M
miaplacidus
I have set up a database and created a workgoup file. In
the database I set permissions for some groups to enter
and update data. All the design permissionons are turned
off except for my account. I took the admin account out of
the admins group so admin is only a member of the user
group. All permissions for the user group are turned off.
Therfore the only permissions for objects in this database
are those assigned to groups which I created.
Still, if someone logs in using the default system.mdw
file they are able to log in as admin, with no password
and the security menu shows that that admin has full
rights.
I see in Snelling's security document that there are two
user groups that have irrevocable rights to assign
permissions, even if the UI indicates that those users
don't have permissions. They are the owner of the object
(me, in this case) and the admins group of the workgroup
database in use when the database was created.
Since I created the database using the system.mdw file
before I ever considered security, apparently any
system.mdw administrator has full rights to my DB.
Apparently this means that in order to secure this DB I
will have to re-create it using an mdw where admin is not
a member of the admins group.
As I understand it, neither can I copy the obects to a new
database created under a different .mdw file because the
previous permissions are attributes of the object, and
they will follow the object to the new .mdb.
I followed the instructions later in the document for
securing an existing database. The end result of that
procedure was that now the application requests an DB
password, but once that is entered the user is logged on
as admin and since in that users user group admin is a
member of admins and admins has full permissions...ergo no
security.
How do back out of this and start over?
the database I set permissions for some groups to enter
and update data. All the design permissionons are turned
off except for my account. I took the admin account out of
the admins group so admin is only a member of the user
group. All permissions for the user group are turned off.
Therfore the only permissions for objects in this database
are those assigned to groups which I created.
Still, if someone logs in using the default system.mdw
file they are able to log in as admin, with no password
and the security menu shows that that admin has full
rights.
I see in Snelling's security document that there are two
user groups that have irrevocable rights to assign
permissions, even if the UI indicates that those users
don't have permissions. They are the owner of the object
(me, in this case) and the admins group of the workgroup
database in use when the database was created.
Since I created the database using the system.mdw file
before I ever considered security, apparently any
system.mdw administrator has full rights to my DB.
Apparently this means that in order to secure this DB I
will have to re-create it using an mdw where admin is not
a member of the admins group.
As I understand it, neither can I copy the obects to a new
database created under a different .mdw file because the
previous permissions are attributes of the object, and
they will follow the object to the new .mdb.
I followed the instructions later in the document for
securing an existing database. The end result of that
procedure was that now the application requests an DB
password, but once that is entered the user is logged on
as admin and since in that users user group admin is a
member of admins and admins has full permissions...ergo no
security.
How do back out of this and start over?