I will be delivering an application to a client who will need to create new
users as new employees are hired. My concern is creating a user that belongs
to the Admins group since it is my understanding that only this type of user
can create or administer to other accounts. The application is a split
database with the FE (an mde file) and BE (an mdb file) protected with the
same mdw file. User-level security has been applied. They will be receiving
the database with the Office XP Access runtime version. AllowByPass has been
disabled on the FE; the BE is just tables and thier data anyway. Is this the
right approach? Just wondering if it is common practice to allow a user to
have this level of authority? Thanks.

You should look at section 33 of the security FAQ. Deploying a separate mdw
than the one you used to secure it with, will ensure that the Admins group
is different (giving members ability to administer users, without full
administrative control over your database)

FAQ
http://support.microsoft.com/?id=207793

--
Joan Wild
Microsoft Access MVP

Alton wrote:
> I will be delivering an application to a client who will need to
> create new users as new employees are hired. My concern is creating
> a user that belongs to the Admins group since it is my understanding
> that only this type of user can create or administer to other
> accounts. The application is a split database with the FE (an mde
> file) and BE (an mdb file) protected with the same mdw file.
> User-level security has been applied. They will be receiving the
> database with the Office XP Access runtime version. AllowByPass has
> been disabled on the FE; the BE is just tables and thier data anyway.
> Is this the right approach? Just wondering if it is common practice
> to allow a user to have this level of authority? Thanks.

Thanks. I actually located this paper yesterday. After reading section 33,
I thought that I had done that process but maybe I did it incorrectly. I
will try it again. Thanks for responding.

"Joan Wild" wrote:

> You should look at section 33 of the security FAQ. Deploying a separate mdw
> than the one you used to secure it with, will ensure that the Admins group
> is different (giving members ability to administer users, without full
> administrative control over your database)
>
> FAQ
> http://support.microsoft.com/?id=207793
>
> --
> Joan Wild
> Microsoft Access MVP
>
> Alton wrote:
> > I will be delivering an application to a client who will need to
> > create new users as new employees are hired. My concern is creating
> > a user that belongs to the Admins group since it is my understanding
> > that only this type of user can create or administer to other
> > accounts. The application is a split database with the FE (an mde
> > file) and BE (an mdb file) protected with the same mdw file.
> > User-level security has been applied. They will be receiving the
> > database with the Office XP Access runtime version. AllowByPass has
> > been disabled on the FE; the BE is just tables and thier data anyway.
> > Is this the right approach? Just wondering if it is common practice
> > to allow a user to have this level of authority? Thanks.
>
>
>