Results 1 to 4 of 4
  1. #1
    4 Star Lounger
    Join Date
    Jan 2003
    Location
    Central Florida, USA
    Posts
    505
    Thanks
    5
    Thanked 0 Times in 0 Posts

    Implementing levels of security (XP)

    I don't mean to be dense but I read Wendell's great summary of securing an Access database as well as the links from his site:
    207793 - Security FAQ Available in Download Center
    235961 - Security Manager Add-In Available in Download Center
    254372

  2. #2
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: Implementing levels of security (XP)

    I believe the answer is that a user who belongs to the Admin account can modify security settings, including resetting a user password, but I can't find that written down in the material I have at hand. In Access 2002, as long as the user is pointed at the .MDW file, you can edit security settings without having a database open, so you could give a clerical type the task of managing users, including adding new users. It is generally recommended that you remove all priviledges from both the Admin account and the Admins group if you really want to secure a database anyhow, so there wouldn't be any harm in putting the users in the Admins group, though I believe they could also change other people's group membership, which would create a potential risk. You would probably be better off to write some code to give a specific user the ability to reset the password, and not give them any other capabilities.
    Wendell

  3. #3
    4 Star Lounger
    Join Date
    Jan 2003
    Location
    Central Florida, USA
    Posts
    505
    Thanks
    5
    Thanked 0 Times in 0 Posts

    Re: Implementing levels of security (XP)

    Wendell,

    Thanks for the followup.
    You wrote:
    "It is generally recommended that you remove all priviledges from both the Admin account and the Admins group if you really want to secure a database anyhow, so there wouldn't be any harm in putting the users in the Admins group,"

    If I remove all priviledges from Admin account, would I then create another account with Admin priviledges that "CAN" modify objects?
    You would probably be better off to write some code to give a specific user the ability to reset the password, and not give them any other capabilities.

    When you say "You would probably be better off to write some code ", would that include creating some table to store users and passwords, or would I still be using Access' security?

    Thanks again.

  4. #4
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: Implementing levels of security (XP)

    When securing a database, you create a MyAdmin of some sort, and then create the secure database with them as the owner. You then create a MyAdmins group and give that group all of the usual admins permissions. (The names are just example names.) Thus MyAdmin can make design changes, do deletes of objects and so on, but someone who is using the default Admin account cannot get into the database or make changes of any kind, depending on how restrictive you make that user's permissions. But you need to remove permissions from the Admins group as well, since Admin belongs to that group.

    As to using code, you would still be using the User Security feature - just working with it in code. It's a rather complex subject, so let me refer you to the Access Developer's Handbook - I believe it is covered in the second volume for Access 2002, but you may want to check if you have to buy it. It should be a part of your reference library anyhow if you wish to do serious Access development. Finally, putting passwords in an Access table is not secure, and is easily defeated, so not a good idea.
    Wendell

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •