Results 1 to 7 of 7
  1. #1
    3 Star Lounger
    Join Date
    Nov 2003
    Location
    London, Gtr London, England
    Posts
    222
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Backend Security - Again (2003 (11.6566.8036) SP2)

    Hi there!

    Can't believe I'm back here again with this and beg your patience again.

    I have been writing up my own steps for implementing Front and Back End security (collating information from SecFac and the forum) and subsequently testing the procedures on a DB that will be coming up for splitting and securing. I applied the security on the DB as a whole and split it afterwards as a means of seeing what occurs (The first DB I secured was already split, but I thought the procedures would generally be the same). I have even gone through the motions of importing the objects from the original DB's into new blank DB's in order to ensure that I would be the DB Owner and not Admin, before applying the Security.

    Security wise, everything works fine for the Front End and on first glances is ok for the Back End too. If I try and run the Front or Back End up from their resident folder I get the "you do not have the necessary permissions to use blah blah blah" which is what I expect and subsequently have to use the desktop icons with the respective switches in order to gain access. Same happens if I try to import the tables from a different DB.

    The problems start when I run the Front End up and try to access the tables in the Back End, I get the same permissions message as above, which initially puzzles me as I am the Administrator and have full permissions at the back end in the Admins Group (same happens for users, but should be noted they are not members of Admins at theBack End).

    I have three groups at the Front End, Admins, Users and Housing. Users has no permissions set for anything, Housing has:

    Object Type Permissions

    Database: Open Run


    Table: Read Design
    Read Data
    Update Data
    Insert Data
    Delete Data

    Query: Read Design
    Read Data
    Update Data
    Insert Data
    Delete Data

    Form: Open/Run

    Report: Open/Run

    Macro: Open/Run

    Admins has permissions to everything.


    The Back End has two Groups, Admins and Users. Admins has permissions to everything and once again Users has no permissions.

    If I change the permissions at the Back End on the Users group so that the Database Object type is Open/Run, I then get a message at the Front End saying "Could not read definitions; no read definitions permission for table or query 'tblxxxxx'.

    If I then change the permissions at the Back End so all tables in the Users group Object type: Table are Read/Design, Read Data, Update Data, Insert Data, Delete Data, then I can open the tables from the Front End with no problem and so can the prospective users.

    This is when things go wrong. From an unsecured DB I can now import the tables from the Back End and I can also run the Back End up from its Folder (it's defaulting to the factory System.MDW) and although I can't delete the tables within, I can view, copy and delete the data.

    My first successful secured DB (which is working perfectly), Back End has no Permissions set for the Users Group. I have compared the permissions settings with this DB against my latest attempts and from I can see there is no difference.

    What's frustrating is I'm sure I've gone through the same steps that eventually led to me successfully securing my first DB, but I must have missed something here or am just doing this completely wrong.

    I hope I've explained this ok, all help will be gratefully received!

    Cheers,

    Niven

  2. #2
    3 Star Lounger
    Join Date
    Nov 2003
    Location
    London, Gtr London, England
    Posts
    222
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backend Security - Again (2003 (11.6566.8036) SP2)

    Subsequent to the above, I think I have now solved the problem (although why my first Secured DB works is now a mystery!).

    I have created a Housing Group in the Back End and assigned the following permissions:-

    Object Type: Database
    Permissions: Open/Run

    Object Type: Table
    Permissions: Read Design, Read Data, Update Data, Insert Data, Delete Data

    No users are assigned to this Group, but now when I run up the Front End, I have no problems with accessing the Back End tables. Further, the Back End can not be accessed now from its Folder location, nor can the tables be imported via a different DB.

    My main aim here is to produce a simplified step by step procedure of securing a DB, both at the Front and Back Ends, so that I can confidently run through this process in as shorter time frame as possible (once you know what you are doing it's actually very quick!). I think I may be there now!

    I'm not sure how many other people have found this to be a minefield, but if the Forum is interested I would be quite happy to submit this manual, when complete, for critical review by Moderators and for reference by members.

    Cheers,

    Niven

  3. #3
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Backend Security - Again (2003 (11.6566.8036) SP2)

    Loungers would certainly be interested in your manual!

  4. #4
    3 Star Lounger
    Join Date
    Nov 2003
    Location
    London, Gtr London, England
    Posts
    222
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backend Security - Again (2003 (11.6566.8036) SP2)

    If I can make it sensible and clear in it's objectives, then it would be a way of me 1) giving something back and 2) saying thank you for all the great help I have received over these past few years.

    As I stated before, when complete I would like all you Moderators to make a critical review of it and make comments as to improvements etc. before "publication" as it were.

    If I don't talk to you again in the next few days, then have a Merry Christmas and Happy New Year!

    Cheers,

    Niven <img src=/S/cheers.gif border=0 alt=cheers width=30 height=16>

  5. #5
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Backend Security - Again (2003 (11.6566.8036) SP2)

    You could post it here when the first version is ready, clearly stating that it is a "beta" version. Moderators, but also other Loungers, could comment and provide suggestions.

  6. #6
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Vancouver, Br. Columbia, Canada
    Posts
    632
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backend Security - Again (2003 (11.6566.8036) SP2)

    Niven

    Just in case you had not seen this, there is a comprehensive list of documentation about User Level Security at:

    http://home.bendbroadband.com/conradsystem...s.html#Security
    --------------------------------------------------
    Jack MacDonald
    Vancouver, Canada

  7. #7
    3 Star Lounger
    Join Date
    Aug 2002
    Location
    Leuven, Vlaanderen, Belgium
    Posts
    322
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Re: Backend Security - Again (2003 (11.6566.8036)

    FYI: the page Jackson refers to has been moved to the Access MVP site.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •