Results 1 to 8 of 8
  1. #1
    2 Star Lounger
    Join Date
    Mar 2004
    Location
    Christchurch
    Posts
    111
    Thanks
    0
    Thanked 0 Times in 0 Posts

    workgroup security (2000)

    I have built a couple of databases for 2 separate organisations with separate workgroup information files. I accidentally discovered that I could open 1 database when a member of the other organisation's workgroup! The only thing in common between the 2 workgroup files is a username "roger". Everything else is unique (group, user, workgroup names and IDs). I thought that I would have to belong to the correct workgroup, and if not, be unable to open the database. Alternatively I could access the database only if I could replicate the workgroup information file, assuming I knew the names and IDs of the users, groups and original workgoup file. As it stands at the moment, if anyone knows this situation, I have almost no security at all.

    Obviously I'm missing a crucial piece of the security puzzle here. What am I doing wrong?

    Regards
    Roger Searle

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: workgroup security (2000)

    If you open a database using a secured workgroup files, you must provide a user name and password. If the workgroup files only have the user "roger" in common, how do you open the database with the "wrong" workgroup file?

  3. #3
    2 Star Lounger
    Join Date
    Mar 2004
    Location
    Christchurch
    Posts
    111
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: workgroup security (2000)

    It's strange, isn't it... OK, here's another explanation of what I've got happening:

    Originally created a database for company 1 named "database1.mdb", secured with workgroup information file "workgroup.mdw", which contains various groups, users, all with identical IDs and permissions to view table designs etc, and this all works really well. One of the users in the database is "roger" and there are various others. If the computer joins the default microsoft "system.mdw" workgroup, there is no access ("you do not have the necessary permissions...).

    Recently for company2 I made a database "database2.mdb", with "workgoup2.mdw", different IDs, and a user "roger" and others. When joined to workgoup2.mdw, can open database2 OK.

    Now for the issues: Can also open database1 with user "roger" and roger's password from workgoup2 (WON'T work with password from workgoup1). Cannot open database1 with any of the other users from workgoup2. Can join the default workgroup "system.mdw" and directly open database2 with NO requirement to log on. (though can't open database1 - that's good!)

    Now if I join workgoup1, can open database1 with all the expected users and passwords from that workgroup. I can open database2 with any of the same users (that's not good!).

    So it comes down to 2 things: first, it seems I can open database2 with any user created from another database secured by it's workgroup, and that there is no logon requirement if I join the default workgroup. Second, I can get into database1 with a user "roger" created in another database.

    I hope this is clear explanation of what I've got happening. Definitely not what I want...

  4. #4
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: workgroup security (2000)

    If you join Workgroup2.mdw, and open Database1.mdb, you must provide a user name and password. You enter "roger" and the corresponding password for Workgroup2.mdw. The password gets checked in Workgroup2.mdw, since you joined that workgroup, so it is ok. Next, the database Database1.mdb recognizes "roger" as a valid user, having sufficient permissions to view tables etc.

    It would seem that Database2.mdb has not been secured correctly, since you can open it without logging in. Apparently, no password has been set for the default Admin user, and Admin was not removed from the Admins group...

  5. #5
    2 Star Lounger
    Join Date
    Mar 2004
    Location
    Christchurch
    Posts
    111
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: workgroup security (2000)

    Thanks for your replys and help so far, Hans. The issues are half resolved - I'm happy with the situation regarding database1 now that I understand the link between the username stored in the database and password in the workgroup file.

    database2 remains a worry! I have checked that there is a password on the admin user, admin is not a member of the Admins group. This is all on the workgroup2 file, of course.

    The issue came to my attention first when I was training a new user who logged on to an xp machine and by default belongs to system.mdw, the unsecured workgroup. So she didn't need to log on. Other users on that machine were in the workgroup2 workgroup so required to log on.

    So this could be simply resolved by adding a password to the admin user. Now I am required to log on. But this isn't the correct situation to have, because all I need to do is replace the (now modified) default system.mdw workgroup file with an un-modified one with a blank password and I'm back with access to the database. The real issue here is that I should not be able to get in to database2 at all when a member of system.mdw workgroup. I can't get into database1 when in system.mdw, I get the "you do not have the permissions" message.

    So something is still not quite right with database2.

    Hope this makes sense and that you might be able to understand what's still wrong?

  6. #6
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: workgroup security (2000)

    Have you checked to see what permissions the Admin user has? Even if they aren't in the Admins Group, the user could still have full permissions, which may be your problem.
    Charlotte

  7. #7
    2 Star Lounger
    Join Date
    Mar 2004
    Location
    Christchurch
    Posts
    111
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: workgroup security (2000)

    Hi Charlotte, the admin user has all permissions removed for all objects in the workgroup2.mdw file. Which is as I would want it.

    The problem remains with being able to open database2 when a member of the default microsoft workgroup file, system.mdw. Any ideas? Database1 will give me "you do not have the permissions..." message if I try to open it when belonging to system.mdw and that is what I want to have happen with database2 as well.

  8. #8
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: workgroup security (2000)

    Did you change the *owner* of the database? If the owner is Admin, it doesn't matter what permissions you remove.
    Charlotte

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •