Getting Admin rights back

  • Thread starter Thread starter Pele
  • Start date Start date
P

Pele

I had created a tool in Access and in fiddling around with
the security features in Access, I mistakenly took myself
out of the Admins group and so I have only User rights.
Access won't even allow me to use the Security Wizard and
I can't correct my mistake since everything is greyed out.
What should I do.

Pele
 
Use your backup! (:<)

You can recreate your Workgroup Information File (.mdw) if you remember the
Name and Workgroup ID number you originally used. Give the Admin user a
password then use this to start the database then you can re-assign
permissions.

If you can't recreate the original .mdw then try creating a new .mdw file
(any Name and ID) then use this as the default .mdw then create a new mdb
and import all the objects from your old database. The only reason this
wouldn't work is because the objects are hidden but even so you should be
able to unhid them with just your current User access as long as you have
access to Access' menu Tools/Options.

Hope this is clear.
 
Windows 2000 and Access 2000.

I have actually been able to solve my problem. The help
files had mentioned a file called SYSTEM.MDW as containing
my workgroup files, so I just went back to the CD used for
installing Access and copied a fresh copy and it works.

Thanks for your help.

Pele
 
Pele,
You should create your own Workgroup Information File if you are going to
add security to a database. Never use the System.mdw or you will screw
yourself up royally.

Regards
Barry
 
Hi Pele,

Keep in mind that if you can restore the security back to the default
without rebuilding the SYSTEM.MDW the way you created it the first time,
anybody can do so too. In other words your security setup is not correctly
performed.

Never use build-in accounts, instead create your own users. I have a user
Supervisor, where Supervisor owns every object in the database and has
Admins rights. ONLY after that i revoked the rights from Admin by removing
it from the group Admins.

There are two ways how the user Supervisor can own every object in the
database. The first method is with the Security Wizard (make sure u are
logged-in as Supervisor). The second method is log-in as Supervisor, then
only close the database form (so you stay in MSAccess with no database).
Then create a new database and start importing every object from your
original database.

As long the database is owned by Admin everything can be restored to normal!
And because this is the standard configuration, its also the weakest point
of MSAccess security. That's why you never should use the build-in accounts
(Microsoft confirms this).

A few more tips about MSAccess security:
-Never use the default SYSTEM.MDW, because every MSAccess app uses this one
by default. Create your own SYSTEM.MDW and use a shortcut with commandline
params where you tell MSAccess which SYSTEM.MDW to use.
-Always write down how you configured your SYSTEM.MDW, groups and users. In
case of lost you can restore your SYSTEM.MDW, groups and users.
-You'll need to assign a password to at least one User in order to activate
the userlogin dialog. You must start with Supervisor, because you first have
to make sure this user gets to own all the objects in the database and gets
all the rights for every object, before revoking the rights of user Admin.
-In order to maintain your security configuration in a easy way, only assign
rights to Groups and user Supervisor else you get lost in the woods. My
Groups are organized in a way that they represent parts of the application
that can support a part of the informationproces the application is written
for. Afterwards you just make a User member of 1 or more Groups depending on
his role within this information proces.
-In the MSAccess options tabbed dialog there is a tab where you can set how
queries follow the security rights. You can set it By user or by owner. Set
it by user (default). If you set it by Owner then users still can manipulate
all your data (this comes in handy when you want to write queries with
record level protection, yes it can be done!).
-If u use linked tables and have some mechanisme that tries to reconnect if
the tables are not there then you also need te set the rights to "change
design". This right for tables means that users may change the design for a
table, but for a linked table (from perspective of the frontend) it means
only change the link itself and not the table or the data in it. If you
don't you will have to go to your client and relink the tables yourself.
-If you are able to open a "secured" MSAccess app by opening the MDB
directly from explorer or by importing objects from it into another MDB then
your security needs to be checked again. Make sure every object is owned by
Supervisor and that Supervisor is member of Admins and that Admin is not a
member of Admins and that other build-in accounts have no rights at all.

There is a lot more to tell about this security-hell, but the most important
pitfalls are told now.

Hope you get on your way now!

Sid.
 
As long the database is owned by Admin everything can be restored to normal!
And because this is the standard configuration, its also the weakest point
of MSAccess security.

But that is actually a strength. It allows unsecured databases to work
seamlessly.
That's why you never should use the build-in accounts
(Microsoft confirms this).

There are circumstances where using the built-in accounts is useful, however
for most situations you are correct.
A few more tips about MSAccess security:
-Never use the default SYSTEM.MDW, because every MSAccess app uses this one
by default. Create your own SYSTEM.MDW and use a shortcut with commandline
params where you tell MSAccess which SYSTEM.MDW to use.

Also, I suggest you don't name your newly created mdw file 'system.mdw' as
you'll confuse it with the default one.
-You'll need to assign a password to at least one User in order to activate
the userlogin dialog.

Actually you must assign a password to the default Admin user to activate
the dialog, not any old user.
 
Back
Top