Re: User access on a company intranet

Yes they need full permissions on the folder where the backend is. If you
move the backend, you'll need to relink, yes.

--
Joan Wild
Microsoft Access MVP

Dan wrote:
They do have full permissions to the folder that the front end of the
database is located but not on the backend. Do I need to put the
backend in a folder that they have full access? If I do this do I
need to relink the tables.

"Joan Wild" wrote:

All users need full permission on the folder where the mdb is
located. This is windows permissions, not Access.

You won't see any permissions when you look at a 'user' in the
security dialog - that will only show you the explicit permissions,
not the implicit ones (inherited from being a member of a group).

I usually disable the shiftkey only when I'm ready to deploy to the
users. You wouldn't need to do this in your copy of the database.

However you can toggle the shiftkey bypass from another mdb file.
Albert Kallal has a utility you can use to do this. Look for Shift
Key ByPass at
http://www.members.shaw.ca/AlbertKallal/msaccess/msaccess.html


--
Joan Wild
Microsoft Access MVP

Dan wrote:
I disable the autoexec but people still can't use the forms on the
startup screen. It tell them that the database is open exclusively
by another person or they don't have permission. The person I was
using to test has no premission as a user, but is assigned to the
Full Data Users Group, where they can Read design, read data, update
data, insert data and delete data for tables and queries. He also
does not have any permissions when I change the object type to forms
and the full data user group has only run/open permission

Also, if I disable the shift key so people can not go around the
startup screen how will I be able to get into the database to make
changes? Will I still be able to go around the startup screen to
designe forms, update queries, etc? If I do disable the shift key
what it the best way to do this? I have looked at some code that had
been written from some of the other threads, but I'm not sure where
to put it.


"Dan" wrote:

I did as you said and created a shortcut with the path you gave me
and it works. Now the problem is that when someone besides my goes
in after giving their user name and passwork they get a message
that the database is exclusively open by another or they don't have
permission. The person I was using to test has no premission as a
user, but is assigned to the Full Data Users Group, where they can
Read design, read data, update data, insert data and delete data.
I have an auto.exe macro that runs using a password prompt I have
built into my database should I disable this?

"Joan Wild" wrote:

Let me try and explain how workgroup files work.

Access always uses a workgroup file, even with unsecured
databases. Out of the box, it uses a workgroup file named
system.mdw. When you open a database, it silently logs you in as
a user named 'Admin'. The Admin user owns everything, and the
Users Group has full permission on all objects. So it appears as
though there is no security, but there is.

When you want to implement security, you create a new mdw file,
and follow the steps to secure a mdb. If you've done it
correctly, then the only way to open the secure mdb is by using
the mdw you created. If someone can even open a 'secure' mdb
while using system.mdw, then you missed a step in securing it.

Every Access session uses a mdw file. Some mdw is set as the
default one to use. This is done via the Workgroup Administrator
in the Security menu.

Once you set a default, it will be used for all sessions, unless
you specify another one.



You can change the mdw by either
1. using the workgroup administrator to change the default
or
2. including the /wrkgrp switch in a desktop shortcut along with
the path to a different mdw.

The latter is recommended. Leave the computers joined by default
to system.mdw. Create a desktop shortcut with the /wrkgrp switch
- this will override the default mdw for just that session of
Access.

More in line...


--
Joan Wild
Microsoft Access MVP

Dan wrote:
They are still using the shortcut I placed in our department
folder when I created the database before I used the security
wizard and it the same one I use to open the database.

The target of this shortcut likely has only the path to the mdb in
it.

Also, it is the only icon
in the folder. However when I open the database I get the prompt
to enter my user name and password.

This is because you are joined by default to the mdw you used to
create the mdb with. You'll find that you'll be prompted for a
username/password for *every* mdb that you open. You need to
change your default mdw back to system.mdw.

I can also enter other users names
and password on my computer and enter as the database as them.
In fact it showes them as current user when I go to the
User/Permission drop down in Security and me as the owner of the
database. However, when I do this on their computer it goes
stright into the database.

On their computer, they are joined by default to system.mdw.
Since they can open the mdb, you missed a step in securing it.

All users are using the same icon to enter the database. How do
I creat a new shortcut? Do I get rid of the orginal Icon and
replace it with an icon that take them to my Secured1 database?

You can just right-click on that icon and choose properties.
You'll see a 'target' line in the dialog. Just edit it. You must
put the path to msaccess.exe at the front of the target. One
thing that may or may not cause a problem is if someone has
installed access to a different folder. You should give each user
a shortcut (icon) on their PC rather than having everyone use the
same icon.

Modify the target to have:
"path to msaccess.exe" "path to mdb" /wrkgrp "path to
secured1.mdw"

Modify the above to reflect the actual paths to the files.

Having said all that though, you still haven't secured the mdb
properly since some people are getting in with no login. You
should fix that first.

When I said below that I was asked to join what I meant was that
I went into Workgroup Admin and join the Secured1 file that was
created.

By doing so, you made it the default mdw to use for all sessions.
You'll find that no matter what mdb you open, you'll be prompted
for username/pwd - try opening Northwind and you'll see. You need
to go back in and set system.mdw as your default instead. Use the
redefined shortcut explained above to open your secure mdb.


.

Relevant Pages

  • Re: User access on a company intranet
    ... I did as you said and created a shortcut with the path you gave me and it ... I have built into my database should I disable this? ... When you want to implement security, you create a new mdw file, and follow ... to open the secure mdb is by using the mdw you created. ...
    (microsoft.public.access.security)
  • Re: Advance Security Issue Part II
    ... The mdb contains the db objects, the object/SID relationships, and the SID ... Read/Insert/Update/Delete permissions on a table or query). ... I can't see a use for the mdw once you've logged in. ...
    (microsoft.public.access.security)
  • Re: Security not clicking
    ... Did you start with the original unsecured copy of your database? ... Did you compile and compact the mdb before running the wizard? ... Copy the secure mdw to the server. ...
    (microsoft.public.access.security)
  • Re: security only works on my PC
    ... I checked the permissions box and the Users group has no ... Open/Run and open exclusive on database object ... "Joan Wild" wrote: ... properly on the single mdb. ...
    (microsoft.public.access.security)
  • Re: MDB remembers old MDW
    ... There were 2 reasons that I thought that the mdb had a link to the mdw: ... When you looked at the Workgroup Administrator dialog it displayed ... Group permissions the old groups from 'Security.mdw' were displayed. ...
    (microsoft.public.access.security)