Share this Page URL
Help

Chapter 19. Implementing Security > Creating Groups - Pg. 653

Implementing Security Name Open Exclusive Description Used with a database object to determine whether the user or group can lock out other users when the database is opened by that user or members of that group. When to Use 653 Set this permission to true (selected) if a given user or individual member of a group in a multiuser en- vironment has a need to update or insert data that might conflict with other users. This permission is also necessary for those users who will need to en- code the database or perform other functions such as backup and setting up a database password. Set this permission to true when you want a user or group to have rights to open objects in Design view. If you need a specific user or group to be able to modify the design of a given object, enable this permission. Enable this permission if you want a user or group to be able to fully administer the database or a given object. A user with this level of permission can modify any aspect of the object, including changing permissions, so use caution when assigning this permission. You might enable this permission if you want a user or group to be able to read data from a given table but not write data to that table. This permission will allow users or groups to mod- ify existing data but not delete existing data or add new data. Enabling this property also enables Read Data. Enable this permission if you want a user to be able to insert a new record but not update or delete ex- isting records. Enabling this property also enables Read Data. This permission allows a user to delete records or data in fields but not insert new records or update existing data. Enabling this property also enables Read Data. Read Design When enabled, permits a user to view design ele- ments of the selected objects. This permits a user to open an object in Design view. When enabled, permits a user to view and change the design of objects and delete them. When enabled, permits a user to administer the se- lected object. Modify Design Administer Read Data When enabled, permits a user to read data from a query or table object. When enabled, permits a user to update the data in a query or table. Update Data Insert Data When enabled, permits a user to insert data into a query or table object. Delete Data When enabled, permits a user to delete data from a query or table object. Typically, you will want to separate your users into groups that can only read data and database objects and users that can both read and write to the database. There are other ways to divide users quickly. If you have a group of developers that will be working on the database itself but will not need access to the data stored in the database, you might give those developers read/write access to the design but not allow those developers to add records to the tables. Similarly, you might give your data consumers full access to the data but not access to the design (making it impossible for data consumers to modify the design of the database). For our purposes, let's keep it simple and create a read-only group and a read/write group. The former will be able to read both the design and the data, and the latter will be able to modify both the design and the data. Grouping permissions Some permissions automatically include other permissions such that it's not possible to select a given per- mission without including others. For example, if you select the Modify Design permission type, you automat- ically get Read Design, Read Data, Update Data, and Delete Data permissions. In fact, you can't deselect any of these others without also losing Modify Design. The reason for this is that for a user to modify the design of the database, he also will need to be able to read, update, and possibly delete data (due to changes in the structure of a table, for example). Be aware that giving a user or group one permission might mean giving that user or group other permissions that you might not want that user or group to have. Create a group and assign permissions