folder security nightmare to allow .ldb file deletion

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I read the following...

"If you plan to share a database, the .mdb file should be located in a
folder where users have read, write, create, and delete privileges."

(from http://support.microsoft.com/kb/q208778/ Introduction to .ldb files in
Access 2000)

My worst nightmare has finally occured: someone deleted the .mdb file being
shared. (Lucky for backups.)

How do you prevent mischief and/or clutsyness from playing havoc with the
folder in whcih the shared database file is located if you have to leave its
permissions wide open for it.

Am I doing something wrong?

Gerald Petron
 
You need to beat up the user that did this.

OK, that may not go over well; you could remove the delete permission on the folder. The ldb won't get deleted, and you may occasionally have to delete it (signed in as a user who does have permission to delete it), if you have problems.

Another option is to hide the folder, so that users can't get to it so easily. You use
\\servername\share$ rather than \\servername\share to hide it. They could still get to it using Windows Explorer, but they'd have to know the path (so don't tell them)
 
Of course, the file permissions will be changed every time you compact the
database.

Depending on the user permissions, MichKa has a solution to that issue at
http://www.trigeminal.com/codes.asp?ItemID=25#25

--
Doug Steele, Microsoft Access MVP

(no private e-mails, please)


You need to beat up the user that did this.

OK, that may not go over well; you could remove the delete permission on the
folder. The ldb won't get deleted, and you may occasionally have to delete
it (signed in as a user who does have permission to delete it), if you have
problems.

Another option is to hide the folder, so that users can't get to it so
easily. You use
\\servername\share$ rather than \\servername\share to hide it. They could
still get to it using Windows Explorer, but they'd have to know the path (so
don't tell them)
 
I thought the file would inherit permissions from the folder?

Only in a file system copy operation.

One trick might be to automate your compact such that you compact to
a file in a different folder with no delete permissions, and then
*move* the file back to the original location. Move operations
retain permissions, while copy inherits.

I don't know if that would work -- just an idea.
 
Sorry: I missed the fact that you were suggesting that delete permission be
removed from the folder. I thought you were suggesting that it be removed
only from the file.

--
Doug Steele, Microsoft Access MVP

(no private e-mails, please)


I thought the file would inherit permissions from the folder?
 
SOLUTION! (2 steps)
1. We removed the "delete" privelege from the folder.
2. We have another database linked to just one of the tables of the shared
database on a 24hour-7days/week basis that does only one thing: KEEPS THE
..ldb FILE THERE ALL THE TIME.

Now, anybody can log in, and when they log out, they're never the last one
becuase of the continous 24-7 link.

Thanks everybody.

Jerry Petron
 
Back
Top