--------------------
| Content-Class: urn:content-classes:message
| From: "Rickey" <
[email protected]>
| Sender: "Rickey" <
[email protected]>
| Subject: MS Query and MS Access Security Problem
| Date: Mon, 12 Jan 2004 13:31:07 -0800
| Lines: 10
| Message-ID: <
[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcPZU2N/lvuJU6e0SbuaifXhgnrQmg==
| Newsgroups: microsoft.public.access.security
| Path: cpmsftngxa07.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.access.security:7432
| NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
| X-Tomcat-NG: microsoft.public.access.security
|
| I have someone that is using MS Query to bypass my
| security on my MS Access database. Is there a way to
| prevent this from happening? When they gain access to the
| database using MS Query, they lock everyone else out of
| the database. Even if I put a password on the backend,
| they can still go through the front end without having to
| enter the password.
|
| Is there is a way to prevent this?
|
|
Hi,
You most likely have the Admin account with the permissions to Open the
database and/or Tables.
If you use Microsoft Access User Level security and you remove the Admin
account from the Admins Group and deny permission to open database and
tables then users using MsQuery will not be able to import your data.
When they are using MsQuery they are opening the database using the Admin
account (especially if they are not specifying an System database). If
they are specifying a System database and using a particular account then
they are using the permissions you have setup. But if they are just using
the default then the Admin account has the necessary permissions. Setting
the database password will not prevent them from opening the database when
going through the FrontEnd. The FrontEnd database has the password cache.
I hope this helps! If you have additional questions on this topic, please
respond back to this posting.
Regards,
Eric Butts
Microsoft Access Support
"Microsoft Security Announcement: Have you installed the patch for
Microsoft Security Bulletin MS03-026? If not Microsoft strongly advises
you to review the information at the following link regarding Microsoft
Security Bulletin MS03-026
<
http://www.microsoft.com/security/security_bulletins/ms03-026.asp> and/or
to visit Windows Update at <
http://windowsupdate.microsoft.com/> to install
the patch. Running the SCAN program from the Windows Update site will help
to insure you are current with all security patches, not just MS03-026."
