Newbie security questions

M

miaplacidus

I think I understand. The mdb file contains the
permissions. The workgroup file contains the usernames and
passwords.
When Access opens it picks up the username and password
from the workgroup file. Then when the mdb file opens it
applies the permissions as identified by the username and
password.

I still have some questions.

1) I don't see in the workgroup administrator anything
about a default workgroup. I can either join a workgroup
or create a new one. If I join a new workgroup, does that
then become the default?

2) If I put my mdb out on the shared drive, does this mean
that I have to go to each user and put the shortcut on
their machine to direct them to the right workgroup? If I
do that, what prevents them from just switching back to
the default workgroup, system.mdw? What prevents them from
navigating to the MDB file and opening it without the
shortcut? As I see it, no shortcut, no security.

3) If they do that then the administrator will have no
password and they can get right in. Is that why you have
to take Admin out of the Admins group and have admin be a
user? Even though I did that, I now have a situation where
the mdb is on the shared drive and I have to log in, other
users (still using their default mdw file) can go right in.

4) Is there no way to administer the security of a file
that is on the shared drive from a central location so I
don't have to physically visit each user to determine what
the proper strings are for the shortcut?

5) As a newbie I apparently did not write down the strings
when the user group was first created. I still have my
passwords so I can get in OK. I have made changes to
the .mdb file which I would like not to have to redo. Now
that I think I understand the security process I would
like to make an unsecured copy of my file to use for
continued development. Then when I create a new object, or
whatever, I can copy it to the secured file. In the
meantime I would like to strip all the security from my
current file, copy it to my development file, and then re-
create the security properly (and record all the strings).
as I understand it, I do not need the original strings to
do this, only a working admin password. Is this correct?



on is
controlled by the related,
but distinct. default
workgroup file is the
user and group that
information is proper
authorities, the it
is not. workfile
some of the time as
a command line
shortcut.>
Click to expand...

-----Original Message-----
 
R

Rick Brandt

miaplacidus said:
I think I understand. The mdb file contains the
permissions. The workgroup file contains the usernames and
passwords.
When Access opens it picks up the username and password
from the workgroup file. Then when the mdb file opens it
applies the permissions as identified by the username and
password.

I still have some questions.

1) I don't see in the workgroup administrator anything
about a default workgroup. I can either join a workgroup
or create a new one. If I join a new workgroup, does that
then become the default?
Yep.


2) If I put my mdb out on the shared drive, does this mean
that I have to go to each user and put the shortcut on
their machine to direct them to the right workgroup? If I
do that, what prevents them from just switching back to
the default workgroup, system.mdw? What prevents them from
navigating to the MDB file and opening it without the
shortcut? As I see it, no shortcut, no security.
Click to expand...

If security is applied properly then users "HAVE TO" use your mdw file or
they don't get in. If that is not happening in your case then you applied
security incorrectly.
3) If they do that then the administrator will have no
password and they can get right in. Is that why you have
to take Admin out of the Admins group and have admin be a
user? Even though I did that, I now have a situation where
the mdb is on the shared drive and I have to log in, other
users (still using their default mdw file) can go right in.
Click to expand...

Then you missed a step. Start over after reading the security FAQ about 10
times through.
4) Is there no way to administer the security of a file
that is on the shared drive from a central location so I
don't have to physically visit each user to determine what
the proper strings are for the shortcut?
Click to expand...

If you're talking about not knowing where they might have the Access
executable installed, then no, there is no easy alternative to setting up
each shortcut separately other than enforcing a policy that all Office
installs are on the same path.
5) As a newbie I apparently did not write down the strings
when the user group was first created. I still have my
passwords so I can get in OK. I have made changes to
the .mdb file which I would like not to have to redo. Now
that I think I understand the security process I would
like to make an unsecured copy of my file to use for
continued development. Then when I create a new object, or
whatever, I can copy it to the secured file. In the
meantime I would like to strip all the security from my
current file, copy it to my development file, and then re-
create the security properly (and record all the strings).
as I understand it, I do not need the original strings to
do this, only a working admin password. Is this correct?
Click to expand...

Yep.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IGNORE SECURITY! 1
Removing Admin Permissions from my database 1
Security .mdw 1
Creating an using a superuser id 1
How to go from 2 secure MDB’s with 1 workgroup to 2 workgroups 8
2003 User&Permissions Problem in 2007 2
how to join the workgroup security file system? 2
Access2000 security problems..urgent!!! 2

Top