Permission Manager (Add-In for Microsoft Access 2.0)

Contents:
=========

1. Purpose
2. Requirements
3. Installation
4. Start and Usage
5. General hints for assigning permissions
6. Exclusion of liability 
7. Comments and suggestions

You are entitled to install and use the Permission Manager 
Version CS 1.0 on as many PCs in your installation as you 
want, provided you have read, understood and agreed to 
section 6 (Exclusion of liability). The author keeps the 
right to market this or future enhanced versions of the 
Permission Manager.

The user interface is in German. Under normal circumstances 
this shouldn't be a problem. You will find a list with the 
translated German strings at the end of this file.

The Add-In Permission Manager does not change system tables 
directly but only via usage of documented Access Basic 
functions (Data Access Objects). The SystemDB SYSTEM.MDA will 
not be updated.


1. Purpose
==========

The Permission dialog box shows only the permissions for a 
specific user or a specific group. This makes it likely to 
oversee the explicit permissions which a user may inherit 
from the groups he belongs to.

The Permission Manager lets you get rid of this limitation. 
It shows in one dialog all permissions of a specific user for 
a specific object. So not only the user's own permissions are 
visible but at the same time the permissions of all groups he 
belongs to. Furthermore it is possible to change permissions 
in the same dialog box - for the user and his groups as well.

The Permission Manager replaces most functions of the 
Permissions command in the Security Menu and adds a couple of 
powerful features: 

*  It shows all groups a specific user belongs to
*  It shows the owner of the object, if this information is
   available
*  On the first glance you can examine the explict and the
   implicit permissions of the user
*  You are able to change permissions for the user and all 
   of the groups, which she or he belongs to, in the same
   dialog box. The results are updated immediately.


2. Requirements
===============

The Permission Manager requires Microsoft Access 2.0. It 
runs in either an unsecured system or in a secured system 
when you log on as a user of the Admins group.


3. Installation (via Add-in Manager)
=====================================

1.  Start Access and open a database.
2.  Choose the Add-ins command in the File menu and then 
    Add-in Manager.
3.  Choose the command button "Add New" in the dialog box
    Add-in Manager.
    The dialog box Add New Library is displayed.
4.  Select the file GM_PERM.MDA and choose "OK".
    The new entry "Berechtigungs-Manager" will be added to
    the listbox "Available Libraries". It is marked with
    an X in front of its name. 
     (Note: As mentioned before, the UI is in German, and 
      "Berechtigungs-Manager" means "Permission Manager".)
5.  Choose "OK".
6.  You will have to restart Access to make the changes 
    effective.


4. Start and usage
==================

1.  Start Access and open the database in which you want
    to view or change permissions.
2.  Choose the Add-ins command in the File menu and then 
    Berechtigungs-Manager.
    The dialog box "Info" is displayed and the Permission
    Manager is prepared.
    The Berechtigungs-Manager dialog box appears some
    seconds later.
3.  Select the desired entries in the combo boxes "Benutzer"
    (User) and "Objekttyp" (Object Type). Select then the
    desired object in the listbox "Objektname" (Object Name).
    In the lower part of the dialog the permissions of 
    the user and all his groups are shown. The first line 
    always shows name and permissions of the user, and the
    lines 2 to n (the exact number depends of the number of
    groups he belongs to) show the permissions for his
    groups. 
    In the light blue bar you will see the combined 
    permissions of this user for the selected object. 
    That means you see her/his own permissions (explicit)
    and the implicit permissions inherited from her/his
    groups.
4.  You may now change the permissions for the user or 
    one or more of his groups. The chechboxes in the light
    blue area reflect the combined permissions and cannot 
    be updated. While your changes are written and the
    entries updated the symbol of a light bulb is 
    displayed. When it disappears your changes are done 
    and the dialog shows the combined results.


5. General hints for assigning permissions
==========================================

Before you start changing permissions you should perform a 
backup of your database. Don't forget this - under no
circumstances! Under certain conditions you could lock
yourself out of the database and will not be able to restore 
your permissions.

When you assign permissions, sometimes other permissions are 
automatically granted as well. For instance, if you assign 
the permission Administer, all other permissions are also 
assigned. In the other direction some changes also result in 
automatic assignments. If you deactivate the permission Data 
Read for a table, the permission Administer will be 
deactivated as well.

Please note that changing the permissions for a group may 
(and often will) have impact on the combined permissions not 
only for the shown user but for all users of this group as 
well.
There is one (known) difference between assigning permissions 
with the Permission Manager and using the Permissions command 
in the Security menu. The Permissions command automatically 
assigns an account the right to change the owner of the 
object, if you assign the permission Administer. This is not 
true with the Permission Manager. When you assign the 
permission Verwalten (Administer) to a user or a group, does 
this not include the right to change the owner of the object.

If you are not the owner of an object:

As a member of the Admins group you are able to assign 
permissions for objects you don't own, if the group Admins 
has the right to Administer. This is also true for the 
permission Verwalten (Administer). Please be cautious: You 
can deactivate this permission but not reassign it. Only the 
owner of the object can do this. You cannot change the 
permissions for an user who is the owner of this object. 


6. Exclusion of liability
=========================

The software is distributed on an as-is-basis without any 
service and guarantee. The author is not obliged to improve 
the Add-In or to correct bugs. The software may contain bugs 
and could damage your security scheme for a database. So you 
will use the software on your own risk. If you cannot agree 
with these terms you are not authorized to use the software.


7. Comments and suggestions
===========================

Your comments, critics and suggestions are highly 
appreciated.

Norbert Mei
DV-Lsungen & Dokumentation
Heerstr. 49, 40764 Langenfeld
Bundesrepublik Deutschland
Tel.: (49) 2173 / 91802-2
Fax:  (49) 2173 / 91802-8
CompuServe: 100113,2115



Translation of German strings:

Berechtigungs-Manager       Permission Manager

Benutzername                User Name
Objekttyp                   Object Type
Schlieen                   Close
gehrt zu den Gruppen       belongs to groups
Objektname                  Object Name
Sie sind angemeldet als     Your are logged on as
Eigentmer dieses Objekts   Owner of this object
Ausf.                       Open/Execute
Entwurf                     Design
Lesen                       Read
ndern                      Modify
Verwalten                   Administer
Daten                       Data
Lesen                       Read
Aktualisieren               Update
Einfgen                    Insert
Lschen                     Delete

Values in the combo box Objekttyp:

Tabellen                    Tables
Abfragen                    Queries
Formulare                   Forms
Berichte                    Reports
Makros                      Scripts
Module                      Modules


PS.
If I receive enough requests I may submit an international 
version of this Add-in. (if I can find the time ...).
