Security Won't work

From: miaplacidus (mia_placidus_at_hotmail.com)
Date: 08/02/04

  • Next message: Rick B: "Re: content advisor password" 
    Date: Mon, 2 Aug 2004 11:03:16 -0700

    I have set up a database and created a workgoup file. In
    the database I set permissions for some groups to enter
    and update data. All the design permissionons are turned
    off except for my account. I took the admin account out of
    the admins group so admin is only a member of the user
    group. All permissions for the user group are turned off.
    Therfore the only permissions for objects in this database
    are those assigned to groups which I created.

    Still, if someone logs in using the default system.mdw
    file they are able to log in as admin, with no password
    and the security menu shows that that admin has full
    rights.

    I see in Snelling's security document that there are two
    user groups that have irrevocable rights to assign
    permissions, even if the UI indicates that those users
    don't have permissions. They are the owner of the object
    (me, in this case) and the admins group of the workgroup
    database in use when the database was created.

    Since I created the database using the system.mdw file
    before I ever considered security, apparently any
    system.mdw administrator has full rights to my DB.

    Apparently this means that in order to secure this DB I
    will have to re-create it using an mdw where admin is not
    a member of the admins group.

    As I understand it, neither can I copy the obects to a new
    database created under a different .mdw file because the
    previous permissions are attributes of the object, and
    they will follow the object to the new .mdb.

    I followed the instructions later in the document for
    securing an existing database. The end result of that
    procedure was that now the application requests an DB
    password, but once that is entered the user is logged on
    as admin and since in that users user group admin is a
    member of admins and admins has full permissions...ergo no
    security.

    How do back out of this and start over?

  • Next message: Rick B: "Re: content advisor password"

    Relevant Pages

    • RE: Any way to remove ADMIN$ only?
      ... partition to allow you to set local permissions. ... Network Security Specialist ... Any way to remove ADMIN$ only? ... default security of Windows drives. ...
      (Focus-Microsoft)
    • Re: Sorting out security
      ... > MS Access security. ... > created a new workgroup, added a password for the Admin role, added ... > remote logins to a secured database. ... The location of the current workgroup file is recorded in the ...
      (microsoft.public.access.security)
    • Re: Problems setting up access security
      ... So, for some reason, it seems that Access security does not work when Access ... try to go directly into the database, they have to use the shortcut and log ... "Joan Wild" wrote: ... The Admin user still owns the database object. ...
      (microsoft.public.access.security)
    • Re: User Level Security Malfunction
      ... menu, the Users group has no rights to open the database, and it also ... I first create a blank secured file that I ... Remove Admin from Admins group ... Remove all permissions to "new" objects from Admin ...
      (microsoft.public.access.security)
    • Re: Creating security for MS Access application
      ... I wanted to create user ids and grant permissions based on user ids. ... You've not properly secured your database if that's the case. ... of User Level Security before mucking around with it too much more. ... with instructions on how to properly secure a database without the Security Wizard: ...
      (microsoft.public.access.security)