Securing A Folder On A Server

[Tom]

Can anyone give me any advice on how to secure a folder on a network server
so that documents in the folder can only be opened through an Access
database or by the database admin. I need to store MS Word docs in a folder
on a network server. The database admin will save the docs to the folder.
The docs must be available to Word automation out of a specific Access
database and available to the database admin out of MS Word. Only users of
the database must be able to get to the docs from the database and no one
other than the database admin must be able to get to the docs from MS Word.
Access to the folder via Internet Explorer must be blocked to everyone
except perhaps the database admin.

Thanks to all who can help!

Tom

 

[Todd Shillam]

Tom,

Try using NTFS folder and file permissions. For example, if you just want
the domain Admin user to have access to a specific folder, then add the
Admin user to have full access to the folder (including subfolders and
files); meanwhile (after you add the Admin user), try removing the
'Everyone' group. Do some research on the Internet if you are unfamiliar
with NTFS folder and file permissions as well. After you remove the
'Everyone' group, only the Admin user should have access. There are other
NTFS folder and file permissions, such as: Read-Only, List Folder Contents,
etc. The permissions give you precise control of what specific users and
groups permissions are enabled.

Best regards,

Todd

 

[Van T. Dinh]

If you are talking about Access Database "Admin", this security only works
on Access databases and _not_ other files.

You will need to use the network (Windows server?) security to secure the
Word docs.

 

[Tom]

Todd,

Thank you for responding!

I will Google to research NTFS folder and file permissions as you suggested.
Would you help me get started with just a blurb about:
1. what is NTFS folder
2. what is a domain Admin

and what can you tell me about the database accessing the folder?

Thanks,

Tom

 

[tina]

NTFS is a file system used on your PC (or server), just as are FAT and
FAT32. your network administrator can give you more info, including what
system is used on your company's network.

suggest you take a look at Garry Robinson's Real World Microsoft Access
Database Protection and Security, specifically Chapter 12. it talks about
how your network admin can set up user groups with appropriate permissions
that can probably accomplish what you're describing.

hth

 

[Tom]

Thanks for responding, Tina!

I haven't done any research yet. I understand the concept of user groups
with appropriate permissions. Is there such a thing as a database with
appropriate permissions?

Tom

 

[tina]

i've never used Acess's user-level security, so i can't answer any questions
about it. but AFAIK, you can't control *server* permissions from within an
Access database. if you want to control user access to files that are not
secured Access databases, i think you're going to have to do it from the
server's security.

to get a more definite answer, suggest you post your question in the
microsoft.pulic.access.security newsgroup; there are MVPs there who are real
security gurus.

hth

 

[John Nurick]

Hi Tom,

As others have said, this is a matter of network permissions rather than
anything to do with Access. If you have a good network administrator
s/he will know whether it's possible and if so how; I guess it might
involve putting the database users in an AD/NT group that can read files
in the folder (otherwise Access won't be able to open them) but cannot
browse the folder (hence cannot see the files to open them from Word or
Windows Explorer).

If that's not possible, things could get hairy. Possibly you could have
to have Access, running under the user's account, launch and automate an
instance of Word running under a different account. See
http://support.microsoft.com/kb/288367/EN-US/ for details. However, I'm
not sure this would do the job.I get the impression that the setup
process described in this article would mean that any time Word was
launched on the workstation it would run under the different account -
which means that users *would* be able to open the verboten files from
an interactive Word session.

Alternative approaches might include:
-Forget about securing the folder. Instead, password-protect the Word
documents and have the Access application know the password but not the
users.
-Don't store the documents on the network at all. Either keep the
contents of each .doc file in a secure database (e.g. SQL Server) and
write it to a temporary folder just before they're needed for
automation, or else write VBA code that automates Word to construct each
document on the fly when needed, using information stored in database
tables.