Workgroup Security Still Not Working

  • Thread starter Thread starter Alec
  • Start date Start date
A

Alec

First, I'd like to thank Bonnie and Rick Brandt for
resolving my problem on the command-line.
However, regarding my second issue, sorry Rick but even
after reading the FAQ of MS, and after following their
steps, any user is able to change workgroup to eventually
get full access to the database. At no time, Access
prevents somebody from changing workgroup or creating one.
And I may be wrong but all of the security features are
properly done. If the user X opens the database located on
the server, he cannot open the design (for instance). But
nothing prevents X to create a new workgroup where he is
by default the admin and open the design.
What am I doing wrong in this pattern? Which security
feature did I miss? At no point Access is asking me to
enter the WID for example (I mean after creating the
workgroup)!!
Please help me guys.
 
Alec said:
First, I'd like to thank Bonnie and Rick Brandt for
resolving my problem on the command-line.
However, regarding my second issue, sorry Rick but even
after reading the FAQ of MS, and after following their
steps, any user is able to change workgroup to eventually
get full access to the database. At no time, Access
prevents somebody from changing workgroup or creating one.
And I may be wrong but all of the security features are
properly done. If the user X opens the database located on
the server, he cannot open the design (for instance). But
nothing prevents X to create a new workgroup where he is
by default the admin and open the design.
What am I doing wrong in this pattern? Which security
feature did I miss? At no point Access is asking me to
enter the WID for example (I mean after creating the
workgroup)!!
Please help me guys.
Click to expand...

There are many step that can be missed or done incorrectly to mess up security, but I
will give the big things to look for.

The default users group "Users" must have zero permissions to the db and all objects.
The default user "Admin" must have zero permissions to the db and all objects.
The default user "Admin" must not be listed as the owner of the db or any of the
objects.

It is generally the last one that people miss. If a user is the owner he still has
full authority to an object. You can change the owner on all objects except the db
itself. For that you need to open Access logged on as another user and create a
blank new file, then import all of the objects from the old file. That user will
then be the owner of the db and all objects in it instead of "Admin".
 
Thanks Rick. It seems to work. Indeed, the whole "owner"
concept escaped me. No wonder why I couldn't delete Admin
since he was still the owner of the database itself.
Thanks again for your help.
-----Original Message-----


There are many step that can be missed or done
Click to expand...
incorrectly to mess up security, but I
will give the big things to look for.

The default users group "Users" must have zero
Click to expand...
permissions to the db and all objects.
 
Back
Top