Re: User access on a company intranet

OK, that's version 2002. When you open the mdb via the shortcut and login
as you, go to the Tools, Security, Permissions dialog and select the Users
Group. Check that it doesn't have any permissions on any object.

Click on the Ownership tab, and verify that 'Admin' does not own anything.


--
Joan Wild
Microsoft Access MVP

Dan wrote:
I believe at work we are using a the verison prior to 2003. When the
screen came up for permissions I did not do anything on it. I did
assgn my user to groups, some to an update group and to a data entry
grounp.

"Joan Wild" wrote:

I will assume you are using Access 2003? If someone is getting in
without providing a username/password, it's possible that you
assigned permissions to the 'Users' Group during the steps of the
wizard - is that so?

--
Joan Wild
Microsoft Access MVP

Dan wrote:
I assigned each user a unique password "ex: sunset" for each user.
I also used the security wizard to do this so I don't know how I
missed a step.

"Joan Wild" wrote:

Dan wrote:
I have set user level security up on the database used by my
department, which I'm the owner of all the tables, queries, etc..
I have given everyone in my department a user name, assigned them
to groups and gave each a password.

How did you give each a password? I'm asking because I suspect you
think the PID you assigned to the username is a password, it isn't.

While the security works on my
computer others in my department who access the database through
the server are not prompted for their user name or password.
While other are not allowed access because they do not have
permission. What have I done wrong? Does the security in Access
only work on stand alone computers? Does it work when the
database is on the server?

It does work on shared databases. You've missed a step in securing
it if someone is able to open it without username/password (i.e.
they're likely using the default system.mdw workgroup file). They
are being silently logged in as 'Admin', and they shouldn't even be
able to open the mdb as this user.

Security is complex, and you need to ensure you follow every step.
Missing one step, or doing things out of order can result in an
unsecure mdb. Security FAQ
http://support.microsoft.com/?id=207793

Security Whitepaper
http://support.microsoft.com/?id=148555

Although the whitepaper is old, it contains information to help you
understand security.

I've also outlined the detailed steps at
www.jmwild.com/AccessSecurity.htm


--
Joan Wild
Microsoft Access MVP


.

Relevant Pages

  • Re: RWOP /table permissions question
    ... Look in the security FAQ. ... without them needing permissions on the tables. ... Microsoft Access MVP ... Now base all your SQL statements on these queries rather than ...
    (microsoft.public.access.security)
  • Re: Front end, Back end, and restrictions on which Forms can open.
    ... Joan Wild wrote: ... ensuring that 'users' were granted no permissions (as i did when i was ... using the same method and selecting the same security file. ... it is secured but when I double click on the file, it still opens ...
    (microsoft.public.access.security)
  • Re: Copied database - no administer permissions
    ... Owner 'unknown' verifies that user level security was applied ... Microsoft Access MVP ... "Joan Wild" wrote: ...
    (microsoft.public.access.security)
  • Re: Front end, Back end, and restrictions on which Forms can open.
    ... I'm thinking that it isn't usng the correct mdw during the wizard. ... ensuring that 'users' were granted no permissions (as i did when i was ... Joan Wild wrote: ... using the same method and selecting the same security file. ...
    (microsoft.public.access.security)
  • Re: Access 2000 J Wild security procedure
    ... Microsoft Access MVP ... JoAnne wrote: ... Do I need to start the security ... "Joan Wild" wrote: ...
    (microsoft.public.access.security)