R
robert d via AccessMonster.com
I have the following situation:
1) DB#1 (front end) - WRKGRP File #1 used to secure it - Owner is DBOWNER -
uses RWOP queries - links to backend following Access Security FAQ 14.3 (no
permissions linking)
2) DB#2 (back end) - WRKGRP File #2 used to secure it - Owner is DBOWNER -
all table permissions removed from every group and user except DBOWNER.
Database open permissions removed from Admin user and Users Group
Both workgroup files have the same custom user's group, PowerUsers (same name
and PID). PowerUsers has Open/Run permission only on the database in DB#2.
I had hoped that by having different workgroup files for securing the dBs,
that I could prevent anyone from double-clicking DB#2 to open it by not
distributing WRKGRP File #2 or any derivative of it to the users.
However, it seems that because I had to add the PowerUsers group to WRKGRP
File #2 so that DB#1 could link to DB#2, WRKGRP File #1 can now be used to
open DB#2 even by users who are only in WRKGRP File #1 and not in WRKGRP File
#2.
If I remove Open/Run permissions from PowerUsers in DB#2, then only WRKGRP
File #2 will open DB#2, but then users of DB#1 can't link to it (except of
course the user, DBOWNER, who is the owner of both DBs).
I am very surprised that DB#2 can be opened by WRKGRP file #1 even by
PowerUsers listed in WRKGRP file #1 that are not listed in WRKGRP file #2.
Is this an Access Security bug?
Is there a better way for me to prevent any of my users from opening DB#2 at
all and just as importantly prevent them from importing the data in DB#2 into
a blank database. I could add a DoCmd.Quit statement in a module in the
backends if the user is not a specific name that only I as the developer know,
but I don't like hardcoding things like this. But if that's the only way to
do it.
Thanks.
1) DB#1 (front end) - WRKGRP File #1 used to secure it - Owner is DBOWNER -
uses RWOP queries - links to backend following Access Security FAQ 14.3 (no
permissions linking)
2) DB#2 (back end) - WRKGRP File #2 used to secure it - Owner is DBOWNER -
all table permissions removed from every group and user except DBOWNER.
Database open permissions removed from Admin user and Users Group
Both workgroup files have the same custom user's group, PowerUsers (same name
and PID). PowerUsers has Open/Run permission only on the database in DB#2.
I had hoped that by having different workgroup files for securing the dBs,
that I could prevent anyone from double-clicking DB#2 to open it by not
distributing WRKGRP File #2 or any derivative of it to the users.
However, it seems that because I had to add the PowerUsers group to WRKGRP
File #2 so that DB#1 could link to DB#2, WRKGRP File #1 can now be used to
open DB#2 even by users who are only in WRKGRP File #1 and not in WRKGRP File
#2.
If I remove Open/Run permissions from PowerUsers in DB#2, then only WRKGRP
File #2 will open DB#2, but then users of DB#1 can't link to it (except of
course the user, DBOWNER, who is the owner of both DBs).
I am very surprised that DB#2 can be opened by WRKGRP file #1 even by
PowerUsers listed in WRKGRP file #1 that are not listed in WRKGRP file #2.
Is this an Access Security bug?
Is there a better way for me to prevent any of my users from opening DB#2 at
all and just as importantly prevent them from importing the data in DB#2 into
a blank database. I could add a DoCmd.Quit statement in a module in the
backends if the user is not a specific name that only I as the developer know,
but I don't like hardcoding things like this. But if that's the only way to
do it.
Thanks.
