Results 1 to 4 of 4

Thread: MDB Security

  1. #1
    Join Date
    Jan 2004

    Angry Unanswered: MDB Security

    I have an Access database that I have saved on my companies server and secured with my laptop.
    I have changed the owner of all the tables to myself and excluded the User and Admin accounts, and excluded the Users and Admins groups.

    The problem is that any other computer on the network can get in to the tables as if no security existed. But it looks secure with my PC.

    I have a VB front end that uses the SYSTEM.MDW and passwords embedded.

    But I don't want to send out the SYSTEM.MDW file to everyones PCs because they could still get around the security by deleting it.

    Can anyone please advise?

  2. #2
    Join Date
    Jun 2002
    Mpls/St.Paul area
    There are two separate sections to the database security.
    1) User groups and accounts (independent of dbs)
    2) Permissions to objects on a specific DB

    Take for example the database in question. (Is it safe to assume it is an Access backend that has the tables?) If you were successful in removing the permissions to these tables, then users should not be able to get into it. And the User named Admin should not be able to get in to it. No matter what system.mdw an outsider uses, they should not be able to get into the database that you applied the permissions to.

    You mentioned that you removed access for everyone in both the users and admins group. ? That would mean nobody can get into it. Are you a member of the admins group? Are you selecting all the table objects when you remove the permisssions? Are you sure that the changes you make are being applied to the tables?

    Eventually you will want to make the mdw file available on the network. The system.mdw file that you set must be used by everyone.

    For starters, make a copy of your system.mdw file (don't change the original - you will want that generic for all your other Access databases). Rename the file, MyAp.mdw. Use a shortcut to open the database via that workgroup (mdw file).

    The following is from a post I contributed earlier...

    Make one workgroup (an mdw file) and place that on the network. Then add accounts for all users. Tools/Security/User Group and Accounts

    Then a shortcut must be used for each user so that they open your MDW file, instead of the defualt mdw file.

    The target of the shortcut has three elements.
    1) the path & access.exe
    2) the path and name of the database.
    3) the path and name of the MDW file. (use the switch /wrkgrp)

    For example
    "C:\Program Files\Microsoft OfficeXP\Office10\MSACCESS.EXE" "C:\_Databases\Studies\PFO\PFO.mdb" /wrkgrp "\\Deneb\Clinical\Databases\Studies\_System\system .mdw"
    This example points to my access, my database, and a shared system.mdw on the network.
    (NB: use double quotes for paths with spaces)

    Typically starting up access points to the system.mdw established at the installation of Access. Using a shortcut you can override that.

    People may have Access installed in different paths, so individual shortcuts may need to be adjusted.
    This is the day the Lord has made, I will rejoice and be glad in it.

  3. #3
    Join Date
    Jan 2004
    Admittedly, I haven't split the database into to an Access Backend.

    What I have done is to create a new user group CRMAdmins and created me as a user in that group.
    I then removed Admin & User from the CRMAdmin group.
    The ownership of the tables where then given to me.

    So presumable I alone have permission to acccess the database.

    I could install a copy of my SYSTEM.MDW to everyone who installs my VB app. But what I want to protect is, if someone who hasn't install tha VB app and is browsing our network, supprising comes along interesting Access Databse, opens it and finds all the customer information that I need protected.

  4. #4
    Join Date
    Jun 2002
    Mpls/St.Paul area
    This is what I protect against by taking the permissions off of the objects for the user named 'Admin.'

    I'm not sure what we are doing differently, but the way I have thinngs set up, nobody can browse into my data tables. Even if (especially because) they are using their standard system.mdw file. In that case they are by default logged on as the user Admin (with no password).

    In fact, even on my own PC I can be prohibited from getting to a database I have made.
    1) I make a workgroup, My.mdw, and make an account, e.g. GrandPoohbah
    2) I setup a shortcut for using that workgroup, My.mdw.
    3) Once signed in, I can make a new database where the user, GrandPoohbah is the owner.
    4) Then for the permissions, remove the permissions to table access from the user, Admin.
    5) Close everything.
    6) Browse to and double click on the new database. What happens is that the system.mdw is accessed by default, and the user Admin, is accessed by default (usually this is all transparent to the user). But next (as the doubleclick events unfold) the database is opened and it determines that the user Admin is seeking entrance and it prohibits access.

    The following error is displayed for the interloper.
    "You do not have the necessary permissions to use the 'my database' object. Have your system administrator or the person who create this object establish the appropriate permissions for you."
    This is the day the Lord has made, I will rejoice and be glad in it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts