Results 1 to 11 of 11
  1. #1
    2 Star Lounger
    Join Date
    Jan 2009
    Location
    Rye, Victoria, Australia
    Posts
    152
    Thanks
    12
    Thanked 0 Times in 0 Posts
    I recently reorganised the security setup for a client's system and what happens now is that whenever a user starts up, he/she gets the well-known message "You do not have exclusive acess . . . and may not be able to save your work." The fact that the message occurs at all is odd, but the fact that it occurs exactly eight times and then goes away is really odd.

    I did some searches on various forums and found that the message does occur in all sorts of funny ways and apparently causes a lot of angst. I collected a list of things to check and from what I can see, there is no reason why the message should occur at all. For the record, here are the relevant system features and settings.

    1. Both the front-end and back-end are shared databases.

    2. All permissions are assigned to groups, not individual users. There is a hierarchy of four groups; Owners, Admins, Managers and Users. Each user is assigned to an appropriate group and to all groups lower in the hierarchy. Access to objects is assigned to only one group at the appropriate level. I did have Owners and Admins allowed exclusive access, but removed this in the course of my investigations. It made no difference. Now, exclusive access is specified only in the command-lines of the scripts used to open the database.

    3. The backend has complete access by all users, but is hidden away and members of the Managers and Users groups can only view it through the front-end forms, as the database window is turned off, as are the various workarounds to beat this situation.

    4. Each user has his/her own copy of the front-end.

    5. No actual losses of data have been reported.

    Another oddity is that the passwords are apparently being ignored. As Owner, I want to be able to set the passwords as users are anonymous, their login ID to the database being also set in the login scripts. These in turn can only be accessed when the right person logs in to the system as a whole. However, the only options I seem to have are to change the Database Password (and I am not certain what the role or usage of this is), my own password or to change a user password by deleting the user, recreating it and setting the password at that point. I am being rather tentative on this matter, as I do not want to risk compromising my clients heavily-used production system.

    Any advice will be gratefully received.

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    The error message "You do not have exclusive access . . . and may not be able to save your work" does not have to do with user-level security as far as I know. It means that changes are being made to the design of a form or report while somebody else has the database open.

    You'll have to log in as a user to change that user's password.

  3. #3
    2 Star Lounger
    Join Date
    Jan 2009
    Location
    Rye, Victoria, Australia
    Posts
    152
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Hi, Hans,

    [quote name='HansV' post='790078' date='21-Aug-2009 10:15']The error message "You do not have exclusive access . . . and may not be able to save your work" does not have to do with user-level security as far as I know. It means that changes are being made to the design of a form or report while somebody else has the database open.

    You'll have to log in as a user to change that user's password.[/quote]

    I concur with your interpretation of the message, Hans. However, there is no one changing anything and all of the users (with no design privileges) are getting the message. Two possibilities come to mind. Perhaps a lock file (.ldb) is being left behind when the last user is gone and this is misinterpreted when the next user logs on. There is also another (rather farfetched) possibility. I log onto the system from a distance using rdp.exe. This takes over a PC from another user. Even when I know everyone has gone home, the system often still asks me if I want to force the previous user off. Perhaps after I log out, the system still thinks there is someone there and gives the next user the same message. As I have been (probably) making changes, my ghost may be still there in the system somewhere.

    All of the login names for the users are anonymous, e.g. RoastUser1, RoastUser2, etc. These names are built into desktop icons on the users' PCs. It is a simple matter for me to delete these arbitrary user names, re-insert them and put in a new password if necessary. However, I would only do this if I were building a new .mdw from scratch and then asserting it as the one to be used when opening the database.

    On a related matter, the access permissions for front-end objects are stored in the front-end database itself and not in the security file. If I export any objects, do their access permissions go with them ? One would hope not, but you never know. I am even thinking about creating a new blank database, exporting everything to it and applying a totally new security regime, instead of adapting the old one as I have done hitherto and which may be carrying baggage I don't know about (it is 15 years old, after all ! ).

    Regards,

    Jim

  4. #4
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    I don't think permissions travel with database objects when you import or export them, but I'm not 100% sure. I'd perform a test with one or two objects to make sure.

  5. #5
    2 Star Lounger
    Join Date
    Jan 2009
    Location
    Rye, Victoria, Australia
    Posts
    152
    Thanks
    12
    Thanked 0 Times in 0 Posts
    [quote name='HansV' post='790082' date='21-Aug-2009 10:09']I don't think permissions travel with database objects when you import or export them, but I'm not 100% sure. I'd perform a test with one or two objects to make sure.[/quote]
    I was afraid you would say that, Hans. A bit more tedious and (for a studiously honest guy like me) unpaid work. However, I will try it out and report as a matter of interest to the forum.

    I did find a solution to the problem of updating passwords for other users (in my capacity as "Owner" of course - one would not want just anybody to mess about like this ! ). The database I now look after was originally maintained by the authors who looked after all development and security on behalf of my (captive ?) client. I found a little hidden form and module that they used to change passwords.

    I attach it to this post. You might find it useful for your code base.

    Regards,

    Jim
    Attached Files Attached Files

  6. #6
    2 Star Lounger
    Join Date
    Jan 2009
    Location
    Rye, Victoria, Australia
    Posts
    152
    Thanks
    12
    Thanked 0 Times in 0 Posts
    As an addendum to my previous post, I have done some testing of the export process with its effect on security. The results I got were as follows:

    1. If it is a new database, or one where no formal security has been established, the user "admin" has full privileges over the object exported.

    2. If there is a security regime and a user named "Owner" has been established, "Owner" has full privileges and "admin" has none.

    No other security details are exported.

    The objects I tested were a form and a table.

  7. #7
    2 Star Lounger
    Join Date
    Jan 2009
    Location
    Rye, Victoria, Australia
    Posts
    152
    Thanks
    12
    Thanked 0 Times in 0 Posts
    I have obtained another useful nugget of information on the "exclusive access" message problem from a colleague in another forum. He suggests that the problem often arises from a corrupted .ldb file (the one that lists users logged in to the database). I think he might be right, as I have noted that on quite a few occasions, the .ldb file persists after the last user has logged out. When I try and delete the file, it tells me that I cannot do that because other users are still logged in ! This might also explain the weird multiple occurrences of the message, which could be due to the .ldb file containing details of multiple sessions for the developer, which have not been correctly terminated.

    I hope this is useful.

  8. #8
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    I don't know why .ldb files would be left behind - this usually only happens if Access crashes.

    You can use a utility such as Unlocker (free) to delete a locked .ldb file (do this only if you're certain there's really nobody using the database)

  9. #9
    Bronze Lounger
    Join Date
    Jan 2001
    Location
    Alzano Lombardo, Italy
    Posts
    1,483
    Thanks
    0
    Thanked 0 Times in 0 Posts
    [quote name='jim_from_oz' post='790418' date='24-Aug-2009 04:51']I have obtained another useful nugget of information on the "exclusive access" message problem from a colleague in another forum. He suggests that the problem often arises from a corrupted .ldb file (the one that lists users logged in to the database). I think he might be right, as I have noted that on quite a few occasions, the .ldb file persists after the last user has logged out. When I try and delete the file, it tells me that I cannot do that because other users are still logged in ! This might also explain the weird multiple occurrences of the message, which could be due to the .ldb file containing details of multiple sessions for the developer, which have not been correctly terminated.

    I hope this is useful.[/quote]
    Such thing happens to me if there are instances of MSAccess.Exe still running hidden. I check processes in the task manager and then kill it if it's still running.

  10. #10
    2 Star Lounger
    Join Date
    Jan 2009
    Location
    Rye, Victoria, Australia
    Posts
    152
    Thanks
    12
    Thanked 0 Times in 0 Posts
    Thanks for that tip, Grovelli. I checked and there were no MSAccess processes running. However, you did set off a new train of thought. I downloaded my client's entire database (front-end, back-end, security file and user shortcuts) and set it up on my system (right down to the same disk-drive). It ran perfectly. No messages at all. This leads me to think that there is a more general system problem somewhere, so I might turn it over to the sysadmin. What intrigues me is that the message comes up for all users (privileged or not) exactly eight times. If it was stalling somewhere, one might expect an endless loop. It would appear that we must look for exactly eight occurrences of whatever it is that is causing the problem. Hey, could it be malware of some kind ??

  11. #11
    2 Star Lounger
    Join Date
    Jan 2009
    Location
    Rye, Victoria, Australia
    Posts
    152
    Thanks
    12
    Thanked 0 Times in 0 Posts
    My client had a problem with his database and, as my copy was the most recent backup (in effect), he asked me to backload my copy to his system. I did this, and - would you believe it - those pesky error messages have gone away ! Just don't ask me why - though i could speculate endlessly. Thanks for all your help, anyway, guys.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •