Microsoft KB Archive/234343

= ACC2000: How to Secure Database Diagrams in a Microsoft Access Project =

Article ID: 234343

Article Last Modified on 1/26/2005

-

APPLIES TO


 * Microsoft Access 2000 Standard Edition

-



This article was previously published under Q234343



Advanced: Requires expert coding, interoperability, and multiuser skills.

This article applies only to a Microsoft Access project (.adp).



SUMMARY
When you create a database diagram in a Microsoft Access project, it is not stored on SQL Server or Microsoft Data Engine (MSDE) as an object (as a table, a view, or a stored procedure would be).

Database diagrams are dynamically rendered, based on information gathered by a series of stored procedures in your user database. These stored procedures are normally hidden. Because database diagrams do not exist as true objects, the SQL Server Security Tools included in an Access project do not offer a way to directly modify their security permissions.

You can prevent users from viewing any database diagrams in a user database by denying EXECUTE permissions on the dt_getobjwithprop and dt_getpropertiesbyid stored procedures. However, there is no way to selectively allow users access to some database diagrams and deny access to others.



MORE INFORMATION
To secure database diagrams in a Microsoft Access project, follow these steps. The steps create a test SQL Server logon and user account, and then set the permissions of the new user account so that it may not access database diagrams.
 * 1) Open the sample Access project, NorthwindCS.adp.
 * 2) On the Tools menu, click Security, and then click Database Security.

NOTE: To complete the next steps, you must use a logon and user account with System Administrator privileges when connecting NorthwindsCS.adp to its back-end data source.
 * 1) On the Server Logins tab, click Add.
 * 2) On the General tab, specify testUser in the Name text box.
 * 3) Click the Database Access tab and grant testUser permissions to access the NorthwindCS database. Click OK.
 * 4) In the SQL Server Security dialog box, click the Database Users tab.
 * 5) Select testUser, and click Edit.
 * 6) Click Permissions.
 * 7) Examine the list of objects in the database, and locate the dt_getobjwithprop and dt_getpropertiesbyid stored procedures.
 * 8) In the object list, DENY permissions to EXECUTE each stored procedure mentioned in step 9.
 * 9) Click Apply, click OK, and close the Database User Properties dialog box.
 * 10) Close the SQL Server Security dialog box, and then in the Database window, click Database Diagrams.
 * 11) Double-click the database diagram named Relationships. Because you are currently connected to the SQL Server or MSDE as a system administrator, it should open.
 * 12) Examine and close the database diagram.
 * 13) On the File menu, click Connection.
 * 14) Modify the connection properties of your Access project so that you log on as testUser with no password. Click Test Connection.
 * 15) Click OK to return to the Database window.

Note that the Relationships database diagram is no longer visible in the database diagram list.

