(re)read the Microsoft Access security FAQ
and take locks of backups whilst you are making changes to the security
as a further wrinkle you can use the API calls to retrieve the nework name, computer ID and other stuff..do a google on Dev Ashish Api
one technique I have used is to use the network logon ID, slo a user doesn't have to create a new password, passowrd security is handled by the OS not your applciation.
for each user you want to have access to the Access application define them in a common workgroup file. define appropriate user groups for your required security model. associate specific users with appropriate user groups.
using the security library, forget what its called (might be ADO Security) but its in the refernences in your code window. put a call in each form / reports on open event which calls a function. usually that call takes the form of a (UDF) function call to
which returns a boolean value which is returned in the open events cancel argument
cancel = NOT IsUserAMemberOf("ReadOnlyUsers")
the not inverts the response of the function, if they are a member of the group then the function will return true, but the cancel function expects a 'true' to refuse opening, ' false' to allow opening.
you can also use the function to say set form properties, so if they are have readonly permission then set appropriate permissions as required. its actually safer to set the default read only state and then allow permissions if they can edit or are admin
I'd rather be riding on the Tiger 800 or the Norton