Microsoft Office 2000/Visual Basic Programmer's Guide |
To set permissions on an object by using ADOX, you use the SetPermissions method of the group or user you want to grant or revoke permissions for. As mentioned previously, User-Level security will be much easier to manage if you set permissions only for groups, and then assign users to the appropriate groups. However, the SetPermissions method can be used for users as well as groups.
The syntax for the SetPermissions method has the following format:
GroupOrUser.SetPermissions(Name, ObjectType, Action, Rights[, Inherit][, ObjectTypeID])
The Name argument is a Variant value specifying the name of the object to set permissions for. If you want to set permissions for all objects of the specified type, set the Name argument to Null, and set the optional Inherit argument as specified later in this section. If you want to set permissions for the database itself, set the Name argument to Null, and set the ObjectType argument to adPermObjDatabase. The ObjectType argument is a Long value specifying the type of object you are setting permissions for. For Access databases, the ObjectType argument can be specified by using the following constants.
Constant | Description |
adPermObjProviderSpecific | Object is of a provider-defined type. This constant is required to set permissions for Access forms, reports, and macros. If you use this constant, you must also set the ObjectTypeID argument to the appropriate globally unique identifier (GUID), as shown later in this section. An error will occur if the ObjectType argument is adPermObjProviderSpecific and an ObjectTypeID argument value is not supplied. |
adPermObjTable | Object is a table. |
adPermObjDatabase | Object is a database. |
adPermObjView | Object is a query that returns records, such as a select query. |
adPermObjProcedure | Object is a query that does not return records, such as an action query. |
The Action argument is a Long value specifying the type of action to perform when setting permissions. For Access databases, the Action argument can be specified only when you are using the adAccessSet constant. The adAccessSet constant specifies that the group or user will have exactly the requested permissions.
The Rights argument is a Long value containing a bitmask indicating the permissions to set. The Rights argument can consist of a single constant or, if you want to set several permissions at once, you can use the Or operator to combine the constants for the permissions you want to set. For Access databases, you can specify the Rights argument by using the constants in the following table.
Constant | Description |
adRightExecute | The group or user has permission to execute the object. |
adRightExclusive | The group or user has permission to open the object exclusively. |
adRightRead | The group or user has permission to read records. |
adRightUpdate | The group or user has permission to update (modify) records. |
adRightInsert | The group or user has permission to insert (add) new records. |
adRightDelete | The group or user has permission to delete records. |
adRightDrop | The group or user has permission to drop (delete) the object. |
adRightReference | The group or user has permission to reference the object. |
adRightCreate | The group or user has permission to create the object. |
adRightWithGrant | The group or user has permission to grant permissions on the object. |
adRightReadDesign | The group or user has permission to read the design of the object. |
adRightReadPermissions | The group or user has permission to read the permissions of the object. |
adRightWriteDesign | The group or user has permission to change the design of the object. |
adRightWriteOwner | The group or user has permission to change the owner of the object. |
adRightWritePermissions | The group or user has permission to change permissions on the object. |
adRightNone | The group or user has no permissions on the object. |
adRightMaximumAllowed | The group or user has the maximum allowed permissions on the object. (For Access databases, use the adRightFull constant instead.) |
adRightFull | The group or user has all permissions on the object. |
The Inherit argument is an optional Long value that is used if you set the Name argument to Null to determine how permissions will be applied to new objects of the type specified by the ObjectType argument. Setting the Inherit argument will not affect existing objects of the specified type; only new objects created after setting the Inherit argument will be affected. For Access databases (.mdb), you can specify the Inherit argument by using the constants in the following table.
Constant | Description |
adInheritNone | Permissions will not be inherited by new objects. (Default) |
adInheritObjects | Permissions will be inherited by new objects of the type specified in the ObjectType argument. Use this setting to set permissions on new objects. |
adInheritContainers | This setting doesn't apply to Access databases. However, if you use it, it will have the same effect as using adInheritObject because the Microsoft Jet 4.0 OLE DB provider will accept any nonzero value for the Inherit argument to apply permissions for new objects. |
adInheritBoth | Same as using adInheritContainers. |
adInheritNoPropagate | Same as using adInheritContainers. |
For Access databases, to set permissions for forms, reports, and macros you must set the ObjectType argument to adPermObjProviderSpecific and set the ObjectTypeID argument to a Variant value that specifies the GUID for the object. The GUIDs to use for Access forms, reports, and macros are listed in the following table.
Object | GUID |
Form | {c49c842e-9dcb-11d1-9f0a-00c04fc2c2e0} |
Report | {c49c8430-9dcb-11d1-9f0a-00c04fc2c2e0} |
Macro | {c49c842f-9dcb-11d1-9f0a-00c04fc2c2e0} |