Secured Temp database

[TC]

only the SID of the Admins group is stored within the database file

Oops, wrong. In general, most of the user and group SIDs /are/ stored
within the database file - for the purpose of defining which users or
groups have what permissions to which database objects. But everything
else was correct

TC

 

[robert d via AccessMonster.com]

Okay, I think I have most of it figured out, but I'm still having problems.
Right now my db#2 can be opened with Workgroup file #1 and I didn't think
that should be the case. Here are the particulars

1) DB#1 secured by Workgroup file #1. Owner of all items is DBOWNER
2) DB#2 secured by Workgroup file #2. Owner of all items is DBOWNER
3) Workgroup file #2 users are only Admin and DBOWNER.
4) The front end, DB#1, uses RWOP queries on the tables in the backend, DB#2.
Linking is done as outlined in Access Security FAQ, Item 14.3, No permissions
necessary.
It says in Item 14.3 that a user needs to have Open/Run permissions on DB#2.
DBOWNER in DB#2 has full permissions on the tables.

I have a custom group called PowerUsers that is in both Workgroup files.
When Open/Run for the database (DB#2) is set for PowerUsers, everything works
fine. DB#2 is linked and RWOP queries can be accessed by all users. However,
any user in Workgroup file #1 can log on with Workgroup file #1 and open DB#2?
??! Note, except for DBOWNER, none of the other users in Workgroup file #1
is listed in Workgroup file #2.

If Open/Run for the DB#2 database is revoked for PowerUsers, then the RWOP
queries cannot be accessed except by DBOWNER (which is not surprising, since
DBOWNER is the owner for both dbs).

So I don't know how to fix this.

Thanks for any help.

I forgot to comment on the linking.

From the front end, I'm linking to the instance of the temporary database
using the method described in the Access Security FAQ 14.3 No Permissions
necessary.

It's still a bit hard to comment on your setup, because of the way you
phrase your descriptions. For example, you say that "no workgroup file

[quoted text clipped - 15 lines]

Good luck!,
TC

 

[robert d via AccessMonster.com]

Edited post.

Okay, I think I have most of it figured out, but I'm still having problems.
Right now my db#2 can be opened with Workgroup file #1 and I didn't think
that should be the case. Here are the particulars

1) DB#1 secured by Workgroup file #1. Owner of all items is DBOWNER
2) DB#2 secured by Workgroup file #2. Owner of all items is DBOWNER
3) Workgroup file #2 users are only Admin and DBOWNER.
4) The front end, DB#1, uses RWOP queries on the tables in the backend, DB#2.
Linking is done as outlined in Access Security FAQ, Item 14.3, No permissions
necessary.
It says in Item 14.3 that a user needs to have Open/Run permissions on DB#2.
DBOWNER in DB#2 has full permissions on the tables.

I have a custom group called PowerUsers that is in both Workgroup files. Every user in both workgroup files (except the Admin user) is also a member of the PowerUsers group.
When Open/Run for the database (DB#2) is set for PowerUsers, everything works
fine. DB#2 is linked and RWOP queries can be accessed by all users. However,
any user in Workgroup file #1 can log on with Workgroup file #1 and open DB#2?
??! Note, except for DBOWNER, none of the other users in Workgroup file #1
is listed in Workgroup file #2.

If Open/Run for the DB#2 database is revoked for PowerUsers, then the RWOP
queries cannot be accessed except by DBOWNER (which is not surprising, since
DBOWNER is the owner for both dbs). However, only Workgroup file #2 can be used to open db#2, which is what I want.

So I don't know how to fix this.

Thanks for any help.

I forgot to comment on the linking.

[quoted text clipped - 7 lines]

 

[robert d via AccessMonster.com]

This fourm can be difficult. Do you know how to edit a post that has already
been made.

Anyway I wanted to add the following two points.

1) In both workgroup files every user, except Admin, is a member of the
PowerUsers group.

2) If Open/Run for the DB#2 database is revoked for PowerUsers, then the RWOP
queries cannot be accessed except by DBOWNER (which is not surprising, since
DBOWNER is the owner for both dbs). However, DB#2 now can only be opened by
Workgroup File #2, which is what I want.

Thanks.

Okay, I think I have most of it figured out, but I'm still having problems.
Right now my db#2 can be opened with Workgroup file #1 and I didn't think
that should be the case. Here are the particulars

1) DB#1 secured by Workgroup file #1. Owner of all items is DBOWNER
2) DB#2 secured by Workgroup file #2. Owner of all items is DBOWNER
3) Workgroup file #2 users are only Admin and DBOWNER.
4) The front end, DB#1, uses RWOP queries on the tables in the backend, DB#2.
Linking is done as outlined in Access Security FAQ, Item 14.3, No permissions
necessary.
It says in Item 14.3 that a user needs to have Open/Run permissions on DB#2.
DBOWNER in DB#2 has full permissions on the tables.

I have a custom group called PowerUsers that is in both Workgroup files.
When Open/Run for the database (DB#2) is set for PowerUsers, everything works
fine. DB#2 is linked and RWOP queries can be accessed by all users. However,
any user in Workgroup file #1 can log on with Workgroup file #1 and open DB#2?
??! Note, except for DBOWNER, none of the other users in Workgroup file #1
is listed in Workgroup file #2.

If Open/Run for the DB#2 database is revoked for PowerUsers, then the RWOP
queries cannot be accessed except by DBOWNER (which is not surprising, since
DBOWNER is the owner for both dbs).

So I don't know how to fix this.

Thanks for any help.

I forgot to comment on the linking.

[quoted text clipped - 7 lines]

 

[TC]

This fourm can be difficult. Do you know how to edit a post that has already
been made.

You can't. Sometimes (but far from always) you can cancel them, but you
can not edit them.

Anyway I wanted to add the following two points.

1) In both workgroup files every user, except Admin, is a member of the
PowerUsers group.

2) If Open/Run for the DB#2 database is revoked for PowerUsers, then the RWOP
queries cannot be accessed except by DBOWNER (which is not surprising, since
DBOWNER is the owner for both dbs). However, DB#2 now can only be opened by
Workgroup File #2, which is what I want.

Robert, I'm quite happy to keep helping, but it's too hard to go back
over previous posts & put them all together. See if you can make one
more post, completely self-contained, which clearly summarizes what you
have at present, and what doesn't work the way that it should.

Cheers,
TC

 

[robert d via AccessMonster.com]

TC:

I agree with you and already have created a new post with where I currently
stand with my problem.
The post title is "Workgroup crossover problem".

Thanks.

This fourm can be difficult. Do you know how to edit a post that has already
been made.

You can't. Sometimes (but far from always) you can cancel them, but you
can not edit them.

Anyway I wanted to add the following two points.

[quoted text clipped - 5 lines]

DBOWNER is the owner for both dbs). However, DB#2 now can only be opened by
Workgroup File #2, which is what I want.

Robert, I'm quite happy to keep helping, but it's too hard to go back
over previous posts & put them all together. See if you can make one
more post, completely self-contained, which clearly summarizes what you
have at present, and what doesn't work the way that it should.

Cheers,
TC