File and folder permissions for shared database

[Bob Smith]

What ntfs permission settings should be used on the file
and folder when sharing an .mdb on the network?

I'm looking for the least priviliges or most secure
configuration. I would like the workgroup security file
to be accessible (since the user level security has been
implemented for the .mdb), but I would like to prevent the
user from being able to navigate to the .mdw to download
it and attempt to crack it, etc.

 

[Robert Smith]

Thanks. How about for the .mdw file? I store the .mdw file in a separate
shared folder on the network.

Is it possible to set the folder permissions such that a user cannot
navigate to the .mdw file, but they can still access it when logging in to
the database?

 

[Douglas J. Steele]

To be honest, I'm not sure if you need the same permissions on the folder
for the MDW, but I would assume you do.

The only approach I can see to preventing them from navigating to the .MDW
file would be to use a hidden share, and don't give them access to any
shares that include the folder where the MDW exists. (eg.: Create a folder
F:\Security on the server, share it as Security$, and don't give them access
to F:$) Unfortunately, anyone who knows where it exists will be able to go
directly to it (i.e. map to the share, without navigating to it)

 

[Joan Wild]

To be honest, I'm not sure if you need the same permissions on the folder
for the MDW, but I would assume you do.

Yes you need the same permissions - the mdw also creates a ldb file.