Re: For Jack Macdonald - admin user question

From: MaBell (MaBell_at_discussions.microsoft.com)
Date: 11/05/04 

Date: Fri, 5 Nov 2004 06:07:03 -0800

I will look into it... thanks!

"Jack MacDonald" wrote:

> Matt
> It sounds like you did everything right, so I am not sure what is
> going on. One possibility: you said "... I should be locked out..."
> which I interpret to mean that the Admin user can open the database.
> You don't say explicitly whether Admin is denied permission to any of
> the database objects. The admin user can still open the database
> unless you remove the Run/Open permission from the Database object.
>
>
> On Wed, 3 Nov 2004 11:19:04 -0800, MaBell
> <MaBell@discussions.microsoft.com> wrote:
>
> >Hi jack,
> >
> >I followed your security papers to a T and I found them very helpful.
> >However, when i log in to my secure database using default mdw, user admin
> >can open the database and I thought he couldn't. Please review my steps and
> >let me know if i have missed something. Thanks in advance:
> >
> >1. I created a new workgroup using wrkgadm.exe and open a DB with it.
> >(checked using ?dbengine.systemdb)
> >2. I created password for user admin, create new user (me), added (me) to
> >admin group and remove admin user from admin group.
> >3. I login as me and create password.
> >4. I create AppUser group and SuperAdmin group.
> >5. I create new DB for which user (me) am the owner and owner of all objects.
> >6. I remove ALL permissions for the Admin Group, User group, And Admin
> >user.(giving SuperAdmin group all rights and AppUser Group some, and remove
> >all user level permissions).
> >
> >Now when I log into my DB using my (or anyone else's for that matter)
> >default system.mdw (silently as user admin), I should be locked out b/c
> >permissions are saved with the db... right? However I can open the db. Did
> >I miss something?
> >
> >Thanks for all your help!
> >
> >Matt
> >(access 2000)
>
>
> **********************
> jackmacMACdonald@telusTELUS.net
> remove uppercase letters for true email
> http://www.geocities.com/jacksonmacd/ for info on MS Access security
>

Relevant Pages

  • Re: Access 97 Security issue Cant make a MDE
    ... I am not able to CHANGE these rights. ... Normally I work as both the Owner of the database (and all objects ... we don't reset this table permission after making the mde. ... we give database admin permission to our user group. ...
    (microsoft.public.access.security)
  • Re: Cannot convert or enable database
    ... It sounds like you're working with the A97 database without the ... need to find that workgroup file, and the username/password of a user ... The KB states to "Remove the Admin ... "You don't have permission to import, export, or link to." ...
    (microsoft.public.access.security)
  • Re: low permission cannot convert from A97 to A2000/2003
    ... Delete is a separate permission. ... You need open exclusive permission on the database to ... > The admin user has full privileges. ... > as we wont be importing those files from them, and the contractor will be ...
    (microsoft.public.access.conversion)
  • Re: low permission cannot convert from A97 to A2000/2003
    ... Delete is a separate permission. ... You need open exclusive permission on the database to ... > The admin user has full privileges. ... > as we wont be importing those files from them, and the contractor will be ...
    (microsoft.public.access.security)
  • Re: Converting database from Access 97 to 2003: problems
    ... Although the owner of the database had all the rights the conversion was not ... placed the Admin user in the Admins group (Admins group has Administrator ...
    (microsoft.public.access.conversion)