How to properly secure Access XP if already replicating (due to the Wizard bug with the Users' group

  • Thread starter Thread starter M Scott
  • Start date Start date
M

M Scott

We have an application that has been in use for the internal group of users,
replicating, etc.

Now, after this 'shake-out' period, we need to roll out to remote users and
are ready to apply security via a new, secured mdw file.

I have followed the direction from Alison Balter's and the Access 2002 Dev's
Handbook (which basically repeats what is in the MS security FAQ), and it
works...

Unless of course you open the database with the default system.mdw!!!!

After much head scratching as to what the **** was going on, I saw in the
FAQ that it said in item 10 - 'Oh yeah, and by the way, after you go through
all the above steps, it won't really matter anyway because the security
wizard doesn't actually remove permissions from the Users group, it just
makes it look like that in the wiz screens.' That't great.

Creating a new database and importing the objects (the suggested workaround)
is not a solution that is feasible for us, becuase then you can't replicate
the new database with the existing replication set.

Isn't there some way around this nonsense?! Can't we somehow revoke the
open database permission from the Users Group via DAO or ADOX...


TIA,

MScott
 
It's not the Open Database permission that is problematic -- it's the
database ownership...

If your new database is *owned* by the Admin user, then you have no
choice but to create a database following the proper procedures. Its
unfortunate that you may have to replace many replicas, but that's the
only solution.

On the other hand, if the database is *owned* by some account other
than Admin, then you merely have to revoke the appropriate permissions
from the Admin user and the Users group.

Open the database as usual
Tools > Security > User and Group Permissions > Change Owner tab
select the Database object
who is listed as owner? If it's Admin, you are out of luck, and you
must secure the database properly. There is a document on the website
in my signature that may help you through the process.

You will need to create a new replica set. Use Append queries to move
the data from the old replica to the new one. Obviously your database
must be offline (read-only??) for the period of time when you transfer
the data. I would practice on a throwaway replica set before
committing to the changeover.

If Admin is not the database owner, then all the tools you need to
revoke its permissions are available in the Access menu without
resorting to DAO.


We have an application that has been in use for the internal group of users,
replicating, etc.

Now, after this 'shake-out' period, we need to roll out to remote users and
are ready to apply security via a new, secured mdw file.

I have followed the direction from Alison Balter's and the Access 2002 Dev's
Handbook (which basically repeats what is in the MS security FAQ), and it
works...

Unless of course you open the database with the default system.mdw!!!!

After much head scratching as to what the **** was going on, I saw in the
FAQ that it said in item 10 - 'Oh yeah, and by the way, after you go through
all the above steps, it won't really matter anyway because the security
wizard doesn't actually remove permissions from the Users group, it just
makes it look like that in the wiz screens.' That't great.

Creating a new database and importing the objects (the suggested workaround)
is not a solution that is feasible for us, becuase then you can't replicate
the new database with the existing replication set.

Isn't there some way around this nonsense?! Can't we somehow revoke the
open database permission from the Users Group via DAO or ADOX...


TIA,

MScott
Click to expand...


**********************
(e-mail address removed)
remove uppercase letters for true email
http://www.geocities.com/jacksonmacd/ for info on MS Access security
 
If you want to revoke the open database permission from the Users group,
can't you just log-on as a member of the Admins group, then do it manually
from Tools : Security (or whatever the menu option is)?

HTH,
TC
 
M Scott said:
We have an application that has been in use for the internal group of users,
replicating, etc.

Unless of course you open the database with the default system.mdw!!!!

After much head scratching as to what the **** was going on, I saw in the
FAQ that it said in item 10 - 'Oh yeah, and by the way, after you go through
all the above steps, it won't really matter anyway because the security
wizard doesn't actually remove permissions from the Users group, it just
makes it look like that in the wiz screens.' That't great.
Click to expand...

That was 2000. You are using 2002 - should not be a problem. Confirm that
the Users Group has no permission on the Database object.


You would have to apply security in each replica. You may want to consider
unreplicating, securing and then replicating.
 
Back
Top