No user with admin permissions

[Guest]

A client has an Access 2000 database that uses a custom workgroup that had
users and groups setup. The users had permissions only through their
assigned group. A super user was added to the Admins group.

Permissions for the admin user, and the users group were removed.

Can you guess what happened? Right, the super user no longer has
permissions for anything. Also, when I looked to see who owned the database
– no owner was listed, not admin – not anyone, just a blank.

My questions:

Is it possible to fix this, that is, create a user with admin permissions?
Permissions to change security, etc.

If not, what is the best way to recover from this situation?

Thanks,

Jim

 

[Joan Wild]

Can you guess what happened? Right, the super user no longer has
permissions for anything. Also, when I looked to see who owned the
database - no owner was listed, not admin - not anyone, just a blank.

Blank or <unknown>?

It's impossible to have a mdw with zero users in the Admins Group.

 

[Guest]

I agree, the Admins group does have a user, the Super User. However, the
Admins group has no permissions on the database and that is possible. And,
it is possible to have a user who does not have admin type permissions, that
is, no user who can change security, a user who has all possible permissions.
That is the status of my client’s database. I do not know how it happened;
I just need to know how to fix it.

To rephrase my question, how can I unsecure a database when no user or group
has permissions to change security?


Thanks,

Jim

 

[Joan Wild]

There is always *some* user that has the necessary permissions - i.e. the
owner.

You need to login as the owner.

Generally, a person in the Admins group does have permission to change
security.

You didn't answer whether the owner is showing as blank (never heard of
that) or <unknown>

If it is unknown, then you aren't using the correct mdw, or the owner was
deleted from the mdw.

You can re-create that user, making sure you use the same name/PID, or
restore the mdw from a backup.

 

[Guest]

There is always *some* user that has the necessary permissions - i.e. the
owner.

You need to login as the owner.

I am returning to the client this afternoon (in about an hour) I will
verify what is listed for the DB owner but what I remember when I looked last
week it was blank.

Generally, a person in the Admins group does have permission to change
security.

The Super user had permission to do everything, assigned both as a user and
through the Admins group.

You didn't answer whether the owner is showing as blank (never heard of
that) or <unknown>

Missed that question.

If it is unknown, then you aren't using the correct mdw, or the owner was
deleted from the mdw.

Verified MDW through the immediate screen - ?dbengine.systemdb

Owner may have been deleted from MDW.

You can re-create that user, making sure you use the same name/PID, or
restore the mdw from a backup.

May have name and PID, not sure what documentation the client has retained.
May have a backup of the MDW.

Will determine this afternoon.

Thanks for the help.

Jim

 

[Guest]

The database owner is <unknown>

Verified again that the mdw file I was using is correct using the
?dbengine.systemdb in the immediate window after logon.

Cannot find a backup mdw file that has a user with a SID that has Database
Administer permissions.

Current situation is:
1 - No user has “Administer†permissions on the database.
2 - No user has permissions to change security.
3 - Some users do have “Administer†permissions on database objects –
Tables, Queries, Reports, Forms.

Goal: Remove all security from database and database objects.

What would you do?

Thanks

Jim

 

[Keith Wilby]

The database owner is <unknown>

Verified again that the mdw file I was using is correct using the
?dbengine.systemdb in the immediate window after logon.

Cannot find a backup mdw file that has a user with a SID that has Database
Administer permissions.

Current situation is:
1 - No user has "Administer" permissions on the database.
2 - No user has permissions to change security.
3 - Some users do have "Administer" permissions on database objects -
Tables, Queries, Reports, Forms.

Goal: Remove all security from database and database objects.

What would you do?

I'd go back to my most recent backup ;-) Realistically, I think you might
have gotten yourself into the pickle that only a "paid for" "utility" can
get you out of. There are many such utilities available to break into a
secured app* ... Google is your friend BTW, permissions are stored in
the mdb, not the mdw.

* which I don't condone or condemn (Chris).

Regards,
Keith.
www.keithwilby.com