Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Impersonation Using VBA

298 views
Skip to first unread message

Bob

unread,
Oct 9, 2009, 4:25:08 PM10/9/09
to
We have an MDB that will need to impersonate a system user rather than
the user using it. IT will assign the security groups surrounding the
database. Security will be set so users can use the database, but
cannot read, write, execute within subdirectories beneath the MDB).
The database will handle the saves/deletes/renames of the files within
the subdirectories with VBA. To do so, it must impersonate a system
user. I have many years of experience writing Access applications and
VBA, but none with impersonations. We use A2003 SP3 with fe/be’s on a
LAN. Thanks for looking.

Bob

Rich P

unread,
Oct 9, 2009, 5:48:05 PM10/9/09
to
Being that Access is file based, I don't think Access security can
interface with the server Active Directory - not directly anyway. Even
if you wrote something in .Net to read the active directory - the .mdw
would have to load the users on startup of the Access application. I
don't think there are any hooks in Access for that. It is a nice
feature of sql server that you can assign active directory groups for
various sql functions, but I think the system would have to be server
based in order to use this functionality. Maybe it is doable in Access,
but someone will have to labor with it and come up with a sample app
that all can use.

Rich

*** Sent via Developersdex http://www.developersdex.com ***

Tom van Stiphout

unread,
Oct 9, 2009, 10:09:55 PM10/9/09
to
On 09 Oct 2009 21:48:05 GMT, Rich P <rpn...@aol.com> wrote:

Oh, Access *can* interface with AD, but I'm not sure that's a solution
to the OP's question.
Rather my understanding is he wants to run an app as another user, and
this other user presumably has better rights to accomplish the goals
of the app. This can be handled at the OS level: create a shortcut:
<path_to>msaccess.exe <path_to>your.mdb
and then use the advanced properties to run this app as another user.

-Tom.
Microsoft Access MVP

Bob

unread,
Oct 12, 2009, 10:40:16 AM10/12/09
to
Tom,

Your understanding is correct.

I have found that Advanced property selections are not available
(grayed out) on our 'locked down' PCs. I will be contacting IT to
have them give us access so we can test the possibility you offered.
Thank you to both you and Rich for your time. I will post the results
of our round #2.

Bob

Bob

unread,
Oct 22, 2009, 10:44:00 AM10/22/09
to
Tom/Rich,

As promised, I will share our resolution of this problem.

After having several meeting with IT and model office, we decided to
use the 'Run As' feature offered by Windows XP. Using the Admin
Script Editor, our IT folks will create an encrypted shortcut for us
to place on our users desktop's. When double clicked, the shortcut
will provide the run-as functionality as well as the predefined user
name and pwd. Then, the MDB will start and check to see that the
person is an authorized user - if unauthorized, it will kick them
out.

Any final suggestions would be appreciated.

Bob


0 new messages