When a server owner installs Access Workflow Designer server components, the installation creates a Windows NT group called modAppOwners and adds DCOM permissions allowing members of that group to create applications.
Setup then creates a SQL Server login called <servername>\modAppOwners and adds the Windows NT modAppOwners group to the login. This login is added to the database creators role which has permissions necessary to create team solutions based on a template, create SQL databases, and register team solutions.
The modAppOwners Windows NT group is also added to the FrontPage Administrator group so that members can create Webs for team solutions.
To give a developer the appropriate permissions, a server administrator must add the developer's Windows NT domain account name to the Windows NT modAppOwners group.
User access and security for team solutions are based on SQL Server database users and roles. To add or remove users and roles or set permissions on database objects you can use existing SQL Server administration tools, such as SQL Enterprise Manager or the SQL Server Security dialog box in Access.
SQL Enterprise Manager is installed with SQL Server and opened from the SQL Server folder on the Start menu. For information about using it to add users and roles, see the SQL Server Books Online.
To open the Access SQL Server Security dialog box
-or-
Open the team solution Access project, and then, from the Access toolbar, open the Access Workflow Designer. From the Access Workflow Designer Tools menu, select Database Security.
For information about using this dialog box to add users and roles, search the Access online Help.
The Access Workflow Designer user directory stores information about the Windows NT domain users and groups using the team solutions on the server. Information about users, such as e-mail addresses, can automatically be synchronized from your Microsoft Exchange Server directory, or if you are not using Exchange Server, it can be entered manually. For more information, see Synchronizing User Information.
Note Whenever you add or remove a user, the information in the user directory will not be updated until it is synchronized.
The Access Workflow Designer provides an enhanced security feature for offline publications that makes it possible for you to set role-based access permissions on publications.
For each offline publication created with the designer, a SQL job is created that runs daily to update the SQL publications access to match the current membership of the roles you have granted access to the publication.
When you add or remove a user, the publication's access lists are not updated with the changes until the daily update jobs are run or you manually update the publication using the Recreate Publication command in the Access Workflow Designer.
Because Windows NT caches user credentials and SQL Server is using Windows NT authentication, any changes made to a user's Windows NT or SQL Server login accounts will not take affect until the user logs off and then logs back in. Therefore, if credentials are changed during an active connection, SQL Server will only recognize the new credentials after the user logs out and logs back in.