Results 1 to 9 of 9
  1. #1
    Star Lounger
    Join Date
    Aug 2002
    Location
    Wichita, Kansas, USA
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts

    security on dbases (2000/2002)

    I have a dbase I created in Access 2000. It has it's own .mdw file associated with it. In the permissions of the dbase, the users group has no rights.
    I create a desktop icon to open access and the dbase with the secure .mdw associated with it. If I try and open the dbase directly thru Access (without the special icon that attaches the mdw file) I get an error saying I don't have rights. This is how it should work.

    I have someone with Office 2002 that can open the dbase directly through Access, without the special icon, and do anything she wants in the dbase. When I look at the security of the dbase she opens, it of course doesn't show any of the special permission groups or permission settings.

    Did something change with Office 2002 and the security? Is the system.mdw different, or does it even have one?

    Thanks!

    Patty

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: security on dbases (2000/2002)

    As far as I know, there is no significant difference in security between Access 2000 and Access 2002.

    Did you take away all rights from the Admin user? If someone opens a database without logging in explicitly, he/she is automatically logged in as Admin.

  3. #3
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: security on dbases (2000/2002)

    It sounds as if you haven't removed all the permissions from the Admin account. By default, if no other .mdw file is specified, the user logs in as Admin. Nothing has changed in the basic user security feature between 2000 and 2002, though there are some added capabilities when use VBA to manipulate the security model. Really securing an Access database is a 12 to 14 step process (depending on which source is being quoted), and it is pretty easy to miss on or more of those steps. We have a number of links in our User Security Tutorial on our website that might be of use to you. If we can help further, please post back.
    Wendell

  4. #4
    Star Lounger
    Join Date
    Aug 2002
    Location
    Wichita, Kansas, USA
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security on dbases (2000/2002)

    I did take away all rights from the admin user. I found I can do the same thing in Access 2003 (get into the dbase without the special icon).

    I have ordered the book "Real World Microsoft Access Database Protection and Security" by Garry Robinson, hoping it will help with security ideas. It was mentioned in Woody's Access Watch.

  5. #5
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: security on dbases (2000/2002)

    The book is useful - I've spent some time digging through it, but it covers lots of issues that may not be of real interest to you. Another possibility is that Admin is still the owner of the database, and if that's the case, the owner can do most anything to the database. You might also find the User Security paper by <!profile=jacksonmacd>jacksonmacd<!/profile> of interest.
    Wendell

  6. #6
    Star Lounger
    Join Date
    Aug 2002
    Location
    Wichita, Kansas, USA
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security on dbases (2000/2002)

    When I look at Tools-Security-User and Group Accounts,
    the User Name "Admin" is a member of "Users".
    the only User Names that are members of "Admins" are logins I use - no one else
    When I look at Tools-Security-User and Group Permissions,
    I don't have any permissions set up by Users (so the Admin user doesn't have any permissions set)
    The "Users" group doesn't have any permissions at all in one of the dbases
    The "Users" group has read permissions in another dbase
    The "Admins" group has all permissions - but again I'm the only one with a login in that uses that group
    When I look at the "Change Owner" tab
    With an object type of database - the owner is me

    I appreciate your responses. Anything else I can check?

    I haven't read all the way through the links you sent yet. Will do that tomorrow. Thanks!

  7. #7
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: security on dbases (2000/2002)

    There is one difference in the Security menu in 2002/2003. You can set the default workgroup file from the menu, and you don't have to use the Workgroup Administrator. I gather from your previous post that is how you setup the 2000 workstations. Try pointing 2002 or 2003 to the correct workgroup and see what happens - they should be restricted just like everyone else (unless they have converted the database using the standard .mdw file.

    A couple of questions - how did you secure the database originally (i.e. did you use the wizard, or did you follow the detailed instructions available from Microsoft, or did you sort of roll your own)? Also is your database split into a front-end and a back-end? And finally, are you the owner of all objects in the database? Hopefully with answers to those questions and some reading on your part we should be able to sort things out.
    Wendell

  8. #8
    Star Lounger
    Join Date
    Aug 2002
    Location
    Wichita, Kansas, USA
    Posts
    71
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: security on dbases (2000/2002)

    I think I've finally found the problem. I created the security on most of my databases manually except for a couple of the newest ones I used the Wizard. But the ones I created manually I have converted from 97 to 2000.

    In Microsofts FAQ article on securing the dbase it says in item #10 "The Access 2000 Security Wizard removes permissions to the point where they are not visible on the security menus, but testing has revealed that in Access 2000 it is possible to open a database by using the default workgroup information file regardless of the menu settings."

    What took so long to figure out the problem is that they aren't visible on the security menus. I've looked through my security accounts and permissions over and over checking the admin/users/admins accounts and couldn't see anything wrong with them. When I create a new dbase and import the objects from the original, then reset the permissions, the dbase is secured from the common user.

    Thanks so much for your help and leads.

    Patty

    PS: Do you know how to remove the Open/Run permissions for the Users group through VBA code (it was mentioned in the article)? It seems like that might be easier than recreating all the permissions on all the dbases after importing them to a new ones.

  9. #9
    Super Moderator
    Join Date
    Aug 2001
    Location
    Evergreen, CO, USA
    Posts
    6,623
    Thanks
    3
    Thanked 60 Times in 60 Posts

    Re: security on dbases (2000/2002)

    The best source I know of for information on working with Access User Security with VBA is the Access Developer's Handbook. They devote at least one full chapter to manipulating security settings with VBA. Unfortunately I can't point you to the actual chapter as my partner has our copy at the moment.
    Wendell

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •