Access 2000 Windows 2000 folder permissions

[prodeji]

Hi

Don't know if I'm posting this in the (most) relevant group but not
sure where to post it and not getting anywhere digging on my own -
probably not using the correct keywords.

Anyway, my dilemma is this:
I'm building an application that needs to link to an access database in
a folder on a Windows 2000 network.

The users of the application do not have access to the folder the
database is in - yep, you guessed it, it's Human Resources! - and so
the application can't access the information it needs to.

The database the application needs is, of course, confidential (the
whole folder it's in is 'confidential'; it's HR after all) <rolling
eyes> and the powers-that-be will not sign off on moving it to a folder
with more universal access.

I've explored replication but:
a) I haven't had time to get it down enough to be able to automate it
b) It'll result in the same confidentiality problem

Is there any way (yeah I'm aware this may be a dumb question) the
application can circumvent the permission restrictions and access the
tables it needs in the Access database?

My reasoning is that the users won't have 'access' to the restricted
folder; they'll never even see the contents or have any way to retrieve
anything other than what the appication is built to retrieve, which is
non-confidential information, so there might be a way to do it.

I'm also aware the solution, if there is one, may be found in a Windows
2000 group rather than an Access group but thought I'd start here.

Any guidance is appreciated.

Thanks,

 

[Granny Spitz via AccessMonster.com]

I've explored replication but:

I'd avoid that with Jet.

Is there any way (yeah I'm aware this may be a dumb question) the

It's not a dumb question. Database professionals deal with security all the
time.

application can circumvent the permission restrictions and access the
tables it needs in the Access database?

It would require hacking, which we won't help you with.

My reasoning is that the users won't have 'access' to the restricted
folder; they'll never even see the contents or have any way to retrieve
anything other than what the appication is built to retrieve, which is
non-confidential information, so there might be a way to do it.

Most solutions involve a client/server database where the user must log in
and the DBA assigns each user to a role, so each user only sees what he's
authorized to see, even though other confidential data may be in the same
table or in the same schema.

To do it with Jet, you must separate the non-confidential data from the table
and place it in another table with a 1:1 relationship with the original table.
Queries of course will have to be changed to work with the new design, and
referential integrity enforcement will have to be replaced with code that
*tries* to enforce it. These non-confidential tables can be placed in a
separate database on an unrestricted server and linked to from the restricted
HR database and from elsewhere in the organization.

For these reasons the best solution is a client/server database.

 

[prodeji]

Hi Granny,

Glad to see i was in the ballpark about there being a way to get around
the 'security' whether it's ethical or not

Time and other constraints won't allow me to rework the restricted
database as suggested, so I guess I'll have to go an alternate (less
secure) route.

Thanks for the info, though, much appreciated.

prodeji

 

[Granny Spitz via AccessMonster.com]

Time and other constraints won't allow me to rework the restricted
database as suggested, so I guess I'll have to go an alternate (less
secure) route.

Make sure you tell *the powers-that-be* what's less secure about the route
you decided to take. Put it in writing so they can't say later "We didn't
know *that* would happen!"

Thanks for the info, though, much appreciated.

You're welcome hon. Good luck on your project.