Suggestions on Access Security Wizard

  • Thread starter Thread starter Virgil
  • Start date Start date
V

Virgil

Hello all,
I intend to write a wizard for securing Access
databases even if I know that there is one in Access. My
ideea is to write one that will has more facilities than
the original one and will be simpliest to use.

Can you give me your suggestion or ideeas? What can be
automated in securying an Access database and what not?

Thanks a lot,
Virgil
 
Virgil said:
Hello all,
I intend to write a wizard for securing Access
databases even if I know that there is one in Access. My
ideea is to write one that will has more facilities than
the original one and will be simpliest to use.
Can you give me your suggestion or ideeas? What can be
automated in securying an Access database and what not?


Access security is very tricky to get correct. Not to be rude, but, if
you have to ask those questions, you will probably not be able to
write a wizard that does it properly.

For example, which users have unrestricted access to an object in the
database? If you can not answer that question accurately, and "off the
top of your head", you are not in a position to start writing security
wizards yet! [answer below]

HTH,
TC

answer below:



below...



below!



The following users have (or can re-acquire) full permissions to an
object in the database:
(1) the owner of that object;
(2) any user who has been granted Administer permission on that
object;
(3) and user who gains (2) by virtue of group membership, and
(4) any member of the workgroup file that was used to create the
database.

(end)
 
-----Original Message-----
"Virgil" <[email protected]> wrote in message
Hello all,
I intend to write a wizard for securing Access
databases even if I know that there is one in Access. My
ideea is to write one that will has more facilities than
the original one and will be simpliest to use.
Can you give me your suggestion or ideeas? What can be
automated in securying an Access database and what not?


Access security is very tricky to get correct. Not to be rude, but, if
you have to ask those questions, you will probably not be able to
write a wizard that does it properly.

For example, which users have unrestricted access to an object in the
database? If you can not answer that question accurately, and "off the
top of your head", you are not in a position to start writing security
wizards yet! [answer below]

HTH,
TC

answer below:



below...



below!



The following users have (or can re-acquire) full permissions to an
object in the database:
(1) the owner of that object;
(2) any user who has been granted Administer permission on that
object;
(3) and user who gains (2) by virtue of group membership, and
(4) any member of the workgroup file that was used to create the
database.

(end)
.

Hello TC,

You remembered me about school period :-).
I will write the Wizard and I think posting here is
first step in writting a good one.
I expect suggestion from this newsgroup members based on
their experience with Access Security.

Thanks,
Virgil
 
Virgil said:
-----Original Message-----
"Virgil" <[email protected]> wrote in message
Hello all,
I intend to write a wizard for securing Access
databases even if I know that there is one in Access. My
ideea is to write one that will has more facilities than
the original one and will be simpliest to use.
Can you give me your suggestion or ideeas? What can be
automated in securying an Access database and what not?


Access security is very tricky to get correct. Not to be rude, but, if
you have to ask those questions, you will probably not be able to
write a wizard that does it properly.

For example, which users have unrestricted access to an object in the
database? If you can not answer that question accurately, and "off the
top of your head", you are not in a position to start writing security
wizards yet! [answer below]

HTH,
TC

answer below:



below...



below!



The following users have (or can re-acquire) full permissions to an
object in the database:
(1) the owner of that object;
(2) any user who has been granted Administer permission on that
object;
(3) and user who gains (2) by virtue of group membership, and
(4) any member of the workgroup file that was used to create the
database.

(end)
.

Hello TC,

You remembered me about school period :-).
I will write the Wizard and I think posting here is
first step in writting a good one.
I expect suggestion from this newsgroup members based on
their experience with Access Security.

Thanks,
Virgil


Good luck! :-)

As for your original question, almost *everything* can be automated except,
perhaps, for the programattic creation of new workgroup files. The workgroup
file is actually a jet database, but it does have some system bits set,
which you can not set through normal code. So I'm not sure whether you can
or can not create a functioning workgroup file just by creating a jet db wih
the relevant tables. This would be an interesting experiment for someone to
try.

Cheers,
TC
 
TC said:
As for your original question, almost *everything* can be automated except,
perhaps, for the programattic creation of new workgroup files. The workgroup
file is actually a jet database, but it does have some system bits set,
which you can not set through normal code. So I'm not sure whether you can
or can not create a functioning workgroup file just by creating a jet db wih
the relevant tables. This would be an interesting experiment for someone to
try.

It can be done. Look around www.trigeminal.com
 
This is a good idea. I have been want to do it for
a long time. To manually secure ACCESS is a pain.

I think the minimum is code that remove all user's
permission - My idea is that permisison should
be granted through group.

Once that is done. The next is a good report.
The one ACCESS97 has is too tedious to went through
each user/group.

The next I think is searching:
What groups a user belong to.
Who are member of a given group.

We then need the ability to remove a user from
all groups it belong to. The ability to clone
a user will be helpful too.

Good luck.

** I don't like the security change on ACESS 2000
and later on the module - which drop it to password
only protection - which is really a lazy-bone's
approach.
 
Joan Wild said:
It can be done. Look around www.trigeminal.com


I know it can be done by using the undocumented Jet APIs (which is what MK
does). I am wondering whether it can be done just by creating a new db with
the relevant tables & queries! Then you would not need any knowledge of how
to use those APIs. I'll try to find time to give it a go tonight, then post
back here.

Cheers,
TC
 
All of that can be done quite easily. But the "minimum" requirement is
really:
(1) creating a new workgroup file with a unique WID, and
(2) transferring the *ownership* of all objects away from the Admin user.

If you don't do those things, your security will be easily cracked, no
matter how many permissions you remove from the users.

I have no argument that the standard user interface for security functions,
is very unpleasant!

But I worry that if someone produces their own "home grown" scheme, it might
*look* good - and *seem* to work - but miss some critical points (like the
two above), thereby leaving their so-called "secure" databases, in-secure.

I guess that I do not believe that a person without an *accurate, in-depth
knowledge* of Access security, has any real hope of re-writing the security
wizards effectively.

TC
 
TC said:
I know it can be done by using the undocumented Jet APIs (which is what MK
does). I am wondering whether it can be done just by creating a new db with
the relevant tables & queries! Then you would not need any knowledge of how
to use those APIs. I'll try to find time to give it a go tonight, then post
back here.

Cheers,
TC


No can do, as per INFO post.

TC
 
Back
Top