I've inherited some Access Security issues and wondered why...

[ThriftyFinanceGirl]

I've inherited some Access Security issues from a group that will be using
the current application that I am developing.

They have another application that was created and uses Access Workgroup
Security, however, EVERYTIME they open MSAccess... even for another
application they are being required to log in. This is problematic, and I'm
having other problems with these users that I don't have in my other user
group (Although we are still in the testing phases)

I have never like Access security and always built my own. Can someone
explain to me why they would have to log in just opening MS Access?
Shouldn't they just have to log in when they open that particular DB?

 

[Douglas J. Steele]

It sounds as though the Workgroup Administrator tool was used to associate
the workgroup file (.mdw) with Access for them. That was a mistake.

They should be associated with the default workgroup file (usually found at
C:\WINDOWS\system32\system.mdw), and should use a short cut that links the
application to the specific workgroup file when necessary.

Either that, or security was applied to the default workgroup file, not a
new one, as should have been done.

 

[Tom van Stiphout]

On Thu, 17 Sep 2009 06:20:02 -0700, ThriftyFinanceGirl

Because they used Workgroup Administrator to join the secure mdw,
rather than stay with the default unsecured system.mdw that is
installed with Access.
They can run this app again and join the unsecured mdw (or you can
give them your copy). Then create a shortcut for the one secured
application: <path_to>msaccess.exe <path_to>the.mdb /wrkgrp
<path_to>secured.mdw

-Tom.
Microsoft Access MVP

 

[Keith Wilby]

I have never like Access security and always built my own.

I bet anyone with a bit of nouse could break it in minutes. Beware
home-grown security in Access! Even the built-in security can be broken
with the right tools.

Can someone
explain to me why they would have to log in just opening MS Access?

Because Access is either using a modified default workgroup file or it has
been set to use a custom one. The preferred method is to switch to custom
workgroups at runtime, leaving the default as the ... erm ... default.

Keith.
www.keithwilby.co.uk

 

[ThriftyFinanceGirl]

Thanks Tom and Doug! Actually that is what I thought... I remembered
something about creating a new security group -- and that most people don't
know to do that. So I will see if we can get that setup and changed.
Thanks! I will ask if I can't figure it out, but if I remember right, there
is a Tool that you use to set it all up anyway.

 

[John W. Vinson]

Thanks Tom and Doug! Actually that is what I thought... I remembered
something about creating a new security group -- and that most people don't
know to do that. So I will see if we can get that setup and changed.
Thanks! I will ask if I can't figure it out, but if I remember right, there
is a Tool that you use to set it all up anyway.

Download and print out the Microsoft Access 2000 Security FAQ:

http://support.microsoft.com/kb/207793/en-us

It applies through 2003 (though it's not available in 2007). Security is
complex - keep unsecured backups, and study the FAQ carefully!

 

[Douglas J. Steele]

Download and print out the Microsoft Access 2000 Security FAQ:

http://support.microsoft.com/kb/207793/en-us

It applies through 2003 (though it's not available in 2007). Security is
complex - keep unsecured backups, and study the FAQ carefully!

<picky>
Security is available in Access 2007 if the file is left in MDB format.
</picky>

 

[David W. Fenton]

<picky>
Security is available in Access 2007 if the file is left in MDB
format.
</picky>

It's not PICKY at all to point this out.

People who equate A2007 with ACCDB format are being INCREDIBLY
SLOPPY and doing no one a favor.

MDB is still a native format in A2007, and ULS is fully available in
A2007 with all the MDB formats that A2007 can use.

It is only ACCDB format that is CRIPPLED such that ULS is no longer
available. It is not an issue with A2007, nor with the ACE -- it is
a matter of the ACCDB format having been downgraded (in comparison
to MDB format) to remove important and useful features.

 

[ThriftyFinanceGirl]

Thanks Keith, and I understand what you are saying about "homegrown", however
the procedures I have used have worked well. Saying that, you mentioned
using a custom workgroup file at runtime... isn't that what we are setting up
if we do the Security Tool properly (ie. create a copy of the main workgroup
file and set the db's in question to the newly created copy of the mdw?)?