How to secure the backend

[Guest]

Hi. How can I secure backend database? I've got 10 users with their own
password and access, but it they open directly the backend database they will
access to every data inside. Is it possible to insert a password into the
backend database?

Regards.
Marco

 

[Joan Wild]

You can secure the BE using the same workgroup file you used for the FE. It
is possible to deny all permissions on the backend tables. Use RWOP queries
for all data interaction (see www.jmwild.com/RWOP.htm ).

 

[Guest]

Thanks for reply. Just let know something, and if a regular goes directly to
the backend database? the MDW only works if I create the shortcuts, right?

Marco.

 

[Joan Wild]

I'm not sure I understand your question. If you secure it properly, then
the backend will only open when using the correct MDW file.

It's actually a good test to be sure you have secured it right. Join the
standard system.mdw that ships with Access. Try to open the mdb by
double-clicking in Windows Explorer. If you can, then it isn't secured
properly.

 

[Guest]

yes, I think you are understanf my point of view.

My back end is in a shared folder witch is in a server. I know that is I can
join that database do an MDW but if another person try to opin in a different
computer he can open.

Did you understan? I even try, to insert a password to open the backend, but
then it returns me a error.

Marco

 

[Joan Wild]

yes, I think you are understanf my point of view.

My back end is in a shared folder witch is in a server. I know that
is I can join that database do an MDW but if another person try to
opin in a different computer he can open.

If that's the case, then you missed a step in securing it. That other
computer is joined to system.mdw (the one that ships with Access) by
default. Therefore, they should not be able to even open the database.
Since they can, you missed a step. Likely the Admin user still is owner of
objects, or the Users Group has permission to something.

The Admin user should not own anything, and the Users Group should have no
permissions to anything.

If you have a backup of your mdb, before you started security, restore it
and try again. Be certain that you follow *every* step.
Security FAQ
http://support.microsoft.com/?id=207793

Security Whitepaper
http://support.microsoft.com/?id=148555

Although the whitepaper is old, it contains information to help you
understand security.

I've also outlined the detailed steps at
www.jmwild.com/AccessSecurity.htm

Did you understan? I even try, to insert a password to open the
backend, but then it returns me a error.

You can put a password on the backend, however you then need to delete the
links in the frontend and then recreate them. You'll be prompted for the
password when you recreate the links, and then get no error. Keep in mind
though, that the database password is quite weak and easily hacked.