Security Setup Questions?

  • Thread starter Thread starter Todd D. Levy
  • Start date Start date
T

Todd D. Levy

I have an Access 2000 application where I have split the database into a
backend (an MDB containing tables/relationships) which will reside on
the server, and a frontend (will be an MDE with all other objects) which
will be installed on each workstation.

My question: when I setup security is it done on each individual
workstation, on the server, or both?

Next question - If I am setting up security with Groups, Users assigned
to Groups, and Object Permissions by Group, can I have the actual
database file itself setup without the need for users to enter a
password
(other than their original user password)?
 
Todd, I know a lot about security, but not in a FE/BE context. However, I'll
endevour to answer your questions below.

I have an Access 2000 application where I have split the database into a
backend (an MDB containing tables/relationships) which will reside on
the server, and a frontend (will be an MDE with all other objects) which
will be installed on each workstation.
Click to expand...

Sounds good so far :-)
My question: when I setup security is it done on each individual
workstation, on the server, or both?
Click to expand...

(1) User names, group names, and user/group assignments, are defined in a
Workgroup (MDW) file. I image that you would probably want all users of your
application, to use the same workgroup file. Each workstation must have a
shortcut for starting-up the FE database. The shortcut must include the
/wkgrp (spelling?) switch to locate the workgroup file. I'm not sute whether
it is safe share a single workgroup file on the server, or whether it is
better to have a seperate copy of the workgroup file, on each workstation.
If the latter, then, when you make changes to users & groups, you would need
to deploy an updated workgroup file to each workstation.

(2) The permission that each user & group, has to various database objects,
is stored wihin the databases (FE for FE objects, BE for BE objects). Those
permissions go with the database file, regardless of where it is put
(server, workstation, user's home PC, wherever). So, for example, you could
establish all of the security on your home PC, then copy the new FE, BE &
MDW files back to the workstations &/or server as required.

Next question - If I am setting up security with Groups, Users assigned
to Groups, and Object Permissions by Group, can I have the actual
database file itself setup without the need for users to enter a
password (other than their original user password)?
Click to expand...

I assume you mean, "can Access use the Widnwos logon information to log-on
automatically, without the need for the user to log-on again?". AFAIK, no.
Current versions of Access security are not integrated with windows
security, at all.

HTH,
TC
 
Just to add a bit...

TC said:
(1) User names, group names, and user/group assignments, are defined in a
Workgroup (MDW) file. I image that you would probably want all users of your
application, to use the same workgroup file. Each workstation must have a
shortcut for starting-up the FE database. The shortcut must include the
/wkgrp (spelling?) switch to locate the workgroup file.
Click to expand...

That's /wrkgrp. The shortcut target would look like
"path to msaccess.exe" "path to mde" /wrkgrp "path to mdw"
I'm not sute whether
it is safe share a single workgroup file on the server, or whether it is
better to have a seperate copy of the workgroup file, on each workstation.
If the latter, then, when you make changes to users & groups, you would need
to deploy an updated workgroup file to each workstation.
Click to expand...

It is easier to manage if the workgroup file is on the server.
I assume you mean, "can Access use the Widnwos logon information to log-on
automatically, without the need for the user to log-on again?". AFAIK, no.
Current versions of Access security are not integrated with windows
security, at all.
Click to expand...

True enough, however if you have only two levels of security needed, then
you can implement security without the need for a login.

Alternatively, you can just set the Access username to be the same as their
network login name. They'll still have to type a password, but at least
it's one less username to remember.
 
Back
Top