使用SQL更改MS-Access中的* .mdw权限? [英] Changing *.mdw permissions in MS-Access using SQL?

问题描述

是否可以查询和/或更改Microsoft Access *.mdw安全文件中存储的权限?

Is it possible to query, and or change permissions that are stored in a Microsoft Access *.mdw security file?

我真的很厌倦了使用UI列出每个用户的权限并将其全部写下来以查看它们是什么...我看着MSys*表的标题，但没有看到那里的任何看起来像用户或权限表的东西(至少在我连接到该文件的数据库中……我想可能是它在* .mdw文件中，但在某处，但我无法通过我连接的数据库访问它.我具有管理员权限，不是吗.

I'm getting really tired of using the UI to list the permissions for each user and write them all down to see what they are...I looked at the titles of the MSys* tables and I don't see anything in there that looks like a user or a permissions table (well at least in the database I'm connected to with the file...my guess would be that it's in the *.mdw file, somewhere but that I can't get to it through the database I'm connected to. I have admin rights, so that isn't it.

推荐答案

您当然可以编写代码来更改用户权限.

You can certainly write code to change user permissions.

将用户权限限制为安全组的成员身份是100％的选择.如果您严格遵守此规则，则用户权限永远不会存储在数据库中，而只会存储在工作组文件中.因此，这使得管理非常容易. (希望这是针对您的情况).

It is 100% your choice to limit user permissions to membership in security groups. If you by sheer discipline follow this rule then the user’s permissions are NEVER stored in the database but only in the workgroup file. This thus makes management VERY easy. (hopefully this was done in your case).

您当然可以选择不遵循上述规则，结果是现在用户权限将同时存在于工作组文件和数据库文件中.当然，这会造成混乱，因为您将无法在非现场的系统副本上进行开发.然后，安全管理就变成了一个真正的动物园.

You of course can choose to NOT follow the above rule and the result is now user permissions will exist in both the workgroup file and that of the database. This of course creates a real mess since then you cannot develop on a copy of the system off site for example. And management of security then becomes a real zoo.

我建议使用这样的UI来选择用户:

I suggest a UI like this to select a user:

然后是下一个屏幕，用于将该用户编辑/分配给安全组.

Then next screen is this to edit/assign that user to a security group.

结果是一个非常简单的UI.因此，要授予用户权限(例如允许其回溯日期发票等)，现在只需单击鼠标即可选择"给定的组.因此，该点击使该用户具有该安全组中的成员身份".

The result is a VERY simple UI. So to give the user permissions such as being allowed to back date invoices etc. is now a simple mouse click to "select" the given group. That click thus gives the user in question "membership" in that security group.

将用户添加到安全组的代码是这样的:

The code to add a user to security group is this:

Public Function AddToSecGroup(strUserName As String, strGroupName As String)

 ' adds a user to a group
 Dim uUser      As user
 Dim ws         As Workspace

 Set ws = DBEngine.Workspaces(0)

 Set uUser = ws.Groups(strGroupName).CreateUser(strUserName)
 ws.Groups(strGroupName).Users.Append uUser
 ws.Groups(strGroupName).Users.Refresh
 ws.Groups.Refresh
 ws.Users.Refresh


End Function

从安全组中删除用户的代码是这样的:

The code to remove a user from a security group is this:

  Public Sub RemoveFromSecGroup(strUserName As String, strGroupName As String)

     ' remove user from a group
     Dim uUser      As user
     Dim gGroup     As Group

     Set uUser = DBEngine.Workspaces(0).Users(strUserName)

     uUser.Groups.Delete strGroupName
     uUser.Groups.Refresh


  End Sub

更改用户密码的代码是:

The code to change a user password is this:

 Function ChangePassword(ByVal strUser As String, _
                          ByVal strPwd As String) As Integer

     Dim ws As Workspace
     Dim usr As user

     Set ws = DBEngine.Workspaces(0)
     Set usr = ws.Users(strUser)
     usr.NewPassword "", strPwd

 End Function

对于组成员身份，我使用以下方法:

And for group membership I use this:

  Public Function IsInGroup(UsrName As String, GrpName As String) As Boolean
  'Determines whether UsrName is a member of GrpName

      Dim grp As Group
      Dim IIG As Boolean
      Dim usr As user

      IIG = False

      For Each usr In DBEngine.Workspaces(0).Users
          If usr.Name = UsrName Then GoTo FoundUser
      Next

      GoTo IIG_Exit

 FoundUser:
      For Each grp In usr.Groups
          If grp.Name = GrpName Then IIG = True
      Next

 IIG_Exit:
      IsInGroup = IIG


  End Function

因此，我非常建议您按安全组来组织这些应用程序.结果是，给销售团队的人们一些新功能的使用成为一种简单的操作，而不是使25个销售人员一对一地成为某种形式.通过消除此重复"过程，您无需批量更新用户安全性，而只需将用户分配给安全组即可.

So I much suggest you organize these applications by security groups. The result is then it becomes one simple operation to give the sales group people use of some new feature in place of having to 25 sales people one by one to some form. By eliminating this "repetitive" process then you not need to wholesale update users security, but only assign users to security groups.

使用一些逻辑安全组通常可以消除更新许多"用户的大量需求，因为您现在只需将一件事添加到许多"用户具有成员资格的给定安全组中即可.此建议"适用于管理桌面时的Windows域系统，或者适用于Oracle或本例中的简单桌面系统(如Access).

Using some logical security groups can often eliminate much of the need to update "many" users since you now just adding one thing to a given security group in which "many" users have membership. This "suggestion" applies to windows domain systems when managing desktops, or to Oracle or in this case a simple desktop system like Access.

这篇关于使用SQL更改MS-Access中的* .mdw权限?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！