By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,488 Members | 2,545 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,488 IT Pros & Developers. It's quick & easy.

Tony's AutoUpdater Question

P: n/a
Bri
I've just started checking this out. I've got it to work alright with
one exception. It is a secured MDE, so I've setup all the INI file
options for it. The problem is that the UserID I setup for it to use to
do the version test, seems to need more than the claimed 'minimum
rights'. I haven't figured out what specifically it needs rights to, but
it is somewhere between our base level (does not have access to
sensitive data) and our Manager level (has everything except
Administrate rights). I would like this ID to have ONLY what is required
to do its function. Does anyone know what it is?

Thanks!

--
Bri

Dec 28 '06 #1
Share this Question
Share on Google+
6 Replies


P: n/a
Bri
Does nobody have any ideas on this?

Bri wrote:
I've just started checking this out. I've got it to work alright with
one exception. It is a secured MDE, so I've setup all the INI file
options for it. The problem is that the UserID I setup for it to use to
do the version test, seems to need more than the claimed 'minimum
rights'. I haven't figured out what specifically it needs rights to, but
it is somewhere between our base level (does not have access to
sensitive data) and our Manager level (has everything except
Administrate rights). I would like this ID to have ONLY what is required
to do its function. Does anyone know what it is?

Thanks!

--
Bri
Dec 29 '06 #2

P: n/a
Hi, Bri.
Does nobody have any ideas on this?
Not many folks are using User-Level Security, and information given is rather
vague, so I suspect that's why no one has responded yet.
>The problem is that the UserID I setup for it to use to do the version test,
seems to need more than the claimed 'minimum rights'.
I suspect folks may be asking the following questions: Is that a Windows User
ID or an Access User ID? Who's claim? Is there a list somewhere of what these
"minimum rights" are? Can you give us a link to it?
>I would like this ID to have ONLY what is required to do its function. Does
anyone know what it is?
Just for Access User-Level Security? Or Windows security? On the database
file? On the INI file? On Tony's AutoFE?

If it's Access User-Level Security you're asking about, then the user should be
assigned to a group that has permission to open the database (possibly
exclusively if that's what your application requires), and the group has
permissions to open/run whatever forms and reports the group needs. The group
shouldn't have any permissions to open tables, or read or modify their designs,
or permissions to update, add, or delete data in those tables. For queries, the
group should only be able to run the RWOP queries, not alter them.

Unless, of course, the user is a member of the Admins group. This group has
permissions on everything.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/ex...ributors2.html for contact info.
"Bri" <no*@here.comwrote in message news:zmglh.530035$1T2.444736@pd7urf2no...
Does nobody have any ideas on this?

Bri wrote:
>I've just started checking this out. I've got it to work alright with one
exception. It is a secured MDE, so I've setup all the INI file options for
it. The problem is that the UserID I setup for it to use to do the version
test, seems to need more than the claimed 'minimum rights'. I haven't figured
out what specifically it needs rights to, but it is somewhere between our
base level (does not have access to sensitive data) and our Manager level
(has everything except Administrate rights). I would like this ID to have
ONLY what is required to do its function. Does anyone know what it is?

Thanks!

--
Bri

Dec 31 '06 #3

P: n/a
Oh, and I forgot to add, for User-Level Security, no individual user should be
given permissions on anything, not even to open the database. All permissions
should be granted to the group he belongs to. And the default Users group
shouldn't have any permissions, either.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/ex...ributors2.html for contact info.
"'69 Camaro" <Fo**************************@Spameater.orgZERO_SP AMwrote in
message news:Ko******************************@adelphia.com ...
Hi, Bri.
> Does nobody have any ideas on this?

Not many folks are using User-Level Security, and information given is rather
vague, so I suspect that's why no one has responded yet.
>>The problem is that the UserID I setup for it to use to do the version test,
seems to need more than the claimed 'minimum rights'.

I suspect folks may be asking the following questions: Is that a Windows User
ID or an Access User ID? Who's claim? Is there a list somewhere of what
these "minimum rights" are? Can you give us a link to it?
>>I would like this ID to have ONLY what is required to do its function. Does
anyone know what it is?

Just for Access User-Level Security? Or Windows security? On the database
file? On the INI file? On Tony's AutoFE?

If it's Access User-Level Security you're asking about, then the user should
be assigned to a group that has permission to open the database (possibly
exclusively if that's what your application requires), and the group has
permissions to open/run whatever forms and reports the group needs. The group
shouldn't have any permissions to open tables, or read or modify their
designs, or permissions to update, add, or delete data in those tables. For
queries, the group should only be able to run the RWOP queries, not alter
them.

Unless, of course, the user is a member of the Admins group. This group has
permissions on everything.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/ex...ributors2.html for contact info.
"Bri" <no*@here.comwrote in message
news:zmglh.530035$1T2.444736@pd7urf2no...
> Does nobody have any ideas on this?

Bri wrote:
>>I've just started checking this out. I've got it to work alright with one
exception. It is a secured MDE, so I've setup all the INI file options for
it. The problem is that the UserID I setup for it to use to do the version
test, seems to need more than the claimed 'minimum rights'. I haven't
figured out what specifically it needs rights to, but it is somewhere
between our base level (does not have access to sensitive data) and our
Manager level (has everything except Administrate rights). I would like this
ID to have ONLY what is required to do its function. Does anyone know what
it is?

Thanks!

--
Bri


Dec 31 '06 #4

P: n/a
Bri
'69 Camaro wrote:
Hi, Bri.

>Does nobody have any ideas on this?


Not many folks are using User-Level Security, and information given is rather
vague, so I suspect that's why no one has responded yet.
If you have used Tony's Updater on a MDE with Workgroup security, then
the questions are not vague. I suppose they could seem so to those that
haven't.
>>>The problem is that the UserID I setup for it to use to do the version test,
seems to need more than the claimed 'minimum rights'.


I suspect folks may be asking the following questions: Is that a Windows User
ID or an Access User ID? Who's claim? Is there a list somewhere of what these
"minimum rights" are? Can you give us a link to it?
Access UserID. The claim I refer to are in Tony's INI file descripter in
the Workgroup security section.
http://www.granite.ab.ca/access/autofe/inifile.htm

"MDWUser=AccessUsername
This needs to be an Access account which can have very limited rights to
the front end MDB."

I cannot get it to work with limited rights, only with admin rights. I
suspect there is a specific right it needs to have to work.
>>>I would like this ID to have ONLY what is required to do its function. Does
anyone know what it is?


Just for Access User-Level Security? Or Windows security? On the database
file? On the INI file? On Tony's AutoFE?
See above.
If it's Access User-Level Security you're asking about <snip>
It wasn't. I think I have a handle on the security of the MDE itself, I
just don't know what the Updater is trying to access that it doesn't get
permissions for unless I grant admin, which I don't want to do. That's
too big a hammer for this nail. :D
>
HTH.
Gunny
Not yet, but I hope eventually. :)
"Bri" <no*@here.comwrote in message news:zmglh.530035$1T2.444736@pd7urf2no...
>Does nobody have any ideas on this?

Bri wrote:
>>>I've just started checking this out. I've got it to work alright with one
exception. It is a secured MDE, so I've setup all the INI file options for
it. The problem is that the UserID I setup for it to use to do the version
test, seems to need more than the claimed 'minimum rights'. I haven't figured
out what specifically it needs rights to, but it is somewhere between our
base level (does not have access to sensitive data) and our Manager level
(has everything except Administrate rights). I would like this ID to have
ONLY what is required to do its function. Does anyone know what it is?

Thanks!

--
Bri
Jan 2 '07 #5

P: n/a
Hi, Bri.
If you have used Tony's Updater on a MDE with Workgroup security, then the
questions are not vague. I suppose they could seem so to those that haven't.
Those are precisely the folks reading your question. It was a holiday week,
followed by a holiday weekend when you posted your question and follow up. Many
of the folks who regularly browse this newsgroup were busy with holiday cheer,
not chained to their computers. It would be very difficult this time of year to
find someone who is familiar with all three of those items on your list _and_
who answers questions in this newsgroup. Perhaps now that most folks are back
to work this morning, more will respond to your question.
I cannot get it to work with limited rights, only with admin rights.
Either the AutoFE can't decypher the encrypted password for this "limited
rights" user, or this "limited rights" user is a member of a group that has
doesn't have enough permissions to open/run the database (or open the database
exclusively if that's the requirement). Or it's one of the myriad of other
problems Access developers new to User-Level Security often encounter when
deploying databases in a multiuser environment after they've skipped a step or
three, but you already ruled that out by manually logging into the secure
database as the limited user with that particular workgroup file on one of the
user's workstations. Or did you? (Yes, a Windows shortcut which includes the
workgroup file can be used for this test instead.)

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/ex...ributors2.html for contact info.
"Bri" <no*@here.comwrote in message news:8Rmmh.546873$5R2.274715@pd7urf3no...
'69 Camaro wrote:
>Hi, Bri.

>>Does nobody have any ideas on this?


Not many folks are using User-Level Security, and information given is rather
vague, so I suspect that's why no one has responded yet.

If you have used Tony's Updater on a MDE with Workgroup security, then the
questions are not vague. I suppose they could seem so to those that haven't.
>>>>The problem is that the UserID I setup for it to use to do the version test,
seems to need more than the claimed 'minimum rights'.


I suspect folks may be asking the following questions: Is that a Windows
User ID or an Access User ID? Who's claim? Is there a list somewhere of
what these "minimum rights" are? Can you give us a link to it?

Access UserID. The claim I refer to are in Tony's INI file descripter in the
Workgroup security section. http://www.granite.ab.ca/access/autofe/inifile.htm

"MDWUser=AccessUsername
This needs to be an Access account which can have very limited rights to the
front end MDB."

I cannot get it to work with limited rights, only with admin rights. I suspect
there is a specific right it needs to have to work.
>>>>I would like this ID to have ONLY what is required to do its function. Does
anyone know what it is?


Just for Access User-Level Security? Or Windows security? On the database
file? On the INI file? On Tony's AutoFE?

See above.
>If it's Access User-Level Security you're asking about <snip>

It wasn't. I think I have a handle on the security of the MDE itself, I just
don't know what the Updater is trying to access that it doesn't get
permissions for unless I grant admin, which I don't want to do. That's too big
a hammer for this nail. :D
>>
HTH.
Gunny

Not yet, but I hope eventually. :)
>"Bri" <no*@here.comwrote in message
news:zmglh.530035$1T2.444736@pd7urf2no...
>>Does nobody have any ideas on this?

Bri wrote:

I've just started checking this out. I've got it to work alright with one
exception. It is a secured MDE, so I've setup all the INI file options for
it. The problem is that the UserID I setup for it to use to do the version
test, seems to need more than the claimed 'minimum rights'. I haven't
figured out what specifically it needs rights to, but it is somewhere
between our base level (does not have access to sensitive data) and our
Manager level (has everything except Administrate rights). I would like this
ID to have ONLY what is required to do its function. Does anyone know what
it is?

Thanks!

--
Bri

Jan 2 '07 #6

P: n/a
Bri
Hi Gunny,

'69 Camaro wrote:
Hi, Bri.

>>If you have used Tony's Updater on a MDE with Workgroup security, then the
questions are not vague. I suppose they could seem so to those that haven't.


Those are precisely the folks reading your question. It was a holiday week,
followed by a holiday weekend when you posted your question and follow up. Many
of the folks who regularly browse this newsgroup were busy with holiday cheer,
not chained to their computers. It would be very difficult this time of year to
find someone who is familiar with all three of those items on your list _and_
who answers questions in this newsgroup. Perhaps now that most folks are back
to work this morning, more will respond to your question.
I know that the timing sucked, but it was for something I was deploying
when I could guarantee that nobody at the clients was using the previous
version. I've got it working with the userID in a group that has more
right than I would like, but it is working. I would like to scale back
that userID's rights to only those required to do what it needs to do.
>>I cannot get it to work with limited rights, only with admin rights.


Either the AutoFE can't decypher the encrypted password for this "limited
rights" user, or this "limited rights" user is a member of a group that has
doesn't have enough permissions to open/run the database (or open the database
exclusively if that's the requirement). Or it's one of the myriad of other
problems Access developers new to User-Level Security often encounter when
deploying databases in a multiuser environment after they've skipped a step or
three, but you already ruled that out by manually logging into the secure
database as the limited user with that particular workgroup file on one of the
user's workstations. Or did you? (Yes, a Windows shortcut which includes the
workgroup file can be used for this test instead.)
The AutoFE has no problems with the password. I changed the group that
the userID was in and it then worked. Yes, I logged in with the userID
(that's how I set the password for it vs using DAO). A windows shortcut
with the /workgroup parameter was the way we were accessing the app
prior to moving to the AutoFE. I am not new to UserGroup security, only
to the AutoFE. I don't know what process it is doing that requires the
rights, so I don't know what rights need to be given.

Through trial and error, I have determined that the required right falls
somewhere between our standard Employee rights (ie limited access to
certain tables) and our Manager rights (all access to data but no Admin
rights). So, it isn't the admin rights that were required. I feel more
compfortable with this level than with Admin, but would still prefer
that I grant only the minimum needed.

Thanks for sticking with this. I'm assuming now that I need to contact
Tony to determine exactly what rights are needed. Maybe he's back to
work today too?

--
Bri

Jan 2 '07 #7

This discussion thread is closed

Replies have been disabled for this discussion.