Results 1 to 5 of 5
  1. #1
    Join Date
    Dec 2003
    Posts
    138

    Angry Unanswered: User Restrictions in Access XP

    I am having difficulty setting user restrictions and permissions in an Access Database. I use the security settings user accounts and permissions but when the user logs in she still has acces to everythig. Any suggestions

  2. #2
    Join Date
    Sep 2003
    Location
    Caldes de Malavella, Spain
    Posts
    244
    What you have forgotten is that everybody is a member of the Users group, regardless of what other groups they might belong to. You cannot remove a user from the Users group.

    By default, the Users group has full permissions for everything. So....the first thing you do when setting up security is to remove all permissions from the Users group. This is because the permissions that a user receives upon logging in is the sum of the permissions from whatever groups they are in.

    With permissions removed from the Users group, a user will only receive the permissions you have assigned to other groups they might be in. Which is exactly what you want.
    Andy Briggs
    Elmhurst Solutions Limited
    Database Development and Consultancy
    http://www.elmhurstsolutions.com

  3. #3
    Join Date
    Sep 2003
    Location
    Caldes de Malavella, Spain
    Posts
    244
    What you have forgotten is that everybody is a member of the Users group, regardless of what other groups they might belong to. You cannot remove a user from the Users group.

    By default, the Users group has full permissions for everything. So....the first thing you do when setting up security is to remove all permissions from the Users group. This is because the permissions that a user receives upon logging in is the sum of the permissions from whatever groups they are in. As the Users group has full permissions, every user will always therefore have full permissions.

    With permissions removed from the Users group, a user will only receive the permissions you have assigned to other groups they might be in. Which is exactly what you want.

    To me, it would have been far more logical if Microsoft had assigned the Users group no permissions by default. There is a Wizard available from Microsoft called the "User-Level Security Wizard", which will strip the Users group of permissions and allow you to set things up correctly. You used to be able to download it; I haven't checked recently to see if it's still there.
    Andy Briggs
    Elmhurst Solutions Limited
    Database Development and Consultancy
    http://www.elmhurstsolutions.com

  4. #4
    Join Date
    Dec 2003
    Posts
    138

    Unhappy Sharing Access Database over Network

    I shared my Access Database over our network and when it is accessed from any other computer through the network my permissions and users are gone and full access is granted, when a different user logs in on my computer their permissions are there...how can I allow my access database to be accessed through our network but without the user having full access?

  5. #5
    Join Date
    Sep 2003
    Location
    Caldes de Malavella, Spain
    Posts
    244
    The permissions for a database are stored within the .mdb file itself. However, User and Group information is stored within the workgroup information file system.mdw (usually found in your Win\System32 folder).

    What you need to do is to ensure that all network users are using the same system.mdw file. Having created your Users, Group and permissions in one copy of Access, copy system.mdw from that machine into a folder that can be read by all users on your server. Then make sure that each copy of Access uses that .mdw file - one of the command line options in Access allows you to point to the .mdw file you wish to use.

    For example :

    C:\Program Files\ Microsoft Office\Office\MSAccess.exe F:\Databases\Mydb.mdb /wkgrp F:\MyFiles\system.mdw


    This command line would start Access, open a database in F:\Databases and use the workgroup information group in F:\Myfiles

    Incidentally, the file does not have to be called system.mdw. You could call it Sales.mdw for the Sales department, Marketing.mdw for the Marketing deprartment and so forth. This allows you to have multiple mdw files for different groups of users. But the file must retain its .mdw extension.

    As an added security measure it's always best to remove system.mdw from each user's machine. This would stop anybody changing their command line to point back to it, resulting in them being able to get into the database with full permissions, as you've experienced.

    I hope I've explained this sufficiently - let me know if not.

    Good luck and best wishes
    Last edited by andybriggs; 09-01-04 at 14:14. Reason: Typo
    Andy Briggs
    Elmhurst Solutions Limited
    Database Development and Consultancy
    http://www.elmhurstsolutions.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •