Group Object

Description

A Group object represents a group of user accounts that have common access permissions when a Workspace object operates as a secure workgroup. (Microsoft Jet workspaces only).

Remarks

You create Group objects and then use their names to establish and enforce access permissions for your databases, tables, and queries using the Document objects that represent the Database, TableDef, and QueryDef objects with which you're working.

With the properties of a Group object, you can:

  • Use the Name property of an existing Group object to return its name. You can't return the PID property setting of an existing Group object.
  • Use the Name and PID properties of a newly created, unappended Group object to set the identity of that Group object.
You can append an existing Group object to the Groups collection in a User object to establish membership of a user account in that Group object. Alternatively, you can append a User object to the Users collection in a Group object to give a user account the global permissions of that group. If you use a Groups or Users collection other than the one to which you just appended an object, you may need to use the Refresh method to refresh the collection with current information from the database.

The Microsoft Jet database engine predefines three Group objects named Admins, Users, and Guests. To create a new Group object, use the CreateGroup method on a User or Workspace object.

To refer to a Group object in a collection by its ordinal number or by its Name property setting, use any of the following syntax forms:

Groups(0)

Groups("name")

Groups![name]

Properties

Name property, PID property.

Methods

CreateUser method.

See Also

CreateGroup method.

Specifics (Microsoft Access)

You can create Group objects to establish and enforce permissions for Microsoft Access database objects as well as for Data Access Objects. For example, you can set security for forms, reports, macros, and modules.

A Group object has a Name property that you can use in setting permissions for a Container or Document object. For example, you can assign the value of a Group object's Name property to the UserName property of a Container or Document object. You can then set the Permissions property of the Container or Document object to establish permissions for the group of users defined by the UserName property. Or you can read the Permissions property to determine existing permissions for that group.

Example

This example illustrates the use of the Group and User objects and the Groups and Users collections. First, it creates a new User object and appends the object to the Users collection of the default Workspace object. Next, it creates a new Group object and appends the object to the Groups collection of the default Workspace object. Then the example adds user Pat Smith to the Accounting group. Finally, it enumerates the Users and Groups collections of the default Workspace object.

Sub GroupX()

    Dim wrkDefault As Workspace
    Dim usrNew As User
    Dim usrLoop As User
    Dim grpNew As Group
    Dim grpLoop As Group
    Dim grpMember As Group

    Set wrkDefault = DBEngine.Workspaces(0)

    With wrkDefault

        ' Create and append new user.
        Set usrNew = .CreateUser("Pat Smith", _
            "abc123DEF456", "Password1")
        .Users.Append usrNew

        ' Create and append new group.
        Set grpNew = .CreateGroup("Accounting", _
            "UVW987xyz654")
        .Groups.Append grpNew

        ' Make the user Pat Smith a member of the
        ' Accounting group by creating and adding the
        ' appropriate Group object to the user's Groups
        ' collection. The same is accomplished if a User
        ' object representing Pat Smith is created and
        ' appended to the Accounting group's Users
        ' collection.
        Set grpMember = usrNew.CreateGroup("Accounting")
        usrNew.Groups.Append grpMember

        Debug.Print "Users collection:"

        ' Enumerate all User objects in the default
        ' workspace's Users collection.
        For Each usrLoop In .Users
            Debug.Print "    " & usrLoop.Name
            Debug.Print "        Belongs to these groups:"

            ' Enumerate all Group objects in each User
            ' object's Groups collection.
            If usrLoop.Groups.Count <> 0 Then
                For Each grpLoop In usrLoop.Groups
                    Debug.Print "            " & _
                        grpLoop.Name
                Next grpLoop
            Else
                Debug.Print "            [None]"
            End If

        Next usrLoop

        Debug.Print "Groups collection:"

        ' Enumerate all Group objects in the default
        ' workspace's Groups collection.
        For Each grpLoop In .Groups
            Debug.Print "    " & grpLoop.Name
            Debug.Print "        Has as its members:"

            ' Enumerate all User objects in each Group
            ' object's Users collection.
            If grpLoop.Users.Count <> 0 Then
                For Each usrLoop In grpLoop.Users
                    Debug.Print "            " & _
                        usrLoop.Name
                Next usrLoop
            Else
                Debug.Print "            [None]"
            End If

        Next grpLoop

        ' Delete new User and Group objects because this
        ' is only a demonstration.
        .Users.Delete "Pat Smith"
        .Groups.Delete "Accounting"

    End With

End Sub
Example (Microsoft Access)

The following example creates a new User object and appends it to the Users collection of a Workspace object. It then creates a new Group object and appends it to the Groups collection of the Workspace object. The new Group object is also appended to the Groups collection of the User object. The new group is then given modify and delete permissions for modules.

Note that in order to assign users to groups, you must either append a User object to the Users collection of a Group object, or append a Group object to the Groups collection of a User object. It doesn't matter which option you choose; either will result in the specified user being included in the specified group.

Note When programming security, you should avoid including password and PID information in your code. The following example is intended for demonstration purposes only.

Sub NewModulesGroup()
    Dim wsp As Workspace, dbs As Database
    Dim usr As User, grp As Group, grpMember As Group
    Dim ctr As Container

    ' Return referenct to default workspace.
    Set wsp = DBEngine.Workspaces(0)
    ' Return reference to current database.
    Set dbs = CurrentDb
    ' Create User object and append to Users collection
    ' of Workspace object.
    Set usr = wsp.CreateUser("Pat Smith", "123abc789xyz", "Password")
    wsp.Users.Append usr
    ' Create Group object and append to Groups collection
    ' of Workspace object.
    Set grp = wsp.CreateGroup("Programmers", "321xyz987abc")
    wsp.Groups.Append grp
    ' Append Group object to Groups collection of User object.
    Set grpMember = usr.CreateGroup("Programmers")
    usr.Groups.Append grpMember
    ' Refresh Groups collection of User object.
    usr.Groups.Refresh
    ' Return Container object.
    Set ctr = dbs.Containers!Modules
    ' Set UserName property of Container object.
    ctr.UserName = grpMember.Name
    'Add modify and delete permissions for new group on all modules.
    ctr.Permissions = ctr.Permissions Or acSecModWriteDef
    Set dbs = Nothing
    Set wsp = Nothing
End Sub