Microsoft Office 2000/Visual Basic Programmer's Guide |
To read the permissions of an object by using ADOX, you use the GetPermissions method to return a Long value that specifies a bitmask for the permissions the group or user has on the object. The syntax for the GetPermissions method has the following format:
ReturnValue = GroupOrUser.GetPermissions(Name, ObjectType[, ObjectTypeID])
Just as with the SetPermissions method, the Name argument is a Variant value specifying the name of the object to set permissions for. If you want to read permissions for all new objects of the specified type, set the Name argument to Null. The ObjectType argument is a Long value specifying the type of object you are reading permissions for. For forms, reports, or macros, the ObjectType argument must be set to adPermObjProviderSpecific and the ObjectTypeID argument is set to a Variant value that specifies the GUID for the corresponding object. If you want to read permissions for the database itself, set the Name argument to Null, and set the ObjectType argument to adPermObjDatabase. For ObjectType argument constants and form, report, and macro GUIDs for the ObjectTypeID argument, see the tables for the SetPermissions method in "Setting Permissions" earlier in this chapter.
The GetPermissions method is useful for reading permissions to determine what permissions a user or group currently has.
The GetPermissions method is also useful when you are adding or removing permissions from an existing set of permissions:
Microsoft Jet User-Level security always uses the least restrictive set of permissions among the permissions granted to a user and to all groups to which that user belongs. This can have consequences that you may find confusing when you use the SetPermissions and GetPermissions methods.
To avoid these situations, revoke all permissions on all objects for the default Users group (the User-Level Security Wizard will do this for you) and don't assign permissions to individual users; assign permissions only to groups, and then assign users to the appropriate group. If possible, avoid assigning users to more than one group (in addition to the default Users group).