Results 1 to 9 of 9
  1. #1
    Join Date
    Jul 2002
    Location
    Kentucky
    Posts
    46

    Unanswered: Interesting security problem

    I have set up several secured databases and have never run into this problem before (but I have never used a split and secured database) and am hopeful that someone can shed some light on why it is happening.

    Using Access 2K for split database with FE's local and BE and security workgroup on server. All users have shortcut calling FE and server security workgroup. Database is one form loaded at startup. All fields kept hidden until user enters part number into blank field then form fully appears. Two security groups use the database, admingrp and limitedgrp. The only rights difference between the two groups is that admingrp can update, insert, delete to tables. When a member of the limitedgrp tries to log on they are told they do not have the security to do so. For "let's see what happens" I granted admin rights to "Users" in the BE and still happening. The kicker to all of this is that if I log on as a limitedgrp user on my local machine that uses the exact same shortcut as everyone else I can get on!!

    Here is what I have done in addition to the above to ensure that we are all pointing to the same information:

    Copied my shortcut to the server. Deleted my and the users shortcut and got the same results.

    Deleted the limitedgrp group. Tried to log on both mine and the users machines, neither would allow access.

    Created new group (everyoneelsegrp). Granted read permissions only to everyoneelsegrp. Users ID works on my machine but not theirs.

    I have read the Microsoft's security faq's many times and came across the following under chapter 12 which I think might relate to my problem.

    The minimum permissions for a linked table require Modify Design permission on the linked table (not the base table). In Microsoft Access 2.0, Read Design permission was sufficient.

    I'm not sure that I understand what this means. If I assign Modify Design permissions to the table links in my front end that automatically adds Read, Update and Delete Data permissions which for a particular group is not what I want to do.

    Can anyone clarify what this statement means and if my interpretation is correct how to remove those permissions via code or any other method? Is it changes I need to be making to the backend's security that will reverse the frontend for a particular group?

  2. #2
    Join Date
    Jun 2002
    Location
    Mpls/St.Paul area
    Posts
    303
    Just for clarification...
    1) what are FE's local and BE ?
    2) and by "security workgroup" you are refering to the system.mdw file where you created user groups and accounts, correct?
    3) Is it true that your shortcuts, wherever they may be, have the command parameter /Wrkgrp with the path and name of the system.mdw file?
    4) Is it possible that when the limited users log on, the database opens the form in the 'new record' state, which of course conflicts with their permission?
    5) If you have a split table (I assume that means tables separated from everything else and then the tables are linked), did you set the permission on the tables or on the links. That is, did you open the tables database and set the permissions, or did you open the main db and set permissions on the links. I have found that this makes a difference.
    6) Or, is it possible that when you set the permissions for the database, you gave permissions to the tables or forms, but didn't give the approriate permission to the database itself (this is one of the objects for which permissions can be set)?
    Last edited by jpshay; 07-29-02 at 15:54.
    John
    This is the day the Lord has made, I will rejoice and be glad in it.

  3. #3
    Join Date
    Jul 2002
    Location
    Kentucky
    Posts
    46
    Originally posted by jpshay
    Just for clarification...
    1) what are FE's local and BE Front end / Back end
    2) and by "security workgroup" you are refering to the [i]system[\i].mdw file where you created user groups and accounts, correct? Yes
    3) Is it true that your shortcuts, wherever they may be, have the command parameter /Wrkgrp with the path and name of the system.mdw file?{COLOR=blue]Yes[/COLOR]
    4) Is it possible that when the limited users log on, the database opens the form in the 'new record' state, which of course conflicts with their permission?The form opens to the first record which is made invisible. The record of choice is selected using a combo box with the following code.

    Private Sub cboECNLookup_AfterUpdate()
    Dim varReturn As Variant

    Me.RecordsetClone.FindFirst "[ECN Number] = '" & Me![cboECNLookup] & "'"
    Me.Bookmark = Me.RecordsetClone.Bookmark
    If Me.ECN_Number <> Me.cboECNLookup Then
    varReturn = MsgBox("The record that you entered does not exist." & vbCrLf & _
    "You are about to enter a new record into the database." & vbCrLf & _
    "Is this what you want to do?", vbYesNo)
    If varReturn = vbYes Then
    DoCmd.GoToRecord , , acNewRec
    Call Make_Visible
    Me.ECN_Number = Me.cboECNLookup
    Me.Release_Date.SetFocus
    Else
    Me.cboECNLookup = ""
    Me.cboECNLookup.SetFocus
    End If
    Else
    Call Make_Visible
    Me.Release_Date.SetFocus
    End If

    End Sub

    This could be what is causing the problem but I don't think so as I have other users with entry permissions that cannot add, delete or update the table in which the record is stored, just the tables accessed through subforms on the main form

    5) Or, is it possible that when you set the permissions for the database, you gave permissions to the tables or forms, but didn't give the approriate permission to the database itself (this is one of the objects for which permissions can be set)?I'm not following you on this one, please rephrase.

  4. #4
    Join Date
    Jun 2002
    Location
    Mpls/St.Paul area
    Posts
    303
    When in the FE db, you go to the menu items Tools\Security\User Group and Permissions, it opens the user and group permissions dialogue box. From there you can assign permissions. The object type combo box lets you look at tables, reports, forms, etc. One of those object choices is "database." Perhaps your limited-usergroup doesn't have access for the actual database object.

    By the way, sometimes I post an entry, see the mistakes and then correct it. You must have reacted quickly. It appears that you responded to my mistake ridden-incomplete post. Look again and see not just the formatting corrections, but the additional comment.

    Sorry for the lack of clarity.
    John
    This is the day the Lord has made, I will rejoice and be glad in it.

  5. #5
    Join Date
    Jul 2002
    Location
    Kentucky
    Posts
    46
    Originally posted by jpshay
    Just for clarification...
    1) what are FE's local and BE ?
    2) and by "security workgroup" you are refering to the system.mdw file where you created user groups and accounts, correct?
    3) Is it true that your shortcuts, wherever they may be, have the command parameter /Wrkgrp with the path and name of the system.mdw file?
    4) Is it possible that when the limited users log on, the database opens the form in the 'new record' state, which of course conflicts with their permission?
    5) If you have a split table (I assume that means tables separated from everything else and then the tables are linked), did you set the permission on the tables or on the links. That is, did you open the tables database and set the permissions, or did you open the main db and set permissions on the links. I have found that this makes a difference.I set permissions for the tables both in the front and back end. In the front end the permissions are limited but in the back end they are full open.
    6) Or, is it possible that when you set the permissions for the database, you gave permissions to the tables or forms, but didn't give the approriate permission to the database itself (this is one of the objects for which permissions can be set)?For the limitedgrp permission is set to Open/Run the database on the front end and full open on the backend for Users, if that is what you mean.

  6. #6
    Join Date
    Jun 2002
    Location
    Mpls/St.Paul area
    Posts
    303
    Is your operating system different than the users? I vaguely remember some quirks with NT.
    John
    This is the day the Lord has made, I will rejoice and be glad in it.

  7. #7
    Join Date
    Jul 2002
    Location
    Kentucky
    Posts
    46
    Originally posted by jpshay
    Is your operating system different than the users? I vaguely remember some quirks with NT. [COLOR=blue]Everyone is using NT here including myself.[/COLOR}

  8. #8
    Join Date
    Jun 2002
    Location
    Mpls/St.Paul area
    Posts
    303
    Sorry autoeng, doesn't look like I have had anything helpful to contribute.

    Perhaps you'll want to repost.
    John
    This is the day the Lord has made, I will rejoice and be glad in it.

  9. #9
    Join Date
    Jul 2002
    Location
    Kentucky
    Posts
    46

    Figured it out!

    I figured the problem out! I'll post my stupidity here so that another won't have to go through this. I had placed the front end and the security file on the server for distribution. I thought that as long as I was working with the same front end on my local machine that any security changes that I made were passed along to the security file and would then be company wide. I was mistaken. Every time you change the security you have to post the front end again! It never occured to me that security actually resided in the front end. I thought that it was separate in the security file.

    AAAUUUGGGGHHH! Live and learn!

    Thanks to all that have tried to help me on this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •