hopefully basic security question

  • Thread starter Thread starter Mike
  • Start date Start date
M

Mike

Hi All,

using Access 2K, winXp, and I'm fairly rookie-level when it comes to this
security stuff, so explain gently :) I couldn't find this answer anywhere
else, but maybe cause I'm just not understanding.

we are using a database here that my GM created, we're all logged into the
workgroup .mdw file, with user-level security assignments.

All seems to be pretty good (only users in the correct groups can edit
certain data, forms, etc), except that it seems that ANYONE can go to Tools
/ Security / User and Group Accounts and add themselves (or anyone else) to
any group that they care to (all of a sudden, I can edit any forms, data,
etc that I want if I add myself to the admins group)

How do we fix this so that people cannot assign themselves to a group?

TIA.

--

____________________________________________________________________________________________
Please reply to newsgroup so everyone can benefit.
Email address is not valid (see sparkingwire.com)
____________________________________________________________________________________________
 
Mike said:
using Access 2K, winXp,

we are using a database here that my GM created, we're all logged
into the workgroup .mdw file, with user-level security assignments.

All seems to be pretty good (only users in the correct groups can edit
certain data, forms, etc), except that it seems that ANYONE can go to
Tools / Security / User and Group Accounts and add themselves (or
anyone else) to any group that they care to (all of a sudden, I can
edit any forms, data, etc that I want if I add myself to the admins
group)
Click to expand...

The database wasn't secured properly to begin with. Only users in the
Admins Group can modify user membership.

When you say you are logged into the workgroup file, what do you mean? You
mean this was set as the default, or do users use a desktop shortcut to
start the database?
 
Ahh yes, the old problem of carefully locking the front door, but then hanging the key on a hook
right next to the doorknob. That should definitely keep everyone out.
;-)

Ok, seriously now, what you need to do is create custom menu bars and toolbars for your application.
Not only will this give your application a more 'polished' look, but you can then control what menu
options your users will see. You simply do not place the User And Group Accounts menu option on your
custom menu bars/toolbars. What your users cannot see, they cannot mess up!

I would study this great walk-through on creating menu bars and toolbars. It was written for Access
97, but the same basic concepts remain the same for later versions. Practice on some dummy databases
first. It can actually be quite fun creating your own custom menu bars/toolbars.

http://www.microsoft.com/Accessdev/articles/bapp97/chapters/ba01_6.htm

Good luck!
 
The database wasn't secured properly to begin with. Only users in the
Admins Group can modify user membership.

When you say you are logged into the workgroup file, what do you mean?
You
mean this was set as the default, or do users use a desktop shortcut to
start the database?
Click to expand...

"by logged into" I mean that if I try and open the database without joining
the correct workgroup ( for example, if I am only joined to the default
"system.mdw") I get an error message. So everyone here has now joined our
"PDSystem.mdw" workgroup (as their default workgroup), and, has a user name
in that workgroup file and that user name is assigned to different
usergroups (engineering, quality, materials, etc) as required. Now when I
open the database, it asks me for my username and password. my login
doesn't allow me to modify forms, or quality dept data (only engineering
dept data).

Before the database was "secured" I could open it up while I was joined to
the default system.mdw... and edit anything I wanted (data, forms, etc)...
how do we secure it properly?

thnx
--

____________________________________________________________________________________________
Please reply to newsgroup so everyone can benefit.
Email address is not valid (see sparkingwire.com)
____________________________________________________________________________________________
 
Jeff, thanks for the suggestion...

vba I'm actually pretty conversant with, but the GM who wrote this database
and controls the database is not as comfortable with vba and I'm trying to
get away from having to maintain code (unfortunately, vba code is not my job
here, so it becomes overtime) - especially of databases that I don't have
(nor want) administrative rights to.

I will suggest it though. as a question (being more conversant in Excel &
VBA than Access & VBA) though, I'm curious - couldn't you write an add-in to
just bring back the menus - I've done that in excel, but I haven't had the
time to delve into Access' object model all that much.

--

____________________________________________________________________________________________
Please reply to newsgroup so everyone can benefit.
Email address is not valid (see sparkingwire.com)
____________________________________________________________________________________________
 
The users should not be able to add users to groups unless they are a member
of the Admins Group.
 
Hi Mike, comments below...
vba I'm actually pretty conversant with, but the GM who wrote this database
and controls the database is not as comfortable with vba and I'm trying to
get away from having to maintain code (unfortunately, vba code is not my job
here, so it becomes overtime) - especially of databases that I don't have
(nor want) administrative rights to.
Click to expand...

Depending upon what you need, setting up some custom menu bars/toolbars can be quite easy to set up.
If the users do not need access to specific menu bar functions than do not include them in your
custom one(s).
I will suggest it though. as a question (being more conversant in Excel &
VBA than Access & VBA) though, I'm curious - couldn't you write an add-in to
just bring back the menus - I've done that in excel, but I haven't had the
time to delve into Access' object model all that much.
Click to expand...

Well this one line of VBA code will call up the User/Groups Accounts box:

DoCmd.RunCommand acCmdUserAndGroupAccounts

You could put that in your database somewhere. That way it is out of sight until someone who needs
it (and is authorized).

However, reading over your other posts and Joan's responses does raise a red flag. It really sounds
like the database has not been properly secured to begin with. I would study up on database security
using the following study aides:

Security FAQ (the Security Bible):
http://support.microsoft.com/?kbid=207793

Jack Macdonald's Security Document:
http://www.geocities.com/jacksonmacd/AJMAccessSecurity.pdf

Lynn Trapp's Ten Security Steps:
http://www.ltcomputerdesigns.com/Security.htm

Joan Wild's Tips:
http://www.jmwild.com/security02.htm
 
Back
Top