Workgroup Question

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a question about the workgroups for access. After following all the
steps of the security whitepaper and having reread it many times, I cant seem
to get the workgroup to work as intended.

Whenever I use the shortcut from the desktop to open, it works fine. However
if I run the file from file explorer using the default workgroup system.mdw,
the user still have all the permissions needed.

From what I understand, all the permissions/pw/etc is stored in the
workgroup file and hence, the only way to stop the user from opening this
secured file is to change the default system.mdw and remove the admin group
from admin user. But doing this doesnt make much sense as I would have to go
to every station to edit the system.mdw. What did I misunderstood here?

-All permissions are already removed from the user group.
-Admin group have been removed from the admin user in my new workgroup.
 
in message:

Setting up User Level Security can be confusing the first couple of times.

Comments in-line....
I have a question about the workgroups for access. After following all the
steps of the security whitepaper and having reread it many times, I cant seem
to get the workgroup to work as intended.

An excellent starting place, but I have some other good information here:

http://home.bendbroadband.com/conradsystems/accessjunkie/resources.html#Security

Pay particular attention to the steps provided by MVPs Lynn and Joan.
It may help to follow their simple guidelines.
Whenever I use the shortcut from the desktop to open, it works fine. However
if I run the file from file explorer using the default workgroup system.mdw,
the user still have all the permissions needed.

Then definitely a step or two has been missed.
From what I understand, all the permissions/pw/etc is stored in the
workgroup file and hence,...

Incorrect.
Permissions are stored in the database file itself (MDB).
Users, Groups, and passwords are stored in the workgroup file (MDW).
...the only way to stop the user from opening this
secured file is to change the default system.mdw and remove the admin group
from admin user. But doing this doesn't make much sense as I would have to go
to every station to edit the system.mdw. What did I misunderstood here?

Nope, definitely not right. You should *not* be modifying in any way shape
or form each user's default workgroup file. You should be working solely
within a custom workgroup file that you or the Security Wizard created.
-All permissions are already removed from the user group.
-Admin group have been removed from the admin user in my new workgroup.

That's good, but it might be easier to phrase it as "The Admin user has
been removed from the Admins group and is only a member of the Users Group."

If done *correctly* users should -
1. Not be able to open the secured database with their default workgroup file.
2. Be using a desktop shortcut with the correct parameters to open
the secured database with the custom workgroup file.
3. Users should be members of custom groups you set up and grant appropriate
permissions to those groups.

Here are several things to look for in your case:
1. The Admin user should have a password in your custom workgroup file.
2. The Admin user should only be a member of the Users group.
3. The Users *group* should have zero permissions to everything. Zip, nada.
This includes the database container itself, something often overlooked.
4. The database itself and all objects should be owned by your Super User.

Look over Lynn's and Joan's steps to see what you may have missed.
I also found Jack MacDonald's information quite useful.
 
I still cant solve the problem after looking thru all those guides.
Heres what my settings are now.

MySystem.mdw
- The Admin user has been removed from the Admins group and is only a member
of the Users Group. =p
- All permissions have been removed from the Admins and Users group.
- Admin user has a pwd in place.
- Owner for everything is "Manager".

System.mdw
- Admin user is part of the Admins and Users group.
- Permissions are and should be the same when I use the MySystem.mdw
- Admin user does not have a pwd.
- Owner for everything is <Unknown>

Everything seems to be correct. But my guess is that since Access normally
loads with System.mdw and Admin user is part of Admin group, it still can
access everything. What am I missing here?

Thanks in advance.
 
When I open the db with system.mdw and MySystem.mdw, the permission settings
are different for the Admin group. According to how you said permissions are
stored on the mdb itself, it shouldn be happening right?
 
How did you create MySystem.mdw workgroup file?

In it, it isn't necessary to remove the permissions from the Admins Group
(provided you created it properly)
 
How can I delete a workgroup all together. We just had Access 2003 installed
and it was originally Access 2000. Somehow the file got into a workgroup and
now I can get it into it at all and I'm the administrator! LOL!

Thank you.

Maritza
 
Do a search on your computer for *.mdw files.

Open Access 2003, and go to Tools, Security, Workgroup Administrator.

That will tell you the workgroup file you are joined to by default. Click
on Join and rejoin the standard system.mdw that ships with Access.

If you are already joined to it, locate it in Windows Explorer and rename it
to systemOld.mdw. Restart Access, and it'll create a new one for you.
 
Back
Top