Access 2003 - Security

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am trying to secure a database on a network. I have set up passwords for
the users which works fine, however, others whom I have not set up on the
users group are able to open the database without a problem. I need to set
up the database so that only users in the users group can open the database.
I've been told to remove the default from the Admin group. How can I change
the default?

Ronnie
 
I have everything already set everything up--all users, groups, their
permissions. and passwords, and it works fine, however, others that are not
set up in the users group can get into the database without any restrictions
thru the ADMIN group. I need to change the default on the database. I have
been sent many links to follow, and I am getting frustrated because I have
read so much and I am not getting answers to specific questions. These links
are not helping me.
 
I have everything already set everything up--all users, groups, their
permissions. and passwords, and it works fine, however, others that are not
set up in the users group can get into the database without any restrictions
thru the ADMIN group. I need to change the default on the database. I have
been sent many links to follow, and I am getting frustrated because I have
read so much and I am not getting answers to specific questions. These links
are not helping me.
Click to expand...
This is just a wild guess, but are you using the default User group
rather than setting up your own group? And is user "Admin" still in
the Admins group? What I generally do is set up my own groups (one
for read-only, and one for updating data but not forms/etc), and
remove all permissions from the default User group. You can't remove
user "Admin" from the User group, but if you remove all permissions
from that group, and remove "Admin" from the Admins group, someone
logging in from the default system.mdw can't get into your database.
You shouldn't have anyone other than those you specify be members of
the group Admins.

Peter
 
Ronnie said:
I have everything already set everything up--all users, groups, their
permissions. and passwords, and it works fine, however, others that are
not
set up in the users group can get into the database without any
restrictions
thru the ADMIN group.
Click to expand...

Well that means that it *is not working fine*. Likely the Users Group still
has permission on the Database object (this group should have absolutely no
permissions to anything). Or perhaps the Admin User still owns the Database
object (the Admin User should not own anything at all) - you can verify this
by looking at the tools, security, permissions dialog. - change owner tab.

Verify that the Admin user doesn't own anything, and that the Users Group
doesn't have permission to anything. If the Admin User owns the database
object, you'll need to create a new mdb while logged in as the user you want
to own everything, and import all the objects from your secure mdb. Then
reapply the permissions on those objects.
I need to change the default on the database. I have
been sent many links to follow, and I am getting frustrated because I have
read so much and I am not getting answers to specific questions. These
links
are not helping me.
Click to expand...

Security is not easy to get right. It can take many tries to perfect it.
There are so many things that you may have missed, that it is difficult for
anyone to know what step you missed, or what is wrong.

When you started, did you create a new workgroup file or just copy
system.mdw?
 
Yes, I believe I am using the default user group and yes the user "Admin" is
still in the Admins Group. I will try setting up a new user group and remove
permissions from the default user group. I have already removed permissions
from the Admin Group, however, I have not removed the Admin User from the
Admin Group. I will try that as well.

Will this affect just this database, or will it affect every database the
user tries to get into?
 
Yes, Admin is the owner on some of the database. Some of the objects are
owned by me. Will I be able to change the owner of the objects listed as
owner, or will I have to copy and recreate?
 
Ronnie said:
Yes, I believe I am using the default user group and yes the user "Admin"
is
still in the Admins Group.
Click to expand...
You need to remove all permissions from the built-in Users Group. And you
also need to create a new user, make them a member of the Admins Group, and
then remove the 'Admin' user from the Admins Group.

The Users Group and the Admin User are the same in all workgroup files.
That is why it is important to remove all permissions/ownership for these
two entities. The Admins Group is different in different workgroup files,
however. So you can still make use of the Admins Group.

I will try setting up a new user group and remove
permissions from the default user group. I have already removed
permissions
from the Admin Group, however, I have not removed the Admin User from the
Admin Group. I will try that as well.
Click to expand...

It isn't necessary to remove permissions from the built-in Admins Group.
Will this affect just this database, or will it affect every database the
user tries to get into?
Click to expand...

You should be doing all of this in a newly created workgroup file. i.e.
don't just start adding users/groups and making changes. You first must
craete a new workgroup file. Otherwise you are changing the standard
system.mdw workgroup file that ships with Access. Every session of Access
requires a mdw file. Out of the box it uses system.mdw that ships with
Access. You mustn't make any changes to this workgroup. Create a new
workgroup file first.

(I know you have repeatedly said that the sites you've been pointed to
aren't helping, however they would take you through the necessary steps).
 
Ronnie said:
Yes, Admin is the owner on some of the database. Some of the objects are
owned by me. Will I be able to change the owner of the objects listed as
owner, or will I have to copy and recreate?
Click to expand...

The 'Admin' user cannot own *anything*. That is very important. You cannot
change the owner of the database object via the dialogs. You must create a
new mdb while logged in as the new user you create, and import all the
objects. This will ensure that *you* own all the objects.

If you just go through the dialogs and change the owner of all the objects
to your username, but leave the database object owned by Admin, then it will
never be secure. The database owner can take over any object. Since Admin
is the same in all workgroup files, you don't want this user having any
ownership.
 
Thanks! I am in the process of setting up a new database and I will copy all
the info from the original then redo the security. I will have to start on
this tomorrow.
I appreciate the help!
 
Back
Top