled and you don't need to worry about hard-coding the password as the
code is unreadable. If it is an mdb, there is the risk that someone could
read and extract the password. However, if someone knew enough to
understand the code and extract the password, they could break in anyway as
Access user-level security is broken (ie easily crackable) and unlikely to
be fixed.


Apr 21 '06 #2

P: n/a
Jan


Anthony England wrote:
"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...
Hi:

I have created a secured database for a client. For various
reasons, I don't want the client to have full persmissions for the
database; they aren't in the admins group. I have instead tried to
create a second group, called "localAdmin," for the admin-type
person at the client. I want this group to be able to do some basic
admin-type stuff, including adding new users and clearing passwords
if users forget theirs.

I can't seem to accomplish this, though. When signing on as
someone in the LocalAdmin group, if I try to go to
Tools/Security/user & group accounts, I get the error message about
not having read permissions for the msysUserlist table and
msysGroupList table. If I try to add a user via VBA code, I get
error 3033--you don't have permissions for the Tables object (code
is below for your reference).

Dim wrkDefault As Workspace Dim usrNew As User Dim usrTemp As User

Set wrkDefault = DBEngine.Workspaces(0)

With wrkDefault ' Create and append new User. Set usrNew =
.CreateUser(Me!username) usrNew.pid = Me!pid .Users.Append
usrNew------------------>it fails here the code goes on I tried
giving the localAdmin group administer permissions for the database
(which I hate to do, frankly), but even that didn't work.

Is there no way to accomplish this?

TIA

Jan


In order to add and delete users, you normally need to be a member of
the admins group. However, it would be possible for you to create a
workspace with the credentials of an Administrator programatically,
so that a non-admin person just presses a button and a new user is
created. One way I do this is to create an account with the name
Automation, then I can create the workspace:

Set wks = DBEngine.CreateWorkspace("Jet", "Automation", "MyPassword",
dbUseJet)

and do whatever from there. If your application is an mde, the code
is compiled and you don't need to worry about hard-coding the
password as the code is unreadable. If it is an mdb, there is the
risk that someone could read and extract the password. However, if
someone knew enough to understand the code and extract the password,
they could break in anyway as Access user-level security is broken
(ie easily crackable) and unlikely to be fixed.

Hi:

Thanks for the quick reply. Let me get this straight:

I need to create a user called "automation" in the admins group, give it
a password ("mypass"), and then in the code for creating a user, instead
of the
Set wrkDefault = DBEngine.Workspaces(0)
I would use
Set wrkDefault
=DBEngine.createWorkspaces("jet","automation","myp ass",dbusejet)
and then that would allow the non-admin user to add new users?

Please let me know if I've missed something.

Also, how would they clear passwords? I haven't been able to figure out
how to do that programmatically; the VBA way to do it seems to require
one to know the old password in order to change it to blank; but if the
user has forgotten their pass, you can't go that way. I had expected
the "localAdmin" folks to just go through the tools/security/user &
group accounts menus, but they can't do that unless they're in the
admins group. Any thoughts?

Jan
Apr 21 '06 #3

P: n/a

"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...


Anthony England wrote:
"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...
Hi:

I have created a secured database for a client. For various
reasons, I don't want the client to have full persmissions for the
database; they aren't in the admins group. I have instead tried to
create a second group, called "localAdmin," for the admin-type
person at the client. I want this group to be able to do some basic
admin-type stuff, including adding new users and clearing passwords
if users forget theirs.

I can't seem to accomplish this, though. When signing on as
someone in the LocalAdmin group, if I try to go to
Tools/Security/user & group accounts, I get the error message about
not having read permissions for the msysUserlist table and
msysGroupList table. If I try to add a user via VBA code, I get
error 3033--you don't have permissions for the Tables object (code
is below for your reference).

Dim wrkDefault As Workspace Dim usrNew As User Dim usrTemp As User

Set wrkDefault = DBEngine.Workspaces(0)

With wrkDefault ' Create and append new User. Set usrNew =
.CreateUser(Me!username) usrNew.pid = Me!pid .Users.Append
usrNew------------------>it fails here the code goes on I tried
giving the localAdmin group administer permissions for the database
(which I hate to do, frankly), but even that didn't work.

Is there no way to accomplish this?

TIA

Jan


In order to add and delete users, you normally need to be a member of
the admins group. However, it would be possible for you to create a
workspace with the credentials of an Administrator programatically,
so that a non-admin person just presses a button and a new user is
created. One way I do this is to create an account with the name
Automation, then I can create the workspace:

Set wks = DBEngine.CreateWorkspace("Jet", "Automation", "MyPassword",
dbUseJet)

and do whatever from there. If your application is an mde, the code
is compiled and you don't need to worry about hard-coding the
password as the code is unreadable. If it is an mdb, there is the
risk that someone could read and extract the password. However, if
someone knew enough to understand the code and extract the password,
they could break in anyway as Access user-level security is broken
(ie easily crackable) and unlikely to be fixed.

Hi:

Thanks for the quick reply. Let me get this straight:

I need to create a user called "automation" in the admins group, give it
a password ("mypass"), and then in the code for creating a user, instead
of the
Set wrkDefault = DBEngine.Workspaces(0)
I would use
Set wrkDefault
=DBEngine.createWorkspaces("jet","automation","myp ass",dbusejet)
and then that would allow the non-admin user to add new users?

Please let me know if I've missed something.

Also, how would they clear passwords? I haven't been able to figure out
how to do that programmatically; the VBA way to do it seems to require
one to know the old password in order to change it to blank; but if the
user has forgotten their pass, you can't go that way. I had expected
the "localAdmin" folks to just go through the tools/security/user &
group accounts menus, but they can't do that unless they're in the
admins group. Any thoughts?

Jan

That's basically it. Clearing password simply means that you set the
password to a zero-length string. As to providing the original password,
that is the point of programatically creating a new workspace as a member of
the admins group. If you are in the admins group, you don't need to know
the old password to change it to a new one.
In the example below, I use a blank string for the old password:
usr.NewPassword "", strNewPwd

but since the old password isn't even looked at, I could have written
either:
usr.NewPassword strNewPwd, strNewPwd
or
usr.NewPassword "AbsoluteNonsense", strNewPwd

However, it doesn't really help readability.


Public Function ResetPassword(strUserName As String, _
strNewPwd As String) As Boolean

On Error GoTo Err_Handler

Dim wks As DAO.Workspace
Dim usr As DAO.User

Set wks = DBEngine.CreateWorkspace("Jet", "Automation", _
"MyPassword", dbUseJet)

Set usr = wks.Users(strUserName)

usr.NewPassword "", strNewPwd

ResetPassword = True

Exit_Handler:

If Not usr Is Nothing Then
Set usr = Nothing
End If

If Not wks Is Nothing Then
wks.Close
Set wks = Nothing
End If

Exit Function

Err_Handler:

Select Case Err.Number

Case 3029 ' Invalid account or password - error with our secret account
MsgBox "Unable to change password", _
vbExclamation, "Password Error"

Case 3033 ' Account has insufficient permissions - error with our secret
account
MsgBox "Unable to change password", _
vbExclamation, "Password Error"

Case 3265 ' strUserName relates to a non-existant user
MsgBox "Cannot locate user: " & strUserName, _
vbExclamation, "Password Error"

Case Else
MsgBox Err.Description, vbExclamation, "Error No: " & Err.Number

End Select

Resume Exit_Handler

End Function
Apr 22 '06 #4

P: n/a
Jan
Thanks, Anthony. I'm going to try it (I hope I can squeeze in time
today but it might be tomorrow) and will let you know how it goes.

Jan

Anthony England wrote:
"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...

Anthony England wrote:
"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...
Hi:

I have created a secured database for a client. For various
reasons, I don't want the client to have full persmissions for
the database; they aren't in the admins group. I have instead
tried to create a second group, called "localAdmin," for the
admin-type person at the client. I want this group to be able
to do some basic admin-type stuff, including adding new users
and clearing passwords if users forget theirs.

I can't seem to accomplish this, though. When signing on as
someone in the LocalAdmin group, if I try to go to
Tools/Security/user & group accounts, I get the error message
about not having read permissions for the msysUserlist table
and msysGroupList table. If I try to add a user via VBA code,
I get error 3033--you don't have permissions for the Tables
object (code is below for your reference).

Dim wrkDefault As Workspace Dim usrNew As User Dim usrTemp As
User

Set wrkDefault = DBEngine.Workspaces(0)

With wrkDefault ' Create and append new User. Set usrNew =
.CreateUser(Me!username) usrNew.pid = Me!pid .Users.Append
usrNew------------------>it fails here the code goes on I tried
giving the localAdmin group administer permissions for the
database (which I hate to do, frankly), but even that didn't
work.

Is there no way to accomplish this?

TIA

Jan

In order to add and delete users, you normally need to be a
member of the admins group. However, it would be possible for
you to create a workspace with the credentials of an
Administrator programatically, so that a non-admin person just
presses a button and a new user is created. One way I do this is
to create an account with the name Automation, then I can create
the workspace:

Set wks = DBEngine.CreateWorkspace("Jet", "Automation",
"MyPassword", dbUseJet)

and do whatever from there. If your application is an mde, the
code is compiled and you don't need to worry about hard-coding
the password as the code is unreadable. If it is an mdb, there
is the risk that someone could read and extract the password.
However, if someone knew enough to understand the code and
extract the password, they could break in anyway as Access
user-level security is broken (ie easily crackable) and unlikely
to be fixed.


Hi:

Thanks for the quick reply. Let me get this straight:

I need to create a user called "automation" in the admins group,
give it a password ("mypass"), and then in the code for creating a
user, instead of the Set wrkDefault = DBEngine.Workspaces(0) I
would use Set wrkDefault
=DBEngine.createWorkspaces("jet","automation","myp ass",dbusejet)
and then that would allow the non-admin user to add new users?

Please let me know if I've missed something.

Also, how would they clear passwords? I haven't been able to
figure out how to do that programmatically; the VBA way to do it
seems to require one to know the old password in order to change it
to blank; but if the user has forgotten their pass, you can't go
that way. I had expected the "localAdmin" folks to just go through
the tools/security/user & group accounts menus, but they can't do
that unless they're in the admins group. Any thoughts?

Jan


That's basically it. Clearing password simply means that you set the
password to a zero-length string. As to providing the original
password, that is the point of programatically creating a new
workspace as a member of the admins group. If you are in the admins
group, you don't need to know the old password to change it to a new
one. In the example below, I use a blank string for the old password:
usr.NewPassword "", strNewPwd

but since the old password isn't even looked at, I could have written
either: usr.NewPassword strNewPwd, strNewPwd or usr.NewPassword
"AbsoluteNonsense", strNewPwd

However, it doesn't really help readability.


Public Function ResetPassword(strUserName As String, _ strNewPwd As
String) As Boolean

On Error GoTo Err_Handler

Dim wks As DAO.Workspace Dim usr As DAO.User

Set wks = DBEngine.CreateWorkspace("Jet", "Automation", _
"MyPassword", dbUseJet)

Set usr = wks.Users(strUserName)

usr.NewPassword "", strNewPwd

ResetPassword = True

Exit_Handler:

If Not usr Is Nothing Then Set usr = Nothing End If

If Not wks Is Nothing Then wks.Close Set wks = Nothing End If

Exit Function

Err_Handler:

Select Case Err.Number

Case 3029 ' Invalid account or password - error with our secret
account MsgBox "Unable to change password", _ vbExclamation,
"Password Error"

Case 3033 ' Account has insufficient permissions - error with our
secret account MsgBox "Unable to change password", _ vbExclamation,
"Password Error"

Case 3265 ' strUserName relates to a non-existant user MsgBox "Cannot
locate user: " & strUserName, _ vbExclamation, "Password Error"

Case Else MsgBox Err.Description, vbExclamation, "Error No: " &
Err.Number

End Select

Resume Exit_Handler

End Function

Apr 22 '06 #5

P: n/a
Jan
It all worked beautifully. Thanks so much for the help.

Jan

Jan wrote:
Thanks, Anthony. I'm going to try it (I hope I can squeeze in time
today but it might be tomorrow) and will let you know how it goes.

Jan

Anthony England wrote:
"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...

Anthony England wrote:

"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...
> Hi:
>
> I have created a secured database for a client. For various
> reasons, I don't want the client to have full persmissions for
> the database; they aren't in the admins group. I have instead
> tried to create a second group, called "localAdmin," for the
> admin-type person at the client. I want this group to be able
> to do some basic admin-type stuff, including adding new users
> and clearing passwords if users forget theirs.
>
> I can't seem to accomplish this, though. When signing on as
> someone in the LocalAdmin group, if I try to go to
> Tools/Security/user & group accounts, I get the error message
> about not having read permissions for the msysUserlist table
> and msysGroupList table. If I try to add a user via VBA code,
> I get error 3033--you don't have permissions for the Tables
> object (code is below for your reference).
>
> Dim wrkDefault As Workspace Dim usrNew As User Dim usrTemp As
> User
>
> Set wrkDefault = DBEngine.Workspaces(0)
>
> With wrkDefault ' Create and append new User. Set usrNew =
> .CreateUser(Me!username) usrNew.pid = Me!pid .Users.Append
> usrNew------------------>it fails here the code goes on I tried
> giving the localAdmin group administer permissions for the
> database (which I hate to do, frankly), but even that didn't
> work.
>
> Is there no way to accomplish this?
>
> TIA
>
> Jan


In order to add and delete users, you normally need to be a
member of the admins group. However, it would be possible for
you to create a workspace with the credentials of an
Administrator programatically, so that a non-admin person just
presses a button and a new user is created. One way I do this is
to create an account with the name Automation, then I can create
the workspace:

Set wks = DBEngine.CreateWorkspace("Jet", "Automation",
"MyPassword", dbUseJet)

and do whatever from there. If your application is an mde, the
code is compiled and you don't need to worry about hard-coding
the password as the code is unreadable. If it is an mdb, there
is the risk that someone could read and extract the password.
However, if someone knew enough to understand the code and
extract the password, they could break in anyway as Access
user-level security is broken (ie easily crackable) and unlikely
to be fixed.
Hi:

Thanks for the quick reply. Let me get this straight:

I need to create a user called "automation" in the admins group,
give it a password ("mypass"), and then in the code for creating a
user, instead of the Set wrkDefault = DBEngine.Workspaces(0) I
would use Set wrkDefault
=DBEngine.createWorkspaces("jet","automation","myp ass",dbusejet) and
then that would allow the non-admin user to add new users?

Please let me know if I've missed something.

Also, how would they clear passwords? I haven't been able to
figure out how to do that programmatically; the VBA way to do it
seems to require one to know the old password in order to change it
to blank; but if the user has forgotten their pass, you can't go
that way. I had expected the "localAdmin" folks to just go through
the tools/security/user & group accounts menus, but they can't do
that unless they're in the admins group. Any thoughts?

Jan



That's basically it. Clearing password simply means that you set the
password to a zero-length string. As to providing the original
password, that is the point of programatically creating a new
workspace as a member of the admins group. If you are in the admins
group, you don't need to know the old password to change it to a new
one. In the example below, I use a blank string for the old password:
usr.NewPassword "", strNewPwd

but since the old password isn't even looked at, I could have written
either: usr.NewPassword strNewPwd, strNewPwd or usr.NewPassword
"AbsoluteNonsense", strNewPwd

However, it doesn't really help readability.


Public Function ResetPassword(strUserName As String, _ strNewPwd As
String) As Boolean

On Error GoTo Err_Handler

Dim wks As DAO.Workspace Dim usr As DAO.User

Set wks = DBEngine.CreateWorkspace("Jet", "Automation", _
"MyPassword", dbUseJet)

Set usr = wks.Users(strUserName)

usr.NewPassword "", strNewPwd

ResetPassword = True

Exit_Handler:

If Not usr Is Nothing Then Set usr = Nothing End If

If Not wks Is Nothing Then wks.Close Set wks = Nothing End If

Exit Function

Err_Handler:

Select Case Err.Number

Case 3029 ' Invalid account or password - error with our secret
account MsgBox "Unable to change password", _ vbExclamation,
"Password Error"

Case 3033 ' Account has insufficient permissions - error with our
secret account MsgBox "Unable to change password", _ vbExclamation,
"Password Error"

Case 3265 ' strUserName relates to a non-existant user MsgBox "Cannot
locate user: " & strUserName, _ vbExclamation, "Password Error"

Case Else MsgBox Err.Description, vbExclamation, "Error No: " &
Err.Number

End Select

Resume Exit_Handler

End Function

Apr 26 '06 #6

P: n/a

"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...
It all worked beautifully. Thanks so much for the help.

Jan

Cool.
Thanks for letting us know.
Apr 26 '06 #7

This discussion thread is closed

Replies have been disabled for this discussion.