Re: User Level Security Malfunction

Hello All,

I will try to list all the facts as I know them:

System is Access 2003. The database and Security.mdw files are on a shared
network drive, where all 10 of the users has access. Under “User and Group
Permissions”, my personal ID is listed as the owner for all the Objects
(Database, Tables, Queries etc). Under “User and Group Accounts” the Admin
is not in the Admins Group. I do not have path to the Security.mdw file in
my short cut. Instead for my installation of Access I set it to point to the
Security.mdw file. However, when I change back to the default system.mdw, it
does allow me to open the database without ID/password. Once the other users
point to the Security.mdw file they are prompted to log on, but if they don’t
point to it, their default System.mdw lets them open the database.

I was slow and methodical while running the User Level Security Wizard, so I
am pretty sure I did not miss any steps. And some how I think the database
is partially secured (hence I think this is a malfunction). Like I mentioned
earlier, after reading a few of the on-line explicit step by step
instructions, I attempted to create a new secured database (both .mdb and
..mdw files) and import the old database’s objects, but the old database gives
me the “You don’t have permissions” error. I tried opening the old with the
Security.mdw, and the new with its own SecuredRev.mdw at the same time to see
if it then would allow me to import, still the “You don’t have permissions”
error. Then I tried to just cut and paste some of the old database’s objects
into the new, again “You don’t have permissions” error. I need to have some
security on this database, but I don’t want to re-write it as a new database.
Is re-writing my only choice?


"Rick Brandt" wrote:

mikeycan wrote:
That is just my dilemma. According to the User and Group Permissions
menu, the Users group has no rights to open the database, and it also
shows that my personal User ID is the owner of the database (as well
as, all the objects individually). So again, I don't understand why
the default system.mdw will allow the database to be opened. But
bottom line, can I fix it?

I can only suggest finding one of the on-line explicit step by step instructions
for securing a file and starting over with one of those. It is too easy to miss
a step otherwise. On those rare occassions where I create a secured file I do
it the sort of the other way around. I first create a blank secured file that I
verify cannot be opened except with my workgroup file and THEN I build my app
with it. I just did this excercise last night and it worked for me.

Create workgroup and join it.
(close and re-open Access (use any file you like)

Create new user, and place in Admins group
Remove Admin from Admins group
Give Admin a password
(close and re-open Access as new user)

Create new blank file
(it will be owned by my new user since he just created it).

Give new user a password
Remove all permissions to database object from Admin
Remove all permissions to "new" objects (every type) from Admin
Remove all permissions to database object from Users group
Remove all permissions to "new" objects (every type) from Users group
(notice you only have to do this for the "new" object of each type since no
objects exist yet)

I should now find that if I close and reopen as Admin that I cannot open the
blank file. I should also find that if I rejoin System.mdw that I cannot open
the blank file.

Now that I have a properly secured file I can create objects in it. Since Admin
and Users have no permissions to "new" objects, anything I add will
automatically be an object that they have no permissions to. This also applies
to objects that are imported so I can now import all of the objects from an
existing file into this new secured file and all of those objects should be
locked down with respect to Admin and Users. Then I should be able to create
more users and groups and assign permissions as desired.

What I like about this procedure is that I don't waste time creating groups and
users and assigning permissions until after I have established that my file is
correctly secured. Another thing you can do with this method is take the
secured blank file and before you put any objects in it you can make a copy and
call that your secured template file. Any time you want another secured file
that will use the same workgroup you just copy the template file and off you go.

--
Rick Brandt, Microsoft Access MVP
Email (as appropriate) to...
RBrandt at Hunter dot com








.

Relevant Pages

  • Re: User Level Security Malfunction
    ... menu, the Users group has no rights to open the database, and it also ... I first create a blank secured file that I ... Remove Admin from Admins group ... Remove all permissions to "new" objects from Admin ...
    (microsoft.public.access.security)
  • Q: low permission cannot convert from A97 to A2000/2003
    ... A97, but the database is sent out and used by contractors (user permissions) ... The admin user has full privileges. ... The problem we are having is converting the database from A97 to 2000+. ...
    (microsoft.public.access.security)
  • Security Wont work
    ... I have set up a database and created a workgoup file. ... the admins group so admin is only a member of the user ... All permissions for the user group are turned off. ... I see in Snelling's security document that there are two ...
    (microsoft.public.access.security)
  • Exclusive locks
    ... When I secured the database, I created two new users, ... "Full Permissions" and "Full Data Users." ... groups Full Permissions and Users (the users "Admin" and "Staff" are exactly ... Why isn't Access able to obtain the exclusive lock that it's apparently ...
    (microsoft.public.access.security)
  • Re: Sorting out security
    ... > MS Access security. ... > created a new workgroup, added a password for the Admin role, added ... > remote logins to a secured database. ... The location of the current workgroup file is recorded in the ...
    (microsoft.public.access.security)