Results 1 to 9 of 9
  1. #1
    Join Date
    Feb 2009
    Posts
    17

    Unanswered: Permissions and Account Security Question

    I've created different groups and user accounts for my database and assigned permissions for accessing specific forms, tables, queries, and reports. When I open the file, I am prompted with a required user id and password. However, when I go to another computer on the same network and open the file, it automatically opens as administrator and there are no security restrictions! How do you fix this error which is defeating the entire purpose of security restrictions? Thanks!

  2. #2
    Join Date
    Feb 2009
    Posts
    17
    Tried following this tutorial: Steps to Securing an Access Database by Using User-level Security | Database Solutions for Microsoft Access | databasedev.co.uk

    But it keeps deleting my users and permissions. Then when I run the security wizard, it doesn't have my users. This is because really frustrating, especially when the tutorial says it has been tried multiple times and works.

    Could it be because this file is on a shared server and my workgroup fields are being created on my personal computer's system files?

  3. #3
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    you need to go back to the original FAQ on securing access applications

    usergroups security is applied to the instance of Access, based on the workgroup secuirty file associated with that executable of Access (set in the tools menu option) OR based on the command line switch

    Securing an Access app is potentially a misnomer, its very difficult to secure an Access application or data.. it requires carefull desing and judicious use of network permissions.

    I'd always suggest that you make sure the app itself queries the workgroup file to make certain the correct permissions file is being used.

    one of the gotcha's with Access workgroup security is if your netwrok trolls are more active than normal in patching office there is a high probability that they will reset the executable default workgroup to allow user admin full rights.

    in my books by far the best approach is to deploy the app on a netwrk share only visible to those who have permission to use the app
    deploy the app as a MDE (making sure you keep a backup of the MDB that made the MDE.

    if you can use runtime rather than Access to run the app

    run the app form a shortcut which specifies whatever command line switches you need.

    any workgroup file needs to be visible to all users (it makes sense to either create the workgroup file on the same server partition/location as the MDE/MDB. you do not want to be relying on maintaining individual workgroup files. Although its perfectly possible to copy the central master workgroup file to the local worksatation each time it rusn.. it does however have to be visible on the network
    I'd rather be riding on the Tiger 800 or the Norton

  4. #4
    Join Date
    Feb 2009
    Posts
    17
    I am not worried about unauthorized access to the database. It rests on a secure server and the file folder can only be accessed by authorized personnel. Please assume that all those who access the file do not have malicious intentions. The only purpose for these addtional security restrictions is to prevent user errors and changes to the design of the database. I am trying to restrict the file settings based on different logins. When someone opens the file, they will be prompted with a log in screen and enter their username and password and gain access to certain parts of the database. I want users to have access to forms only. Two administrators will have full access to all parts of the database to check tables and run queries/reports.

    Now, the Security Wizard thus far has proven unable to do this because it is not recognizing my working group file. I cannot modify the working group file to set restrictions on user accounts. Someone how my .mdb is not connecting to my .mdw file.
    Last edited by MFairbanks; 04-17-09 at 15:15.

  5. #5
    Join Date
    Feb 2009
    Posts
    17
    I don't understand how to make my .mdb query my .mdw. Where and how would I write this script?

  6. #6
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    your MDB doens't connect to the workgroup file, that is the whole point, its the instance of Access that connects to the workgroup file

    you can progrmatically access the workgroup file through the ADO security collection..

    you can request if a specified user, is a member of the a specified usergroup. I'd reccommend that the applications requests that a specific user has aspecific usergroup permissions, wher eyou do this is up to you, if you do it int he menu, I'd suggest also doing it in the form/reports on open event and cancel if they do not have sufficient permissions.

    I'd alwasy suggest you sue the PAI call to get the user permissions (its a lot harder to spoof a network account, than it is an Access workgroup account).
    I assign the netwrok logon of the person to the requisite usergroups int he workgroup file and use that as the key information. it also means that users don't have to log on to use the app, when they change their passowrd they don't mither me because the account is authenticated as part of netwrok logon, so its the network trolls problem to deal with forgotten userids or passwords.
    I'd rather be riding on the Tiger 800 or the Norton

  7. #7
    Join Date
    Feb 2009
    Posts
    17
    OK, Access connects to the workgroup file then you open the .mdb file and you get the settings of the workgroup file. I understand.

    When I open the file now, I am prompted with a log in. I log in under user 1. I can still access the design of forms. I check security - user permissions and users should not be able to access the design of forms. Why is this happening?

    I'm a newbie. I understand the idea behind creating a run script that automatically checks user ids and assigns permissions based on it. However, I don't know where to put this script or how to write or why its necessary instead of using the default means?

  8. #8
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    I dunoo
    have you read and understood the security FAQ.
    if you deploy your access application as an MDE
    I'd rather be riding on the Tiger 800 or the Norton

  9. #9
    Join Date
    Nov 2007
    Location
    Adelaide, South Australia
    Posts
    4,049
    I remember fiddling around for hours playing with Access security and I got it all perfectly sorted.... only to find that Microsoft are dropping the whole deal.

    Since MS are effectively deprecating user level security, is there any real point to doing this? I sure don't bother any more. MDEs are my only form of security now.
    Owner and Manager of
    CypherBYTE, Microsoft Access Development Specialists.
    Microsoft Access MCP.
    And all around nice guy!


    "Heck it's something understood by accountants ... so it can't be 'that' difficult..." -- Healdem
    "...teach a man to code and he'll be frustrated for life! " -- georgev

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •