Re: User access on a company intranet

I will assume you are using Access 2003? If someone is getting in without
providing a username/password, it's possible that you assigned permissions
to the 'Users' Group during the steps of the wizard - is that so?

--
Joan Wild
Microsoft Access MVP

Dan wrote:
I assigned each user a unique password "ex: sunset" for each user. I
also used the security wizard to do this so I don't know how I missed
a step.

"Joan Wild" wrote:

Dan wrote:
I have set user level security up on the database used by my
department, which I'm the owner of all the tables, queries, etc.. I
have given everyone in my department a user name, assigned them to
groups and gave each a password.

How did you give each a password? I'm asking because I suspect you
think the PID you assigned to the username is a password, it isn't.

While the security works on my
computer others in my department who access the database through the
server are not prompted for their user name or password. While
other are not allowed access because they do not have permission.
What have I done wrong? Does the security in Access only work on
stand alone computers? Does it work when the database is on the
server?

It does work on shared databases. You've missed a step in securing
it if someone is able to open it without username/password (i.e.
they're likely using the default system.mdw workgroup file). They
are being silently logged in as 'Admin', and they shouldn't even be
able to open the mdb as this user.

Security is complex, and you need to ensure you follow every step.
Missing one step, or doing things out of order can result in an
unsecure mdb. Security FAQ
http://support.microsoft.com/?id=207793

Security Whitepaper
http://support.microsoft.com/?id=148555

Although the whitepaper is old, it contains information to help you
understand security.

I've also outlined the detailed steps at
www.jmwild.com/AccessSecurity.htm


--
Joan Wild
Microsoft Access MVP


.

Relevant Pages

  • Re: Cognos Default Username and password
    ... (which should hopefully contain the default username/password combo). ... "Discover the Security Benefits of Cisco NetFlow" ... Download FREE Whitepaper "Role of Network Behavior Analysis and Response ...
    (Pen-Test)
  • Security assessment on stored proc vulnerability
    ... password to a back end MS SQL 2000 db via a form. ... front end ASP page if the username/password combination is valid. ... This is a definite vulnerability. ... I am currently tempted to classify it as a low security risk. ...
    (Pen-Test)
  • Re: How to set up security on a Network
    ... > You'll need to implement User level security. ... > study up and practice on a copy of your database until you're confident. ... > You won't want to have users repeatedly entering their username/password for ... >> password to open that particular form or report). ...
    (microsoft.public.access.security)
  • Re: Secure access to my hosted web service
    ... You could just secure it yourself with a username/password SoapHeader. ... to implement security directly into your webservice. ... I am developing a web service that will be hosted by ... a web hosting company and therefore will be in the ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Wont authenticate over workgroup
    ... >I have a Windows XP Pro machine that I reformated. ... >the server under My Network Places and be prompt for username/password. ... Sharing and security model", ... check to see if Simple File Sharing (Control Panel - ...
    (microsoft.public.windowsxp.network_web)