Re: would it be wise???

Well it depends.

>From your earlier post you said you had granted the Users group some permissions.

...."Some permissions I allowed to the users group, because they are necessary for all
users."...

Well there are situations where this is OK, so I will not say that you *never* want
to do this, but it is very unusual.

*Normally* when you secure an Access database you give zero permissions to the
Admin User and the Users group. This includes zero permissions on the Database
itself (a step usually missed). By doing it this way, no one will "accidentally" log into
the database with the wrong workgroup file, ever.

So let's get back to your initial comment of needing to have some permissions for all
the users. What you *should* do is create one or more custom groups for your
workgroup file. You assign membership to those various groups for your users. Now
as an example, say you need everyone who uses the database to open "FormA." In
the Permissions dialog area you simply grant permissions for your *custom groups*
to use "FormA." That way everyone can use that form. Follow me?

By giving any permissions (however small) to the Admin User or the Users Group,
you open a security hole into your database.

One last comment. You thought about having some code to kick out the Admin User.
I think you can do this by setting up some quick code in a module and then calling it
through an AutoExec macro. You would have to grant the Admin User permission
to open the database and run the macro. However, I really, really, really, really, really
do not recommend this approach.

--
Jeff Conrad
Access Junkie
Bend, Oregon

"tw" wrote in message:
news:ecndHpgOFHA.2356@xxxxxxxxxxxxxxxxxxxxxxx

> What step did I miss then. I thought I followed the steps... (with the
> exception of setting up some permissions for the user group). Could that be
> why the admin user from the system.mdw can get in? I did give the user
> group permission to open/run the database, limit the number of modifications
> necessary if new groups are added. I guess I will move that permission
> elsewhere to prevent the admin user from getting in with the system
> workgroup file.
>
> "Jeff Conrad" <jeffc@xxxxxxxxxxxxxxxxx> wrote in message
> news:uI80NagOFHA.4052@xxxxxxxxxxxxxxxxxxxxxxx
> > Maybe this explanation will help you understand the process.
> >
> > Every time you open an Access database (without a shortcut
> > to give Access different instructions) Access will *attempt*
> > to log in as Admin user with no password. *If* that attempt
> > fails for any reason, then and *only* then will you be prompted
> > for a password.
> >
> > Does that help?
> >
> > --
> > Jeff Conrad
> > Access Junkie
> > Bend, Oregon
> >
> > "tw" wrote in message:
> > news:%23AwasFgOFHA.2132@xxxxxxxxxxxxxxxxxxxxxxx
> >
> >> if passwords are stored in the workgroup file, then the system workgroup
> >> file has no admin password. If the user logs in using the system
> >> workgroup
> >> file, the system will not ask for a password. Is this understanding
> >> incorrect?
> >>
> >>
> >> "Lynn Trapp" <ltrappNoSpam@xxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:O3sAi1fOFHA.508@xxxxxxxxxxxxxxxxxxxxxxx
> >> > The better approach is to implement user level security properly, as
> >> > described in the Security FAQ, so that a person will not be able to log
> >> > on
> >> > as Admin without knowing Admin's password.
> >> >
> >> > --
> >> > Lynn Trapp
> >> > MS Access MVP
> >> > www.ltcomputerdesigns.com
> >> > Access Security: www.ltcomputerdesigns.com/Security.htm
> >> > Jeff Conrad's Big List: www.ltcomputerdesigns.com/JCReferences.html
> >> >
> >> >
> >> > "tw" <tlsilveus@xxxxxxxxxxx> wrote in message
> >> > news:e6S$7lfOFHA.2928@xxxxxxxxxxxxxxxxxxxxxxx
> >> >> Would it be wise to put in code upon start up, that if the
> >> >> CurrentUser()
> >> >> = 'Admin' then give user a message that they are using the wrong
> >> >> workgroup file and need to change to a proper workgroup file, then
> >> >> quit
> >> >> the system? If I were to do this, then I could possibly get locked out
> >> >> of
> >> >> my database if the workgroup file got corrupt? Could there be a way
> >> >> around getting locked out of the database if this code was
> >> >> implemented?
> >> >> If this code could be implemented, where should it go, on the start up
> >> >> form, or is there a load event to the database itself?
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>


.

Relevant Pages

  • RE: security wizard cannot be run
    ... I was fine with that until 'use your desktop shortcut'. ... for the Admin user. ... I tried to log on as Admin but couldn't get in to the database, ... Security permissions are stored in the mdb file. ...
    (microsoft.public.access.security)
  • Re: security only works on my PC
    ... still able to enter Explorer and enter the database without a login. ... checked the permissions box and the Users group has no permissions on ... Open it using your shortcut and log in. ... Click on the Groups option and select the Users Group. ...
    (microsoft.public.access.security)
  • Re: Security without signon
    ... >have not split my database and at this point would prefer not to. ... >have set up the form to run off a RWOP query, and I have removed all access ... >to the tables from the Users Group. ... give limited permissions to the Users group. ...
    (microsoft.public.access.security)
  • Re: would it be wise???
    ... There are some permissions that are necessary by all users, ... The Admin user is only a member of the users group. ... If the user logs in with username and password from the correct ...
    (microsoft.public.access.security)
  • Re: Becoming the Owner
    ... so you can open the database while joined to ... and check the permissions for the Database object type. ... remove the permissions on all objects for the Users group. ... workgroup file. ...
    (microsoft.public.access.security)
Quantcast