I have been trying to add a new database to an existing mdw file and setting
up a new group/permissions. Access to the existing database is through a
shortcut. I've logged on as the administrator, closed the existing database,
created new blank database and imported all objects from my devel database
into this new db. then set up a new group and permissions for that group.

1) After doing these steps, I find when I open Access directly (not through
the short cut to the newly "secured" db, my machine been joined to the
custom.mdw file.
2) When I rejoin my machine to the system.mdw, and then open the new
database, it, too, has been joined to the system.mdw.
3) When I rejoin the new db to the custom.mdw, I find that I can log in as
myself (e.g., as a regular user) and change any permissions I want, except
access privileges to the database itself.

In the custom.mdw, the Admin user is in the default user group and that
group has no privileges for anything.

Can anyone shed any light on what might be going wrong? The security on the
original db is working properly.
--
susan

"Susan L" <(E-Mail Removed)> wrote in message
news:31E901D1-DBEA-4EA8-BB8A-(E-Mail Removed)...
>I have been trying to add a new database to an existing mdw file and
>setting
> up a new group/permissions. Access to the existing database is through a
> shortcut. I've logged on as the administrator, closed the existing
> database,
> created new blank database and imported all objects from my devel database
> into this new db. then set up a new group and permissions for that group.

When you imported the new database, did you remove permissions for the Users
Group and the Admin user? Double check this.


> 2) When I rejoin my machine to the system.mdw, and then open the new
> database, it, too, has been joined to the system.mdw.

Firstly, a database is not joined to a mdw file. The current Access session
is using a workgroup. Any number of mdb files can be used with that
workgroup, and also it's possible to use any number of workgroup files with
one database. If you can open the new mdb while using the system.mdw, then
the Admin User or the Users Group (common to all mdw files), has
permissions.

> 3) When I rejoin the new db to the custom.mdw, I find that I can log in as
> myself (e.g., as a regular user) and change any permissions I want, except
> access privileges to the database itself.

The regular user is a member of the Users Group, and it's that Group that
has permissions it shouldn't.

> In the custom.mdw, the Admin user is in the default user group and that
> group has no privileges for anything.

That doesn't make sense. The Admin user is not a group.

If believe you thought that by using your custom.mdw, that Users Group and
Admin User would automatically not have any permissions on imported objects.
That is not the case.


--
Joan Wild
Microsoft Access MVP

Joan, thanks for your response. You were (of course) right that I didn't
realize that I would need to remove privileges from the default User group
again. I did that (the Admin user was still in the User group, not the Admins
group) and everything worked as it should.

However, I still have a problem with "losing" the custom.mdw connection when
I change back my copy of Access to the system.mdw file. I closed the new db
after changing and testing permissions, opened Access from my MS Office
toolbar, rejoined the system.mdw, checked the new db, and voila! it was back
to the system.mdw. Any thoughts?
--
susan


"Joan Wild" wrote:

> "Susan L" <(E-Mail Removed)> wrote in message
> news:31E901D1-DBEA-4EA8-BB8A-(E-Mail Removed)...
> >I have been trying to add a new database to an existing mdw file and
> >setting
> > up a new group/permissions. Access to the existing database is through a
> > shortcut. I've logged on as the administrator, closed the existing
> > database,
> > created new blank database and imported all objects from my devel database
> > into this new db. then set up a new group and permissions for that group.
>
> When you imported the new database, did you remove permissions for the Users
> Group and the Admin user? Double check this.
>
>
> > 2) When I rejoin my machine to the system.mdw, and then open the new
> > database, it, too, has been joined to the system.mdw.
>
> Firstly, a database is not joined to a mdw file. The current Access session
> is using a workgroup. Any number of mdb files can be used with that
> workgroup, and also it's possible to use any number of workgroup files with
> one database. If you can open the new mdb while using the system.mdw, then
> the Admin User or the Users Group (common to all mdw files), has
> permissions.
>
> > 3) When I rejoin the new db to the custom.mdw, I find that I can log in as
> > myself (e.g., as a regular user) and change any permissions I want, except
> > access privileges to the database itself.
>
> The regular user is a member of the Users Group, and it's that Group that
> has permissions it shouldn't.
>
> > In the custom.mdw, the Admin user is in the default user group and that
> > group has no privileges for anything.
>
> That doesn't make sense. The Admin user is not a group.
>
> If believe you thought that by using your custom.mdw, that Users Group and
> Admin User would automatically not have any permissions on imported objects.
> That is not the case.
>
>
> --
> Joan Wild
> Microsoft Access MVP
>
>
>

"Susan L" <(E-Mail Removed)> wrote in message
news:447B0FCD-146A-4777-8263-(E-Mail Removed)...
> Joan, thanks for your response. You were (of course) right that I didn't
> realize that I would need to remove privileges from the default User group
> again. I did that (the Admin user was still in the User group, not the
> Admins
> group) and everything worked as it should.
>
> However, I still have a problem with "losing" the custom.mdw connection
> when
> I change back my copy of Access to the system.mdw file. I closed the new
> db
> after changing and testing permissions, opened Access from my MS Office
> toolbar, rejoined the system.mdw, checked the new db, and voila! it was
> back
> to the system.mdw.

What do you mean 'it was back to the system.mdw'? You just said you
rejoined the system.mdw, so what else should it be back to?

If you mean that you could open your secure db using system.mdw, then you
didn't remove all permissions for the Users Group (check the database
object). You shouldn't be able to even open the mdb while joined to
system.mdw


--
Joan Wild
Microsoft Access MVP

Susan L wrote:
> Joan, thanks for your response. You were (of course) right that I
> didn't realize that I would need to remove privileges from the
> default User group again. I did that (the Admin user was still in the
> User group, not the Admins group) and everything worked as it should.
>
> However, I still have a problem with "losing" the custom.mdw
> connection when I change back my copy of Access to the system.mdw
> file. I closed the new db after changing and testing permissions,
> opened Access from my MS Office toolbar, rejoined the system.mdw,
> checked the new db, and voila! it was back to the system.mdw. Any
> thoughts?

The workgroup you are joined to is the one Access will use by default when a
different one is not specified as a command line argument. It has nothing
to do with what MDB file you might try to open.

The workgroup file you are using might dictate which files you will be
*able* to open, but opening a file does not determine which workgroup file
will be used. That is already determined before any file open is even
attempted.

--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com

Joan: I went back and checked the User group permissions on the newly secured
database. The Users group has no permissions at all (I did check the database
permissions.) The Admin user is a member of that group, as are all other
users as well (as I read in instructions). The privileges are assigned to two
other groups.

With my original db, the only access to it was through the shortcut.
Double-clicking generated an error re not having permissions, as you pointed
out. Yet, I had rejoined the system.mdw file so I didn't have to log on to
dev versions of 4 other dbs under development. That was working fine until I
started the process of implementing security on a new db.

Now when I set up the new db to use the custom.mdw, 1) I can open the db
directly by double-clicking the file, which I should not be able to do. 2) As
of 1/2 hour ago, I can now also open my original db by double-clicking the
file, which I could not do earlier today, because I checked. 3) when I close
these dbs and Access as well, then reopen Access to rejoin the system.mdw
file, close Access, then reopen the two databases, and check their mdw file
in Security Manager, they are rejoined to the system.mdw file.

Perhaps my next step should be to recreate the custom.mdw file and start over.
--
susan


"Joan Wild" wrote:

> "Susan L" <(E-Mail Removed)> wrote in message
> news:447B0FCD-146A-4777-8263-(E-Mail Removed)...
> > Joan, thanks for your response. You were (of course) right that I didn't
> > realize that I would need to remove privileges from the default User group
> > again. I did that (the Admin user was still in the User group, not the
> > Admins
> > group) and everything worked as it should.
> >
> > However, I still have a problem with "losing" the custom.mdw connection
> > when
> > I change back my copy of Access to the system.mdw file. I closed the new
> > db
> > after changing and testing permissions, opened Access from my MS Office
> > toolbar, rejoined the system.mdw, checked the new db, and voila! it was
> > back
> > to the system.mdw.
>
> What do you mean 'it was back to the system.mdw'? You just said you
> rejoined the system.mdw, so what else should it be back to?
>
> If you mean that you could open your secure db using system.mdw, then you
> didn't remove all permissions for the Users Group (check the database
> object). You shouldn't be able to even open the mdb while joined to
> system.mdw
>
>
> --
> Joan Wild
> Microsoft Access MVP
>
>
>

"Susan L" <(E-Mail Removed)> wrote in message
news:944A8718-3CD6-4A82-9D1F-(E-Mail Removed)...
> Joan: I went back and checked the User group permissions on the newly
> secured
> database. The Users group has no permissions at all (I did check the
> database
> permissions.) The Admin user is a member of that group, as are all other
> users as well (as I read in instructions). The privileges are assigned to
> two
> other groups.

OK.

>
> With my original db, the only access to it was through the shortcut.
> Double-clicking generated an error re not having permissions, as you
> pointed
> out. Yet, I had rejoined the system.mdw file so I didn't have to log on to
> dev versions of 4 other dbs under development. That was working fine until
> I
> started the process of implementing security on a new db.


OK.

>
> Now when I set up the new db to use the custom.mdw, 1) I can open the db
> directly by double-clicking the file, which I should not be able to do.

Maybe, maybe not. It depends on what workgroup file you are joined to by
default. If you are joined to your custom.mdw by default, then it should
let you in. If you are joined to the system.mdw by default and aren't using
a desktop shortcut, it shouldn't let you in.

2) As
> of 1/2 hour ago, I can now also open my original db by double-clicking the
> file, which I could not do earlier today, because I checked.

Again what workgroup file are you joined to by default? If it really is the
system.mdw, then you didn't secure it properly to begin with (check to see
who the owner of the database object is - that'll provide a hint). All this
time, your original mdb may not have been secured properly.

3) when I close
> these dbs and Access as well, then reopen Access to rejoin the system.mdw
> file,

(see that suggests that you were joined to some other mdw)

close Access, then reopen the two databases, and check their mdw file
> in Security Manager, they are rejoined to the system.mdw file.

You may not understand that what you see in Tools, security, workgroup
administrator. That is your default workgroup file. It isn't necessarily
the one currently in use. It simply tells you which mdw will be used by
default. You can over-ride the default by using a desktop shortcut that
points to a different workgroup file. For that session only, the other
workgroup file will be used. Even if you are using a custom.mdw and you go
to the workgroup administrator, it will show you that your default is
system.mdw. If you want to really verify the workgroup file that is being
used in the current session of Access then hit Ctrl-G and type
?dbengine.systemdb

I have a feeling from your description that neither your original mdb, nor
your new one are truly secure. A good test to see if they are, is to try to
open them while using the system.mdw workgroup.


--
Joan Wild
Microsoft Access MVP

Joan: Thanks for your patience. The owner of my db object is in both dbs my
administrative user, "sradmin". Typed the code you sent in the Immediate
window - custom.mdw was being used. Thanks for explaining that the Workgroup
Administrator doesn't necessarily show the file in use, rather the default. I
think that's what Rick was trying to get across to me. (Brain is a little low
on gas.)

Somehow, the "problem" has now gone away. I rejoined the system.mdw after
the last round of checking the security and making sure neither User group
had privileges and then tried double-clicking the dbs themselves. I could not
get in to either of them, as it should be.

Now I can only get in via the shortcuts. Don't understand what was going
wrong (after I removed the User group privileges-- that was a problem), but I
did restart my computer. Maybe that cleared something out. Since I can't get
in using system.mdw, does it sound as if they are secure? If not, I'l better
redo, using your instructions, which were a lifesaver when I first set up
security.

--
susan


"Joan Wild" wrote:

> "Susan L" <(E-Mail Removed)> wrote in message
> news:944A8718-3CD6-4A82-9D1F-(E-Mail Removed)...
> > Joan: I went back and checked the User group permissions on the newly
> > secured
> > database. The Users group has no permissions at all (I did check the
> > database
> > permissions.) The Admin user is a member of that group, as are all other
> > users as well (as I read in instructions). The privileges are assigned to
> > two
> > other groups.
>
> OK.
>
> >
> > With my original db, the only access to it was through the shortcut.
> > Double-clicking generated an error re not having permissions, as you
> > pointed
> > out. Yet, I had rejoined the system.mdw file so I didn't have to log on to
> > dev versions of 4 other dbs under development. That was working fine until
> > I
> > started the process of implementing security on a new db.
>
>
> OK.
>
> >
> > Now when I set up the new db to use the custom.mdw, 1) I can open the db
> > directly by double-clicking the file, which I should not be able to do.
>
> Maybe, maybe not. It depends on what workgroup file you are joined to by
> default. If you are joined to your custom.mdw by default, then it should
> let you in. If you are joined to the system.mdw by default and aren't using
> a desktop shortcut, it shouldn't let you in.
>
> 2) As
> > of 1/2 hour ago, I can now also open my original db by double-clicking the
> > file, which I could not do earlier today, because I checked.
>
> Again what workgroup file are you joined to by default? If it really is the
> system.mdw, then you didn't secure it properly to begin with (check to see
> who the owner of the database object is - that'll provide a hint). All this
> time, your original mdb may not have been secured properly.
>
> 3) when I close
> > these dbs and Access as well, then reopen Access to rejoin the system.mdw
> > file,
>
> (see that suggests that you were joined to some other mdw)
>
> close Access, then reopen the two databases, and check their mdw file
> > in Security Manager, they are rejoined to the system.mdw file.
>
> You may not understand that what you see in Tools, security, workgroup
> administrator. That is your default workgroup file. It isn't necessarily
> the one currently in use. It simply tells you which mdw will be used by
> default. You can over-ride the default by using a desktop shortcut that
> points to a different workgroup file. For that session only, the other
> workgroup file will be used. Even if you are using a custom.mdw and you go
> to the workgroup administrator, it will show you that your default is
> system.mdw. If you want to really verify the workgroup file that is being
> used in the current session of Access then hit Ctrl-G and type
> ?dbengine.systemdb
>
> I have a feeling from your description that neither your original mdb, nor
> your new one are truly secure. A good test to see if they are, is to try to
> open them while using the system.mdw workgroup.
>
>
> --
> Joan Wild
> Microsoft Access MVP
>
>
>

"Susan L" <(E-Mail Removed)> wrote in message
news:BA1BF550-452F-49B2-99B0-(E-Mail Removed)...
>
> Since I can't get
> in using system.mdw, does it sound as if they are secure? If not, I'l
> better
> redo, using your instructions, which were a lifesaver when I first set up
> security.

Yes it does; I wouldn't be redoing anything.

--
Joan Wild
Microsoft Access MVP

Thanks again. Two final questions. 1) I'd like to be able to periodically
monitor the status of tables in the databases. Do you have any methods to
recommend in addition to the code to identify the workgroup file? (We have an
"experimenter" on staff.) I found some code in a post, but I get an error
"Method or data member not found." Here's the code:
debug.print dbengine(0)(0).tabledefs("tblMyTableName").Owner
debug.print hex$(dbengine(0)(0).tabledefs("tblMyTableName").AllPermissions)
Is the syntax OK?
2) Last. Can I put the custom.mdw in a folder to which users do not have
read/write privileges or must they have privileges to use the file? (Am
thinking "out of sight/out of mind")

Appreciate the time you've spent.
--
susan


"Susan L" wrote:

> Joan: Thanks for your patience. The owner of my db object is in both dbs my
> administrative user, "sradmin". Typed the code you sent in the Immediate
> window - custom.mdw was being used. Thanks for explaining that the Workgroup
> Administrator doesn't necessarily show the file in use, rather the default. I
> think that's what Rick was trying to get across to me. (Brain is a little low
> on gas.)
>
> Somehow, the "problem" has now gone away. I rejoined the system.mdw after
> the last round of checking the security and making sure neither User group
> had privileges and then tried double-clicking the dbs themselves. I could not
> get in to either of them, as it should be.
>
> Now I can only get in via the shortcuts. Don't understand what was going
> wrong (after I removed the User group privileges-- that was a problem), but I
> did restart my computer. Maybe that cleared something out. Since I can't get
> in using system.mdw, does it sound as if they are secure? If not, I'l better
> redo, using your instructions, which were a lifesaver when I first set up
> security.
>
> --
> susan
>
>
> "Joan Wild" wrote:
>
> > "Susan L" <(E-Mail Removed)> wrote in message
> > news:944A8718-3CD6-4A82-9D1F-(E-Mail Removed)...
> > > Joan: I went back and checked the User group permissions on the newly
> > > secured
> > > database. The Users group has no permissions at all (I did check the
> > > database
> > > permissions.) The Admin user is a member of that group, as are all other
> > > users as well (as I read in instructions). The privileges are assigned to
> > > two
> > > other groups.
> >
> > OK.
> >
> > >
> > > With my original db, the only access to it was through the shortcut.
> > > Double-clicking generated an error re not having permissions, as you
> > > pointed
> > > out. Yet, I had rejoined the system.mdw file so I didn't have to log on to
> > > dev versions of 4 other dbs under development. That was working fine until
> > > I
> > > started the process of implementing security on a new db.
> >
> >
> > OK.
> >
> > >
> > > Now when I set up the new db to use the custom.mdw, 1) I can open the db
> > > directly by double-clicking the file, which I should not be able to do.
> >
> > Maybe, maybe not. It depends on what workgroup file you are joined to by
> > default. If you are joined to your custom.mdw by default, then it should
> > let you in. If you are joined to the system.mdw by default and aren't using
> > a desktop shortcut, it shouldn't let you in.
> >
> > 2) As
> > > of 1/2 hour ago, I can now also open my original db by double-clicking the
> > > file, which I could not do earlier today, because I checked.
> >
> > Again what workgroup file are you joined to by default? If it really is the
> > system.mdw, then you didn't secure it properly to begin with (check to see
> > who the owner of the database object is - that'll provide a hint). All this
> > time, your original mdb may not have been secured properly.
> >
> > 3) when I close
> > > these dbs and Access as well, then reopen Access to rejoin the system.mdw
> > > file,
> >
> > (see that suggests that you were joined to some other mdw)
> >
> > close Access, then reopen the two databases, and check their mdw file
> > > in Security Manager, they are rejoined to the system.mdw file.
> >
> > You may not understand that what you see in Tools, security, workgroup
> > administrator. That is your default workgroup file. It isn't necessarily
> > the one currently in use. It simply tells you which mdw will be used by
> > default. You can over-ride the default by using a desktop shortcut that
> > points to a different workgroup file. For that session only, the other
> > workgroup file will be used. Even if you are using a custom.mdw and you go
> > to the workgroup administrator, it will show you that your default is
> > system.mdw. If you want to really verify the workgroup file that is being
> > used in the current session of Access then hit Ctrl-G and type
> > ?dbengine.systemdb
> >
> > I have a feeling from your description that neither your original mdb, nor
> > your new one are truly secure. A good test to see if they are, is to try to
> > open them while using the system.mdw workgroup.
> >
> >
> > --
> > Joan Wild
> > Microsoft Access MVP
> >
> >
> >