Re: security only works on my PC

Tech-Archive recommends: Fix windows errors by optimizing your registry

I don't need any of the data - copy the mdb and empty the tables.

I think that you have overlooked either the permissions or the owner on the
database object.


--
Joan Wild
Microsoft Access MVP

brem219 wrote:
I tried to gain approval to send it out for fixing, but no luck.
There's too much confidential information to remove or conceal before
I could send it. Thanks for your help, I'll do my best to figure it
out using your advice.

"Joan Wild" wrote:

If you like, zip up the mdb and mdw, and email it to me and I'll
have a look.
jwild at tyenet dot com


--
Joan Wild
Microsoft Access MVP

brem219 wrote:
Thanks for the reply. I followed every word of your instructions,
yet I am still able to enter Explorer and enter the database without
a login. I checked the permissions box and the Users group has no
permissions on anything. Then I checked the owner tab, and I am the
owner of all the objects. This is how my groups (6 users and me)
are set up and the permissions they have.

Admins - Myself, User1, and User2
Have full permissions on all items

Full Data Users - Myself, Users 1 through 6
Open/Run on forms, reports, and macros
Open/Run and open exclusive on database object
Read Design, and Read, Update, Insert, Delete Data on tables and
queries (with the exception of two tables, where they have no
permissions)

Users - admin, Myself, Users 1 through 6

Does this help you understand what's happening?

"Joan Wild" wrote:

Since it isn't secured properly yet, don't distibute it. About
splitting: http://www.granite.ab.ca/access/splitapp/index.htm
http://www.members.shaw.ca/AlbertKallal/Articles/split/index.htm

You really do want to split it. First get the security working
properly on the single mdb.

Open it using your shortcut and log in. Go to Tools, Security,
Permissions. Click on the Groups option and select the Users Group.
Now go through every object and ensure that the Users Group has no
permissions (don't forget the Database Object). Next click on the
Owner tab, and go through every object and ensure that Admin is not
the owner of anything.

Now test again via Windows Explorer - you shouldn't be able to open
the mdb.

Once you have the security working, then split it. However don't
use the splitter wizard, as that will result in an unsecure
backend. It is simple to split it manually. Follow the steps at
www.jmwild.com/SplitSecure.htm

--
Joan Wild
Microsoft Access MVP

brem219 wrote:
Well, then I guess I did something wrong because I was able to
open it with ease through Explorer. I didn't even need a name or
password.

Also, I've read a lot on this board about frontends and backends
and I'm not sure how a database would be split or why it should
be done at all. My database is all at one location, in a folder
on the network.

"Joan Wild" wrote:

brem219 wrote:
OK, thank you. I rejoined the system.mdw workgroup and set up
the shortcut successfully on my PC. I had already removed
permissions from the users group and replaced them with RWOP
queries so no problem there.

Now I want to do the same thing on my co-workers' PCs. Do I
have to go to each of their PCs and link to system.mdw and
create the shortcut just like you showed me?

Before you go to each user's PC test that your database is
secured properly. Just open Windows Explorer and double click
the 'secure' mdb. You shouldn't be able to even open it. If
you can, then it isn't secured properly.

Once you have it tested, yes you need to provide the shortcut and
the frontend to each user. If you are confident that everyone
has a typical installation of Access, you can just copy the mdb
and copy the shortcut (it's a file with a lnk extension).


"Joan Wild" wrote:

brem219 wrote:

You need to use the
workgroup administrator to rejoin the system.mdw workgroup
file that ships with Access.

I don't know what this means. I opened the workgroup
administrator but only saw the new workgroup I created when I
added security. If there's another one, where do I find it?

It depends on version, but it usually is in the windows system
folder. Use Start, Search, and look for *.mdw on your hard
drive. Be sure you include system and hidden folders in the
search, and make a note of the path(s) it finds. You are
looking for system.mdw. When you open the Workgroup
Administrator, click on Join and rejoin the system.mdw. You
should now get no login when opening a mdb.

Then use a desktop shortcut to launch your secure mdb The
target would be
"path to msaccess.exe" "path to mdb" /wrkgrp "path to secure
mdw"

I don't know how to do a shortcut. Do I just right click on
my desktop and type in exactly what you wrote?

Right-click the desktop and choose New...shortcut. Click on
browse and locate msaccess.exe (it'll be something like
c:\Program Files\Microsoft Office\Office11\) and finish. Go to
the desktop and right-click this shortcut and choose
properties. It'll open to the shortcut tab, and you'll see the
target line with the path to msaccess.exe. Just edit that and
add the path to mdb, the switch, and path to secure mdw.

I want my the 6 users to be able to open the database. The
database is configured so that users will be able to access
the tables through a series of queries, but not look at or
change the tables. I'm not sure about changing the
permissions. I've adjusted the permissions on my PC so that
2 of the 6 users have admin priveleges, and the ability to
look at tables and change the database.

Normally, you would not assign any permissions to the Users
Group when securing a database. The exception would be if you
want security, but don't want users to have to login. If you
assign permissions to the Users Group, then they don't need
your secure mdw. They can use the standard system.mdw on
their system, and not log in.

It is possible to remove all permissions on the tables, and
then use run with owner permission (RWOP) queries for all data
interaction. However, usually you'd provide a form for users to
use, rather than just a query.

--
Joan Wild
Microsoft Access MVP


.

Relevant Pages

  • Re: Access97 DB locks up the asp code at times
    ... The .ldb file is created when the database is accessed & deleted after ... > problem with the folder. ... > I'll chat with our IT group about setting the proper permissions. ... My goal is that everyone can run the asp that accesses the mdb ...
    (microsoft.public.inetserver.asp.general)
  • Re: User access on a company intranet
    ... They do have full permissions to the folder that the front end of the ... You wouldn't need to do this in your copy of the database. ... However you can toggle the shiftkey bypass from another mdb file. ... then the only way to open the secure mdb is by using the mdw you ...
    (microsoft.public.access.security)
  • Re: Security .mdw - how to add myself to list of users
    ... When I click on the .mdb database, ... " You do not have the necessary permissions. ... You don't need to open the MDW file in MS Access. ...
    (microsoft.public.access.security)
  • Re: security for 100+ user and dbs without having to signin
    ... The owner of a DB can always give themselves permissions. ... by someone unaware of security, then likely they were logged in as ... > database remove all unnecessary permissions from ...
    (microsoft.public.access.security)
  • Re: Viewing object owner in SQL 2005 - ownership chaining
    ... The server principal "HFDB_2_0_readonly" is not able to access the database "Hotfix_data" under the current security context. ... To add on to Erland's response, the user needs a security context in both databases, even if no permissions are granted. ... I'm trying to set up Ownership Chaining. ... When I set up both a table and view from one logon and granted permissions to the view it didn't work, evidently because "creating user" is not equivalent to OWNER. ...
    (microsoft.public.sqlserver.security)