Wise to set up user level security for a multi FE MDB ??

[Rick Brandt]

I am currently using MS 2003 and work on a multi-user database.

I have reviewed previous posts in the forum and followed their advise
achieved in spliting the database to FE and BE, and converting the FE as
MDE file to protect the codes and Forms in the database.

I am proceeding to User Level Security but encountered couples of problem.
Which increased my concerned if it is wised to setup user level security
for the multi FE MDB.

1) I could not could not set User Level Security in an MDE file?? is that
true??

2) I am now sharing the database by deploying FE copies of MDE file to the
other users' PC, is it the same after setting User Level Security MDB??

3) I found that there is a MDW file as well, and another shortcut was
created for logging to the protected MDB, whenever each time I deploy them
as 2) at above, errors comes with not having permission in access to the
MDB, likely due to lost of linking with the MDW file and the MDB file how
to solve that??

Do I really need to modify the properties inside the "short cut for the
secured database" everytime for every users' PC manually??

4) I have tried to use the wizard to create the User Level Security, but
it seems that it had limited the "permissions", I would like to create my
own define permission, how could that be??

It is appreciated if any senior could share their experience in setting up
user level security in MS 2003 as well as if they how they encounter and
fixed the above problems that I have met.

Sincerely yours

Put your shared MDW in the same location as your shared back end.

Secure your MDB the way you want and the MDE files that you create and give
your users will have the identical settings.

You should only have to create a custom shortcut specifying your MDW file
ONCE for each user and that shortcut should never have to be replaced or
altered again.

If they do not use your MDW file they should not be able to open your file
at all. If they can then you did security incorrectly.

 

[Sunny Ho]

I am currently using MS 2003 and work on a multi-user database.

I have reviewed previous posts in the forum and followed their advise
achieved in spliting the database to FE and BE, and converting the FE as MDE
file to protect the codes and Forms in the database.

I am proceeding to User Level Security but encountered couples of problem.
Which increased my concerned if it is wised to setup user level security for
the multi FE MDB.

1) I could not could not set User Level Security in an MDE file?? is that
true??

2) I am now sharing the database by deploying FE copies of MDE file to the
other users' PC, is it the same after setting User Level Security MDB??

3) I found that there is a MDW file as well, and another shortcut was
created for logging to the protected MDB, whenever each time I deploy them as
2) at above, errors comes with not having permission in access to the MDB,
likely due to lost of linking with the MDW file and the MDB file how to solve
that??

Do I really need to modify the properties inside the "short cut for the
secured database" everytime for every users' PC manually??

4) I have tried to use the wizard to create the User Level Security, but it
seems that it had limited the "permissions", I would like to create my own
define permission, how could that be??

It is appreciated if any senior could share their experience in setting up
user level security in MS 2003 as well as if they how they encounter and
fixed the above problems that I have met.

Sincerely yours

 

[Sunny Ho]

Put your shared MDW in the same location as your shared back end.

Secure your MDB the way you want and the MDE files that you create and give
your users will have the identical settings.

You should only have to create a custom shortcut specifying your MDW file
ONCE for each user and that shortcut should never have to be replaced or
altered again.

If they do not use your MDW file they should not be able to open your file
at all. If they can then you did security incorrectly.

I would like to further clarify if the following step is the right sequence
for doing the above:

1) setting the user level security in a non splitted MDB
2) split the MDB in to FE MDB and BE MDB
3) transcript the FE MDB to FE MDE
4) put the BE MDB file and the FE MDW file into the server
5) share the FE MDE file to clients
6) customize the linkage of MDW and FE MDB in each client PC

Please correct me if anything wrong, thanks!!

 

[John W. Vinson]

I am currently using MS 2003 and work on a multi-user database.

I have reviewed previous posts in the forum and followed their advise
achieved in spliting the database to FE and BE, and converting the FE as MDE
file to protect the codes and Forms in the database.

I am proceeding to User Level Security but encountered couples of problem.
Which increased my concerned if it is wised to setup user level security for
the multi FE MDB.

One thing to consider is: what is it that you're trying to secure? Who is the
target of the security?

If you're just trying to keep your authorized users from getting into the
wrong part of the program or snoop around, security on the frontend may be
appropriate. If you're trying to protect your data, you (also?) need security
on the backend. If you're trying to protect the data from skilled and
determined hackers, Access security simply isn't good enough: a web search
will find dozens of ways to crack the protection.

1) I could not could not set User Level Security in an MDE file?? is that
true??

Yes. Set the security on the objects in your master MDB; make a MDE file from
it, and distribute that secured MDE.

2) I am now sharing the database by deploying FE copies of MDE file to the
other users' PC, is it the same after setting User Level Security MDB??
Yes.

3) I found that there is a MDW file as well, and another shortcut was
created for logging to the protected MDB, whenever each time I deploy them as
2) at above, errors comes with not having permission in access to the MDB,
likely due to lost of linking with the MDW file and the MDB file how to solve
that??

There should be one central MDW file, probably on the same folder as the
backend.

Do I really need to modify the properties inside the "short cut for the
secured database" everytime for every users' PC manually??

No. Create a shortcut referencing the frontend and the mdw and distribute the
same shortcut to all the users, along with their copy of the frontend.

4) I have tried to use the wizard to create the User Level Security, but it
seems that it had limited the "permissions", I would like to create my own
define permission, how could that be??

The wizard lets you set whatever permissions you choose. You can then use
Tools... Security to fine tune the read/write/execute permissions on any
object. It's tedious, it's complicated, and it's more than any generic wizard
could be expected to do - the wizard programmers didn't know what YOU wanted
secured, of course!

It is appreciated if any senior could share their experience in setting up
user level security in MS 2003 as well as if they how they encounter and
fixed the above problems that I have met.

Download the Microsoft Access 2000 Security FAQ:

http://support.microsoft.com/kb/207793/en-us

Print it out. Read it carefully. Get a good night's sleep; read it *again*,
even more carefully! Follow the instructions scrupulously (I'd get a marker
and check off each step on the paper copy).

Do be aware that A2007 and A2010 still support security on the older .mdb
format, but the newer .accdb format databases are NOT supported. Security is
just too easily broken. If you want to secure your data, your best bet is to
upsize the backend to SQL/Server (or another client-server database) and use
the frontend you now have linked to that server database.

 

[Sunny Ho]

Thanks John for answers in detail.
I have print at least 2 inches of FAQ from the troubleshoot of A2003, it is
good for general use, but when I need to integrated different steps together,
it seems that it so difficult to work in a right sequence of steps, or
otherwise, error or hinderance would be resulted.

On top of the help from Rick and John
I have a follow-up operational problem that I cannot find from the FAQ.

I would like to further clarify if the following step is the right sequence
to achieve:
a) setting user level security, b) splitting the database into FE and BE
c) converted the FE to MDE

1) setting the user level security in a non splitted MDB
2) split the MDB in to FE MDB and BE MDB
3) transcript the FE MDB to FE MDE
4) put the BE MDB file and the FE MDW file into the server
5) share the FE MDE file to clients
6) customize the linkage of MDW and FE MDB in each client PC (As I noticed
that in each shortcut, there would be a part of the link pointing to the FE
file, which would be different for each users in my case as the users have
their unique login account for their win XP, i.e: C:\Documents and
Settings\User acc\desktop\???)

Please correct me if anything wrong, thanks!!

Very appreciate John and Rick's help

 

[a a r o n . k e m p f]

User Level Security was removed because it's not effective, and not
secure

it's best to move to SQL Server if you want real security for your
data

that way, your employees can't just bring a copy of it home (and sell
your customers info over IRC)

 

[martin]

I am currently using MS 2003 and work on a multi-user database.

I have reviewed previous posts in the forum and followed their advise
achieved in spliting the database to FE and BE, and converting the FE as
MDE
file to protect the codes and Forms in the database.

I am proceeding to User Level Security but encountered couples of problem.
Which increased my concerned if it is wised to setup user level security
for
the multi FE MDB.

1) I could not could not set User Level Security in an MDE file?? is that
true??

2) I am now sharing the database by deploying FE copies of MDE file to the
other users' PC, is it the same after setting User Level Security MDB??

3) I found that there is a MDW file as well, and another shortcut was
created for logging to the protected MDB, whenever each time I deploy them
as
2) at above, errors comes with not having permission in access to the MDB,
likely due to lost of linking with the MDW file and the MDB file how to
solve
that??

Do I really need to modify the properties inside the "short cut for the
secured database" everytime for every users' PC manually??

4) I have tried to use the wizard to create the User Level Security, but
it
seems that it had limited the "permissions", I would like to create my own
define permission, how could that be??

It is appreciated if any senior could share their experience in setting up
user level security in MS 2003 as well as if they how they encounter and
fixed the above problems that I have met.

Sincerely yours

 

[martin]

help

 

[John W. Vinson]

help

Martin, if you want help about your Microsoft Access database, just create a
new message (rather than replying to someone else's old message). If you want
help about something else, use Google Groups to find an appropriate newsgroup.

 

[Tony Toews [MVP]]

User Level Security was removed because it's not effective, and not
secure

This statement is wrong. ULS has been removed from the ACCDB format
files but is still present and supported in MDB files.

it's best to move to SQL Server if you want real security for your
data

That I'd agree with. Of course it depends on how secure the data has
to be.

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/