Home  |   French  |   About  |   Search  | mvps.org  

What's New
Table Of Contents
10 Commandments 

In Memoriam

Terms of Use

VB Petition

General: Securing AllowBypassKey

Michael Kaplan

The Access help file documents the CreateProperty method as

Set property = object.CreateProperty (name, type, value, DDL)

where the last argument is documented as

Part Description
DDL Optional. A Variant (Boolean subtype) that indicates whether or not the Property is a DDL object. The default is False. If DDL is True, users can't change or delete this Property object unless they have dbSecWriteDef permission.

The CreateProperty method is used to create or set the AllowBypassKey property to true, which prevents a user from bypassing the startup properties and the AutoExec macro.  However, the sample code provided in the help files does not use the fourth DDL argument when making a call to CreateProperty. This means that anyone who can open the database can programmatically reset the AllowBypassKey value.

Therefore, in order to restrict the change capabilities to only the Admins, set the fourth argument to True when calling CreateProperty. And don't lock yourself out!

As a sample, here's how the CreateProperty method should be called in order to properly utilize the DDL argument. The current sample in Access Help Files is also listed below to help illustrate the differences.

' *********** Code Start ***********
'This code was originally written by Michael Kaplan.
'It is not to be altered or distributed,
'except as part of an application.
'You are free to use it in any application,
'provided the copyright notice is left unchanged.
'Code Courtesy of
'Michael Kaplan
Function ChangePropertyDdl(stPropName As String, _
 PropType As DAO.DataTypeEnum, vPropVal As Variant) _
 As Boolean
 ' Uses the DDL argument to create a property
 ' that only Admins can change.
 ' Current CreateProperty listing in Access help
 ' is flawed in that anyone who can open the db
 ' can reset properties, such as AllowBypassKey
    On Error GoTo ChangePropertyDdl_Err

    Dim db As DAO.Database
    Dim prp As DAO.Property

    Const conPropNotFoundError = 3270

    Set db = CurrentDb
    ' Assuming the current property was created without
    ' using the DDL argument. Delete it so we can
    ' recreate it properly
    db.Properties.Delete stPropName
    Set prp = db.CreateProperty(stPropName, _
     PropType, vPropVal, True)
    db.Properties.Append prp

    ' If we made it this far, it worked!
    ChangePropertyDdl = True

    Set prp = Nothing
    Set db = Nothing
    Exit Function

    If Err.Number = conPropNotFoundError Then
        ' We can ignore when the prop does not exist
        Resume Next
    End If
    Resume ChangePropertyDdl_Exit
End Function

Function ChangeProperty(strPropName As String, _
 varPropType As Variant, varPropValue As Variant) As Integer
' The current listing in Access help file which will
' let anyone who can open the db delete/reset any
' property created by using this function, since
' the call to CreateProperty doesn't use the DDL
' argument
 Dim dbs As Database, prp As Property
 Const conPropNotFoundError = 3270

 Set dbs = CurrentDb
 On Error GoTo Change_Err
 dbs.Properties(strPropName) = varPropValue
 ChangeProperty = True

 Exit Function

 If Err = conPropNotFoundError Then ' Property not found.
  Set prp = dbs.CreateProperty(strPropName, _
        varPropType, varPropValue)
  dbs.Properties.Append prp
  Resume Next
  ' Unknown error.
  ChangeProperty = False
  Resume Change_Bye
 End If
End Function
' *********** Code End ***********

1998-2010, Dev Ashish & Arvin Meyer, All rights reserved. Optimized for Microsoft Internet Explorer