Reading down your code, as soon as I got to this line warning bells went off:
sql="Select * from adminuserdata where username='" & username & "'"
You have left your code wide open to a SQL injection attack here. If I were you, I would read through some articles on Google on Sql Injection attacks, and see how they can be used here to blow your permissions wide open.