User-Level Security problem - app does not trigger logon screen

  • Thread starter Thread starter David Anderson
  • Start date Start date
D

David Anderson

I've done my best to manually set up User-Level Security on an Access 2000
database using the instructions on Joan Wild's website (and the MS Security
FAQ) but I've hit a problem.

I set everything up while joined to a brand new MDW file of my own creation.
I could logon as various different users that I had created and all seemed
to be well. All users, including Admin, were allocated a password. However,
after using wrkgadm.exe to revert to the default system.mdw file, my app no
longer requests a logon password.

What might I have done wrong?

David
 
You missed a step; it's important to follow the steps, in order and not missing anything.

Possibly the Admin user still owns the database object, or the Users Group has permission to open the database.
 
Hi Joan,
Thanks once again for your help. It's possible that I missed one of the 999
steps in this laborious process, and if all else fails, I'll go right back
to the beginning and start again. User-Level Security is certainly not for
the faint hearted....

Your Access 97/2000 Security Step by Step procedure does not mention the
topic of ownership, except in the Wizard section that I was deliberately not
using. I never opened the Change Owner tab in User and Group Permissions
until now. That tells me that Admin does indeed own the Database object, but
the Change Owner button is greyed out so I can't change it! The Users group
does not have permission to open the database (that is given instead to a
new group that I created specifically for my current app).

Where do I go from here?

David



You missed a step; it's important to follow the steps, in order and not
missing anything.

Possibly the Admin user still owns the database object, or the Users Group
has permission to open the database.
 
I was a little hasty in saying that your procedure did not mention ownership
in any relevant section. I have just noticed that Step 7 says that the first
user created will own everything. However, my first new user (David) did not
automatically gain ownership of any of the objects in my database. I have
now changed ownership from Admin to David for everything except the database
object. So far, however, I have found no way to make David own the database
object.

David
 
I think you may have skipped over step 11.

You need to login using the new username, create a new database (this new database will be owned by the new user. Then you import all the objects from your mdb, and proceed to secure them.

Since 'Admin' owns the database, that indicates that the mdb was created while you were still logged in as Admin.

You can't change the ownership of the database object from the dialogs.
 
Joan,
I started again from scratch. I removed the security from my database and
then re-applied it manually using your procedure. This time I took my time
and did it very carefully! To my great relief, all is now well. My userid is
now the owner of everything and my newly-resecured database insists on a
logon every time. Clearly, I did something wrong the first time around.

Just a couple of minor comments. Firstly, at Step 12 you say "open Access
and log in as the user you created in Step 7". This did not exactly match my
experience. I was not prompted for a logon until Step 13 when I went to
Tools/Security/User and Group Accounts. Secondly, in Step 7 of the 'Not Done
Yet' section you say " Ensure that you don't assign any permissions to the
Users group" - but I found that the Users group, by default, had a full set
of permissions to my new database - all of which I had to remove, one by
one.

Once again, let me thank you for all the assistance on the tricky topic of
User-Level Security. It is greatly appreciated.

David



I think you may have skipped over step 11.

You need to login using the new username, create a new database (this new
database will be owned by the new user. Then you import all the objects
from your mdb, and proceed to secure them.

Since 'Admin' owns the database, that indicates that the mdb was created
while you were still logged in as Admin.

You can't change the ownership of the database object from the dialogs.
 
David Anderson said:
Just a couple of minor comments. Firstly, at Step 12 you say "open Access
and log in as the user you created in Step 7". This did not exactly match my
experience. I was not prompted for a logon until Step 13 when I went to
Tools/Security/User and Group Accounts.

That's true; in 2000 you aren't prompted until you 'do' something - like open a database or go into the security dialogs.
Secondly, in Step 7 of the 'Not Done
Yet' section you say " Ensure that you don't assign any permissions to the
Users group" - but I found that the Users group, by default, had a full set
of permissions to my new database - all of which I had to remove, one by
one.

Yes that is true, you need to remove the permissions from the Users Group.
Once again, let me thank you for all the assistance on the tricky topic of
User-Level Security. It is greatly appreciated.

You're welcome; glad you got it working.
 
Back
Top