Results 1 to 5 of 5
  1. #1
    2 Star Lounger
    Join Date
    Mar 2004
    Location
    Christchurch
    Posts
    111
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi, I have a database with user level security in place and this seems to work well assuming the Windows user has joined the correct workgroup file via the workgroup administrator tool, i.e. a username and password is required to open the database and particular groups of users can access (or not) various tables or alter the design of a form etc.

    However a new Windows user, who is a member of the default workgroup file, is able to double-click the database file and open it without any prompts for a username and password, which is not what we want! I am obviously missing a key step in the process here but have gone around in circles trying to get this right, could someone please point me in the direction of what to do to fix this?

    Thank you,
    Roger

  2. #2
    Super Moderator
    Join Date
    Jun 2002
    Location
    Mt Macedon, Victoria, Australia
    Posts
    3,993
    Thanks
    1
    Thanked 45 Times in 44 Posts
    Users who use the default workgroup file, log in as a member of the group: Users so you should remove all Permissions from this group.
    Secondly the default account is Admin who is a member of the Admins group. Remove the Admin account from the Admins group. It remains a member of the Users group, but this group has no permission to do anything.

    You then need to create a new group to hold the people who really are allowed to use the database, and new Admin level accounts.
    Regards
    John



  3. #3
    2 Star Lounger
    Join Date
    Mar 2004
    Location
    Christchurch
    Posts
    111
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for your reply. I have a workgroup information file that has the appropriate users and group permissions already set up. The thing I am trying to prevent is the default situation of a new user created on a Windows machine being able to open the database given their default membership of a workgroup - without having to make any changes to that default workgroup file.

    It is a strange situation that someone could make a copy of the mdb database file on a memory stick or email it to themselves and be able to open it, is there not some way to alter permissions within the database itself to require a username and password, so that the first thing that needs to happen open it is to join the appropriate workgroup?

    I am aware that I could set a database password but didn't want users to have to enter a username/password, then a second password.

    Regards
    Roger

  4. #4
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,624
    Thanks
    3
    Thanked 60 Times in 60 Posts
    You don't need to use a database password, but you do need to point the new user to a secured version of the workgroup info file so that they can log in. If you do it properly, and secure both the Admin login, and the Users group, then a new user cannot connect to the database until they connect to the secured workgroup file. You should find Steps to Securing an Access Database ... useful. And you do need to follow the steps exactly or your database will either not be secure, or it will be inaccessible to even yourself. Moral of the story - make a copy. Also, be aware that there are a number of cracking tools that are available to people where really want to get into a secured database. Finally, you might find our tutorial on the subject of interest.
    Wendell

  5. #5
    2 Star Lounger
    Join Date
    Mar 2004
    Location
    Christchurch
    Posts
    111
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for all the replies. I believe I have this functioning OK now, once I started working through the steps things started to make sense - and I understood the first reply from John (which I originally did not). Another key point in my understanding comes via the idea that the users and groups info is in the workgroup file and the permissions in the database itself. Probably I did know that at one point and forgot, I only very rarely need to set up a new database and permissions.

    Once again, thanks for the help. Regards,
    Roger

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •