Re: User Level Security Malfunction
- From: "BruceM" <bamoob@xxxxxxxxxxxxxxxx>
- Date: Thu, 7 Feb 2008 07:45:13 -0500
The way I understand it the database owner can not be reassigned. The person who logged on to Access when the database was created is the owner. Click Tools > Security > User and Group Permissions. Click the Change Owner tab, and select Database as the Object Type. If you are listed as the owner, you created the database while logged on as yourself, not as Admin. I know you said you are the owner, but I'm just trying to verify the details.
If you double click the database file itself in My Computer, can you open it? If so, there is still a security hole. Are you opening the database by way of a shortcut that includes the path to the Security.mdw file, or have you changed the default mdw file on your installation of Access? In order for the security to work on other computers, those computers must have the same Security.mdw file you have (it can and probably should be in a shared location if there are several users), and the shortcut on those computers must include the path the the Access executable, the database file, and the Security.mdw file. For instance:
"C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE" "D:\Folder\YourDatabase.mdb" /wrkgrp "D:\Folder\Security.mdw"
I think the quotes are necessary only if there are spaces in the path.
You may have done these things, but you were not specific about some of them, so I can't be sure.
"mikeycan" <mikeycan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:05C076CD-E6D5-462C-852A-B9BFEB6B2838@xxxxxxxxxxxxxxxx
That is just my dilemma. According to the User and Group Permissions menu,
the Users group has no rights to open the database, and it also shows that my
personal User ID is the owner of the database (as well as, all the objects
individually). So again, I don’t understand why the default system.mdw will
allow the database to be opened. But bottom line, can I fix it?
"Rick Brandt" wrote:
mikeycan wrote:
> As part of the running the User Level Security Wizard, I did create a
> new .mdw file (called Security.mdw), and it was used to add the
> users. I did not add to the system.mdw. From my research, I
> understand how the system.mdw has the Admin in the Admins group, and
> it will open any database that also has the Admin in the Admins
> group. However, since my Admin is not in the Admins group, any of
> the users System.mdw should not override entry into my database. But
> it does.
When your file can be opened with any old mdw file then it is not secured
properly. When anyone opens your file with a workgroup file that does not
require a login they are *absolutely* doing so as the user 'Admin' member of
group 'Users'.
Admin's membership in the 'Admins' group is not usually an issue because the
'Admins' group in any user-created mdw file is not the same as the Admins group
in any other mdw file unless the same identifiers were used to create them.
However; the group 'Users' is the same in ALL workgroup files.
So...if they can open your file then it must be the case that either 'Admin' or
the group 'Users' has permissions or ownership that they should not have. In
most cases it is because 'Admin' still owns the database. That will let anyone
in regardless of the permissions you have taken away from Admin because Owners
have built in permissions that cannot be taken away.
--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com
.
- References:
- User Level Security Malfunction
- From: mikeycan
- RE: User Level Security Malfunction
- From: Olduke
- RE: User Level Security Malfunction
- From: mikeycan
- Re: User Level Security Malfunction
- From: Rick Brandt
- User Level Security Malfunction
- Prev by Date: Re: User Level Security Malfunction
- Next by Date: Re: User Level Security Malfunction
- Previous by thread: Re: User Level Security Malfunction
- Next by thread: Re: User Level Security Malfunction
- Index(es):
Relevant Pages
|
