473,322 Members | 1,562 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

who can add users and change passwords?

Jan
Hi:

I have created a secured database for a client. For various reasons, I
don't want the client to have full persmissions for the database; they
aren't in the admins group. I have instead tried to create a second
group, called "localAdmin," for the admin-type person at the client. I
want this group to be able to do some basic admin-type stuff, including
adding new users and clearing passwords if users forget theirs.

I can't seem to accomplish this, though. When signing on as someone in
the LocalAdmin group, if I try to go to Tools/Security/user & group
accounts, I get the error message about not having read permissions for the
msysUserlist table and msysGroupList table. If I try to add a user via
VBA code, I get error
3033--you don't have permissions for the Tables object (code is below
for your reference).

Dim wrkDefault As Workspace
Dim usrNew As User
Dim usrTemp As User

Set wrkDefault = DBEngine.Workspaces(0)

With wrkDefault
' Create and append new User.
Set usrNew = .CreateUser(Me!username)
usrNew.pid = Me!pid
.Users.Append usrNew------------------>it fails here
the code goes on

I tried giving the localAdmin group administer permissions for the
database (which I hate to do, frankly), but even that didn't work.

Is there no way to accomplish this?

TIA

Jan
Apr 21 '06 #1
6 5119

"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...
Hi:

I have created a secured database for a client. For various reasons, I
don't want the client to have full persmissions for the database; they
aren't in the admins group. I have instead tried to create a second
group, called "localAdmin," for the admin-type person at the client. I
want this group to be able to do some basic admin-type stuff, including
adding new users and clearing passwords if users forget theirs.

I can't seem to accomplish this, though. When signing on as someone in
the LocalAdmin group, if I try to go to Tools/Security/user & group
accounts, I get the error message about not having read permissions for
the
msysUserlist table and msysGroupList table. If I try to add a user via
VBA code, I get error
3033--you don't have permissions for the Tables object (code is below
for your reference).

Dim wrkDefault As Workspace
Dim usrNew As User
Dim usrTemp As User

Set wrkDefault = DBEngine.Workspaces(0)

With wrkDefault
' Create and append new User.
Set usrNew = .CreateUser(Me!username)
usrNew.pid = Me!pid
.Users.Append usrNew------------------>it fails here
the code goes on
I tried giving the localAdmin group administer permissions for the
database (which I hate to do, frankly), but even that didn't work.

Is there no way to accomplish this?

TIA

Jan



In order to add and delete users, you normally need to be a member of the
admins group. However, it would be possible for you to create a workspace
with the credentials of an Administrator programatically, so that a
non-admin person just presses a button and a new user is created. One way I
do this is to create an account with the name Automation, then I can create
the workspace:

Set wks = DBEngine.CreateWorkspace("Jet", "Automation", "MyPassword",
dbUseJet)

and do whatever from there. If your application is an mde, the code is
compiled and you don't need to worry about hard-coding the password as the
code is unreadable. If it is an mdb, there is the risk that someone could
read and extract the password. However, if someone knew enough to
understand the code and extract the password, they could break in anyway as
Access user-level security is broken (ie easily crackable) and unlikely to
be fixed.


Apr 21 '06 #2
Jan


Anthony England wrote:
"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...
Hi:

I have created a secured database for a client. For various
reasons, I don't want the client to have full persmissions for the
database; they aren't in the admins group. I have instead tried to
create a second group, called "localAdmin," for the admin-type
person at the client. I want this group to be able to do some basic
admin-type stuff, including adding new users and clearing passwords
if users forget theirs.

I can't seem to accomplish this, though. When signing on as
someone in the LocalAdmin group, if I try to go to
Tools/Security/user & group accounts, I get the error message about
not having read permissions for the msysUserlist table and
msysGroupList table. If I try to add a user via VBA code, I get
error 3033--you don't have permissions for the Tables object (code
is below for your reference).

Dim wrkDefault As Workspace Dim usrNew As User Dim usrTemp As User

Set wrkDefault = DBEngine.Workspaces(0)

With wrkDefault ' Create and append new User. Set usrNew =
.CreateUser(Me!username) usrNew.pid = Me!pid .Users.Append
usrNew------------------>it fails here the code goes on I tried
giving the localAdmin group administer permissions for the database
(which I hate to do, frankly), but even that didn't work.

Is there no way to accomplish this?

TIA

Jan


In order to add and delete users, you normally need to be a member of
the admins group. However, it would be possible for you to create a
workspace with the credentials of an Administrator programatically,
so that a non-admin person just presses a button and a new user is
created. One way I do this is to create an account with the name
Automation, then I can create the workspace:

Set wks = DBEngine.CreateWorkspace("Jet", "Automation", "MyPassword",
dbUseJet)

and do whatever from there. If your application is an mde, the code
is compiled and you don't need to worry about hard-coding the
password as the code is unreadable. If it is an mdb, there is the
risk that someone could read and extract the password. However, if
someone knew enough to understand the code and extract the password,
they could break in anyway as Access user-level security is broken
(ie easily crackable) and unlikely to be fixed.

Hi:

Thanks for the quick reply. Let me get this straight:

I need to create a user called "automation" in the admins group, give it
a password ("mypass"), and then in the code for creating a user, instead
of the
Set wrkDefault = DBEngine.Workspaces(0)
I would use
Set wrkDefault
=DBEngine.createWorkspaces("jet","automation","myp ass",dbusejet)
and then that would allow the non-admin user to add new users?

Please let me know if I've missed something.

Also, how would they clear passwords? I haven't been able to figure out
how to do that programmatically; the VBA way to do it seems to require
one to know the old password in order to change it to blank; but if the
user has forgotten their pass, you can't go that way. I had expected
the "localAdmin" folks to just go through the tools/security/user &
group accounts menus, but they can't do that unless they're in the
admins group. Any thoughts?

Jan
Apr 21 '06 #3

"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...


Anthony England wrote:
"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...
Hi:

I have created a secured database for a client. For various
reasons, I don't want the client to have full persmissions for the
database; they aren't in the admins group. I have instead tried to
create a second group, called "localAdmin," for the admin-type
person at the client. I want this group to be able to do some basic
admin-type stuff, including adding new users and clearing passwords
if users forget theirs.

I can't seem to accomplish this, though. When signing on as
someone in the LocalAdmin group, if I try to go to
Tools/Security/user & group accounts, I get the error message about
not having read permissions for the msysUserlist table and
msysGroupList table. If I try to add a user via VBA code, I get
error 3033--you don't have permissions for the Tables object (code
is below for your reference).

Dim wrkDefault As Workspace Dim usrNew As User Dim usrTemp As User

Set wrkDefault = DBEngine.Workspaces(0)

With wrkDefault ' Create and append new User. Set usrNew =
.CreateUser(Me!username) usrNew.pid = Me!pid .Users.Append
usrNew------------------>it fails here the code goes on I tried
giving the localAdmin group administer permissions for the database
(which I hate to do, frankly), but even that didn't work.

Is there no way to accomplish this?

TIA

Jan


In order to add and delete users, you normally need to be a member of
the admins group. However, it would be possible for you to create a
workspace with the credentials of an Administrator programatically,
so that a non-admin person just presses a button and a new user is
created. One way I do this is to create an account with the name
Automation, then I can create the workspace:

Set wks = DBEngine.CreateWorkspace("Jet", "Automation", "MyPassword",
dbUseJet)

and do whatever from there. If your application is an mde, the code
is compiled and you don't need to worry about hard-coding the
password as the code is unreadable. If it is an mdb, there is the
risk that someone could read and extract the password. However, if
someone knew enough to understand the code and extract the password,
they could break in anyway as Access user-level security is broken
(ie easily crackable) and unlikely to be fixed.

Hi:

Thanks for the quick reply. Let me get this straight:

I need to create a user called "automation" in the admins group, give it
a password ("mypass"), and then in the code for creating a user, instead
of the
Set wrkDefault = DBEngine.Workspaces(0)
I would use
Set wrkDefault
=DBEngine.createWorkspaces("jet","automation","myp ass",dbusejet)
and then that would allow the non-admin user to add new users?

Please let me know if I've missed something.

Also, how would they clear passwords? I haven't been able to figure out
how to do that programmatically; the VBA way to do it seems to require
one to know the old password in order to change it to blank; but if the
user has forgotten their pass, you can't go that way. I had expected
the "localAdmin" folks to just go through the tools/security/user &
group accounts menus, but they can't do that unless they're in the
admins group. Any thoughts?

Jan

That's basically it. Clearing password simply means that you set the
password to a zero-length string. As to providing the original password,
that is the point of programatically creating a new workspace as a member of
the admins group. If you are in the admins group, you don't need to know
the old password to change it to a new one.
In the example below, I use a blank string for the old password:
usr.NewPassword "", strNewPwd

but since the old password isn't even looked at, I could have written
either:
usr.NewPassword strNewPwd, strNewPwd
or
usr.NewPassword "AbsoluteNonsense", strNewPwd

However, it doesn't really help readability.


Public Function ResetPassword(strUserName As String, _
strNewPwd As String) As Boolean

On Error GoTo Err_Handler

Dim wks As DAO.Workspace
Dim usr As DAO.User

Set wks = DBEngine.CreateWorkspace("Jet", "Automation", _
"MyPassword", dbUseJet)

Set usr = wks.Users(strUserName)

usr.NewPassword "", strNewPwd

ResetPassword = True

Exit_Handler:

If Not usr Is Nothing Then
Set usr = Nothing
End If

If Not wks Is Nothing Then
wks.Close
Set wks = Nothing
End If

Exit Function

Err_Handler:

Select Case Err.Number

Case 3029 ' Invalid account or password - error with our secret account
MsgBox "Unable to change password", _
vbExclamation, "Password Error"

Case 3033 ' Account has insufficient permissions - error with our secret
account
MsgBox "Unable to change password", _
vbExclamation, "Password Error"

Case 3265 ' strUserName relates to a non-existant user
MsgBox "Cannot locate user: " & strUserName, _
vbExclamation, "Password Error"

Case Else
MsgBox Err.Description, vbExclamation, "Error No: " & Err.Number

End Select

Resume Exit_Handler

End Function
Apr 22 '06 #4
Jan
Thanks, Anthony. I'm going to try it (I hope I can squeeze in time
today but it might be tomorrow) and will let you know how it goes.

Jan

Anthony England wrote:
"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...

Anthony England wrote:
"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...
Hi:

I have created a secured database for a client. For various
reasons, I don't want the client to have full persmissions for
the database; they aren't in the admins group. I have instead
tried to create a second group, called "localAdmin," for the
admin-type person at the client. I want this group to be able
to do some basic admin-type stuff, including adding new users
and clearing passwords if users forget theirs.

I can't seem to accomplish this, though. When signing on as
someone in the LocalAdmin group, if I try to go to
Tools/Security/user & group accounts, I get the error message
about not having read permissions for the msysUserlist table
and msysGroupList table. If I try to add a user via VBA code,
I get error 3033--you don't have permissions for the Tables
object (code is below for your reference).

Dim wrkDefault As Workspace Dim usrNew As User Dim usrTemp As
User

Set wrkDefault = DBEngine.Workspaces(0)

With wrkDefault ' Create and append new User. Set usrNew =
.CreateUser(Me!username) usrNew.pid = Me!pid .Users.Append
usrNew------------------>it fails here the code goes on I tried
giving the localAdmin group administer permissions for the
database (which I hate to do, frankly), but even that didn't
work.

Is there no way to accomplish this?

TIA

Jan

In order to add and delete users, you normally need to be a
member of the admins group. However, it would be possible for
you to create a workspace with the credentials of an
Administrator programatically, so that a non-admin person just
presses a button and a new user is created. One way I do this is
to create an account with the name Automation, then I can create
the workspace:

Set wks = DBEngine.CreateWorkspace("Jet", "Automation",
"MyPassword", dbUseJet)

and do whatever from there. If your application is an mde, the
code is compiled and you don't need to worry about hard-coding
the password as the code is unreadable. If it is an mdb, there
is the risk that someone could read and extract the password.
However, if someone knew enough to understand the code and
extract the password, they could break in anyway as Access
user-level security is broken (ie easily crackable) and unlikely
to be fixed.


Hi:

Thanks for the quick reply. Let me get this straight:

I need to create a user called "automation" in the admins group,
give it a password ("mypass"), and then in the code for creating a
user, instead of the Set wrkDefault = DBEngine.Workspaces(0) I
would use Set wrkDefault
=DBEngine.createWorkspaces("jet","automation","myp ass",dbusejet)
and then that would allow the non-admin user to add new users?

Please let me know if I've missed something.

Also, how would they clear passwords? I haven't been able to
figure out how to do that programmatically; the VBA way to do it
seems to require one to know the old password in order to change it
to blank; but if the user has forgotten their pass, you can't go
that way. I had expected the "localAdmin" folks to just go through
the tools/security/user & group accounts menus, but they can't do
that unless they're in the admins group. Any thoughts?

Jan


That's basically it. Clearing password simply means that you set the
password to a zero-length string. As to providing the original
password, that is the point of programatically creating a new
workspace as a member of the admins group. If you are in the admins
group, you don't need to know the old password to change it to a new
one. In the example below, I use a blank string for the old password:
usr.NewPassword "", strNewPwd

but since the old password isn't even looked at, I could have written
either: usr.NewPassword strNewPwd, strNewPwd or usr.NewPassword
"AbsoluteNonsense", strNewPwd

However, it doesn't really help readability.


Public Function ResetPassword(strUserName As String, _ strNewPwd As
String) As Boolean

On Error GoTo Err_Handler

Dim wks As DAO.Workspace Dim usr As DAO.User

Set wks = DBEngine.CreateWorkspace("Jet", "Automation", _
"MyPassword", dbUseJet)

Set usr = wks.Users(strUserName)

usr.NewPassword "", strNewPwd

ResetPassword = True

Exit_Handler:

If Not usr Is Nothing Then Set usr = Nothing End If

If Not wks Is Nothing Then wks.Close Set wks = Nothing End If

Exit Function

Err_Handler:

Select Case Err.Number

Case 3029 ' Invalid account or password - error with our secret
account MsgBox "Unable to change password", _ vbExclamation,
"Password Error"

Case 3033 ' Account has insufficient permissions - error with our
secret account MsgBox "Unable to change password", _ vbExclamation,
"Password Error"

Case 3265 ' strUserName relates to a non-existant user MsgBox "Cannot
locate user: " & strUserName, _ vbExclamation, "Password Error"

Case Else MsgBox Err.Description, vbExclamation, "Error No: " &
Err.Number

End Select

Resume Exit_Handler

End Function

Apr 22 '06 #5
Jan
It all worked beautifully. Thanks so much for the help.

Jan

Jan wrote:
Thanks, Anthony. I'm going to try it (I hope I can squeeze in time
today but it might be tomorrow) and will let you know how it goes.

Jan

Anthony England wrote:
"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...

Anthony England wrote:

"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...
> Hi:
>
> I have created a secured database for a client. For various
> reasons, I don't want the client to have full persmissions for
> the database; they aren't in the admins group. I have instead
> tried to create a second group, called "localAdmin," for the
> admin-type person at the client. I want this group to be able
> to do some basic admin-type stuff, including adding new users
> and clearing passwords if users forget theirs.
>
> I can't seem to accomplish this, though. When signing on as
> someone in the LocalAdmin group, if I try to go to
> Tools/Security/user & group accounts, I get the error message
> about not having read permissions for the msysUserlist table
> and msysGroupList table. If I try to add a user via VBA code,
> I get error 3033--you don't have permissions for the Tables
> object (code is below for your reference).
>
> Dim wrkDefault As Workspace Dim usrNew As User Dim usrTemp As
> User
>
> Set wrkDefault = DBEngine.Workspaces(0)
>
> With wrkDefault ' Create and append new User. Set usrNew =
> .CreateUser(Me!username) usrNew.pid = Me!pid .Users.Append
> usrNew------------------>it fails here the code goes on I tried
> giving the localAdmin group administer permissions for the
> database (which I hate to do, frankly), but even that didn't
> work.
>
> Is there no way to accomplish this?
>
> TIA
>
> Jan


In order to add and delete users, you normally need to be a
member of the admins group. However, it would be possible for
you to create a workspace with the credentials of an
Administrator programatically, so that a non-admin person just
presses a button and a new user is created. One way I do this is
to create an account with the name Automation, then I can create
the workspace:

Set wks = DBEngine.CreateWorkspace("Jet", "Automation",
"MyPassword", dbUseJet)

and do whatever from there. If your application is an mde, the
code is compiled and you don't need to worry about hard-coding
the password as the code is unreadable. If it is an mdb, there
is the risk that someone could read and extract the password.
However, if someone knew enough to understand the code and
extract the password, they could break in anyway as Access
user-level security is broken (ie easily crackable) and unlikely
to be fixed.
Hi:

Thanks for the quick reply. Let me get this straight:

I need to create a user called "automation" in the admins group,
give it a password ("mypass"), and then in the code for creating a
user, instead of the Set wrkDefault = DBEngine.Workspaces(0) I
would use Set wrkDefault
=DBEngine.createWorkspaces("jet","automation","myp ass",dbusejet) and
then that would allow the non-admin user to add new users?

Please let me know if I've missed something.

Also, how would they clear passwords? I haven't been able to
figure out how to do that programmatically; the VBA way to do it
seems to require one to know the old password in order to change it
to blank; but if the user has forgotten their pass, you can't go
that way. I had expected the "localAdmin" folks to just go through
the tools/security/user & group accounts menus, but they can't do
that unless they're in the admins group. Any thoughts?

Jan



That's basically it. Clearing password simply means that you set the
password to a zero-length string. As to providing the original
password, that is the point of programatically creating a new
workspace as a member of the admins group. If you are in the admins
group, you don't need to know the old password to change it to a new
one. In the example below, I use a blank string for the old password:
usr.NewPassword "", strNewPwd

but since the old password isn't even looked at, I could have written
either: usr.NewPassword strNewPwd, strNewPwd or usr.NewPassword
"AbsoluteNonsense", strNewPwd

However, it doesn't really help readability.


Public Function ResetPassword(strUserName As String, _ strNewPwd As
String) As Boolean

On Error GoTo Err_Handler

Dim wks As DAO.Workspace Dim usr As DAO.User

Set wks = DBEngine.CreateWorkspace("Jet", "Automation", _
"MyPassword", dbUseJet)

Set usr = wks.Users(strUserName)

usr.NewPassword "", strNewPwd

ResetPassword = True

Exit_Handler:

If Not usr Is Nothing Then Set usr = Nothing End If

If Not wks Is Nothing Then wks.Close Set wks = Nothing End If

Exit Function

Err_Handler:

Select Case Err.Number

Case 3029 ' Invalid account or password - error with our secret
account MsgBox "Unable to change password", _ vbExclamation,
"Password Error"

Case 3033 ' Account has insufficient permissions - error with our
secret account MsgBox "Unable to change password", _ vbExclamation,
"Password Error"

Case 3265 ' strUserName relates to a non-existant user MsgBox "Cannot
locate user: " & strUserName, _ vbExclamation, "Password Error"

Case Else MsgBox Err.Description, vbExclamation, "Error No: " &
Err.Number

End Select

Resume Exit_Handler

End Function

Apr 26 '06 #6

"Jan" <ja*@stempelconsulting.com> wrote in message
news:12*************@corp.supernews.com...
It all worked beautifully. Thanks so much for the help.

Jan

Cool.
Thanks for letting us know.
Apr 26 '06 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: | last post by:
Looking for a way for users to change their passwords on local accounts. I followed this KB article, 306271, and it worked as far as adding a new user. I tried to modify it to do password...
4
by: HNguyen | last post by:
Hi, I have a Web application in ASP.NET. My Application allows the users upload files into the server after checking their user names and passwords. For each transaction, the Web program will...
10
by: 4site | last post by:
Happy New Year and all that! I'd like to write a short PHP script that will allow users to alter their virtual server password via a secure web form. I had hoped that I might be able to call...
9
by: antonyliu2002 | last post by:
I am not sure how to google this concept. Basically, what I wanna do is to direct different users to different pages. I do not have a whole lot users. For example, if user name 'tomcat'...
5
by: Terry Holland | last post by:
I have an intranet application that comprises an ASP.Net application connecting to a SQL Server DB The application has 150 users. At the moment I am connecting using the following setup I have...
11
usafshah
by: usafshah | last post by:
Is there any simple way to change all the passwords for an Organization Unit or users in a group at once? I want to set same passwords to all users !
1
by: postmanpat | last post by:
i have to create a login form that validates the users and passwords from a text file. I have another function that can add new users and passwords by writing to a test file split by a delimiter. But...
4
by: =?Utf-8?B?R2hpc3Rvcw==?= | last post by:
Hi, I collect hashed password in my BD. I give the opportunity to the user to reset his password with the PasswordRecovery control. But, when he receive it , it is a series fo strange characters...
1
harshadd
by: harshadd | last post by:
I want to replicate users (with there passwords and home directories) on diff Linux server, reason is I have a working setup of ssh and vsftp which is being used by many users who are not contactable...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.