User Group Security

  • Thread starter Thread starter happygirl5354
  • Start date Start date
H

happygirl5354

I did create a user/group security, it did well in my
machine, since this database is shared, if someone open
this mdb using other machine, it seems that my previous
setting all are disappeared. Can someone please help.
Thanks
 
[email protected] said:
I did create a user/group security, it did well in my
machine, since this database is shared, if someone open
this mdb using other machine, it seems that my previous
setting all are disappeared. Can someone please help.
Thanks
Click to expand...

Are they using the MDW workgroup file that you used to create and secure
the app? My guess is no. This would mean that you did not apply security
properly as users should be forced to use your MDW file to open the
application. If they can open it using any other MDW file then security is
broken.

You need to get the security FAQ from MS and read it carefully several
times through. Access security is not a trivial undertaking and there are
many steps required to get it right. If it makes you feel any better I
would estimate that there is not one person in a hundred who applies
security correctly the first time and that most "secured" Access
applications in existence are in fact not secured properly.

I want to clarify my first paragraph. Do not attempt to solve this problem
by first giving the users a copy (or link) to your MDW file as that does
not address the primary concern. That would give the *appearance* of a
secured app, but any user who reinstalls Office or who otherwise changes to
a different MDW file later on will have unauthorized access to your
application. Step one is to get to the point where anyone who attempts to
open your file with any MDW besides yours is denied access entirely. Only
then should you provide your MDW file to those people you want to have
permissions.
 
Hello,

I am going through the same thing. I am reading the FAQ
now and don't see (yet) how to force the user to use my
MDW file that is created. So, I would also appreciate
further assistance in this.

Also, how is this MDW file associated with JUST this
access database (or will that occur when I force for that
particular mdw file to be used when opening that one DB).

Thank you so much,
Jennifer
 
Jennifer said:
Hello,

I am going through the same thing. I am reading the FAQ
now and don't see (yet) how to force the user to use my
MDW file that is created. So, I would also appreciate
further assistance in this.
Click to expand...

When a user opens Access with a MDW file that does not prompt for a login then
they are logging in silently as the user "Admin" and as a member of the default
group "Users". If your application does not give permissions to the Admin user
and the Users group, then they will not be able to open it.

A common missed step is to not make sure that Admin is not the owner of the
database or any objects. Owners are given privileges even if they have no
permissions otherwise.
Also, how is this MDW file associated with JUST this
access database (or will that occur when I force for that
particular mdw file to be used when opening that one DB).
Click to expand...

The relationship between MDW and MDB file is a bit more detached than that. You
always run Access in a workgroup environment. All that environment does is
establish who the login user is and what groups he has membership in within the
workgroup file. Access (at this point) does not care what file you might or
might not attempt to open. This is why joining a workgroup that has a password
applied to the "Admin" user causes you to always get a login prompt. The MDW
being used for the session of Access is what determines whether you get a login
prompt, not the file you might attempt to open.

Now...once the session is started and the file is being opened, Access looks at
the permissions stored "in that file". Access already knows at this point what
the login UserName is and what groups that user is a member of. It now compares
that to the permissions stored in the MDB to see if the current user has
authority to open the file and then (if let in) to every object being interacted
with.

It is typical however to want to use a secure MDW file "just for this one
particular MDB file" while not being bothered with a login prompt for other
files. The way to do that is leave users joined to the default non-secure MDW
file and then create a shortcut that specifies a different MDW file as a command
line argument to open the secure MDB. The syntax is roughly...

"Path to MSAccess.exe" "Path to MDB" /wrkgrp "Path to MDW"
 
Back
Top