Why does the minimum permission for read only access to an ms access database not mention about any permission requirement on the .laccdb (lock file)?

Question

Link: https://docs.microsoft.com/en-us/office/troubleshoot/access/lock-files-introduction#required-folder-privileges

If you plan to share a database, the database file should be located in a folder where users have read, write, create, and delete privileges. Even if you want users to have different file privileges (for example, some read-only and some read-write), all users sharing a database must have read, write, and create permissions to the folder. You can, however, assign read-only permissions to the .accdb or .mdb file for individual users while still allowing full permissions to the folder.

For the purpose of this questions, assume that we have given the minimum folder permissions for a user (say User2) to have read only access to an access database. As per the above quote, the minimum permission is read, write, and create at the folder level only [no flowing of this permission to the files in the folder]. And read permission at the access file (.accdb) level.

Why is create permission mentioned? Marking read/write automatically allows user to create files in the folder - so why is create mentioned specifically?
Under which user account is the .laccdb (lock file) created?
In the following scenario: Say User1 with full folder level permissions has opened the access file. This will auto create the lock file. Now User2 open the access file (note this file is already opened on User1's PC). Now the User2 does not have any permission on the lock file. Is this permissible in read only access?

Users must be able to create, maintain, and delete the lock file, thus - apart from admin rights - have full access to the folder. — Gustav
The msdn link is not clear in the sense that it only says FOLDER PERMISSION, doesnt say anything about inheriting that for the lock file — variable
I guess that is because the user shouldn't bother. He/she, not even an admin, will never have to deal with that file. — Gustav
But for example - if the user is assigned read/write permission to the folder only; and the user is assigned read only permission to the access database file; and the permission is not inherited by the files in the folder (due to company security policy), then the lock file will never get created, and user can never use the access db in shared mode. — variable
True. That's why users need create and delete rights as well. — Gustav

Gustav Gustav · Accepted Answer · 2021-05-12T17:46:21

The point is, that the lock file isn't there, thus permissions must be set on the folder to allow for both the initial creating of the file (by the first user), the subsequent reading and writing as users come and go, and the final deleting (by the last user).

To achieve this, allow at least Modify, Read & Execute, Read, Write:

Also, don't forget the share permissions. These you will typically set to Full Control.

Why does the minimum permission for read only access to an ms access database not mention about any permission requirement on the .laccdb (lock file)?

1 Answers