Hi Pele,
Keep in mind that if you can restore the security back to the default
without rebuilding the SYSTEM.MDW the way you created it the first time,
anybody can do so too. In other words your security setup is not correctly
performed.
Never use build-in accounts, instead create your own users. I have a user
Supervisor, where Supervisor owns every object in the database and has
Admins rights. ONLY after that i revoked the rights from Admin by removing
it from the group Admins.
There are two ways how the user Supervisor can own every object in the
database. The first method is with the Security Wizard (make sure u are
logged-in as Supervisor). The second method is log-in as Supervisor, then
only close the database form (so you stay in MSAccess with no database).
Then create a new database and start importing every object from your
original database.
As long the database is owned by Admin everything can be restored to normal!
And because this is the standard configuration, its also the weakest point
of MSAccess security. That's why you never should use the build-in accounts
(Microsoft confirms this).
A few more tips about MSAccess security:
-Never use the default SYSTEM.MDW, because every MSAccess app uses this one
by default. Create your own SYSTEM.MDW and use a shortcut with commandline
params where you tell MSAccess which SYSTEM.MDW to use.
-Always write down how you configured your SYSTEM.MDW, groups and users. In
case of lost you can restore your SYSTEM.MDW, groups and users.
-You'll need to assign a password to at least one User in order to activate
the userlogin dialog. You must start with Supervisor, because you first have
to make sure this user gets to own all the objects in the database and gets
all the rights for every object, before revoking the rights of user Admin.
-In order to maintain your security configuration in a easy way, only assign
rights to Groups and user Supervisor else you get lost in the woods. My
Groups are organized in a way that they represent parts of the application
that can support a part of the informationproces the application is written
for. Afterwards you just make a User member of 1 or more Groups depending on
his role within this information proces.
-In the MSAccess options tabbed dialog there is a tab where you can set how
queries follow the security rights. You can set it By user or by owner. Set
it by user (default). If you set it by Owner then users still can manipulate
all your data (this comes in handy when you want to write queries with
record level protection, yes it can be done!).
-If u use linked tables and have some mechanisme that tries to reconnect if
the tables are not there then you also need te set the rights to "change
design". This right for tables means that users may change the design for a
table, but for a linked table (from perspective of the frontend) it means
only change the link itself and not the table or the data in it. If you
don't you will have to go to your client and relink the tables yourself.
-If you are able to open a "secured" MSAccess app by opening the MDB
directly from explorer or by importing objects from it into another MDB then
your security needs to be checked again. Make sure every object is owned by
Supervisor and that Supervisor is member of Admins and that Admin is not a
member of Admins and that other build-in accounts have no rights at all.
There is a lot more to tell about this security-hell, but the most important
pitfalls are told now.
Hope you get on your way now!
Sid.