Question about security

  • Thread starter Lee Stafford via AccessMonster.com
  • Start date
L

Lee Stafford via AccessMonster.com

I have set up my workgroup and all my users have been added to their
respective groups and the groups have all been given the correct
permissions. OK, now i have found a calculation error in a report, so I
go back to the original .mdb front end file and make the correction. Out
of curiosity I check the securities and each group is set to have full
permission of everything. I am confused. When I change the security
properties, what file am I actually changing? Am I changing the workgroup
file, or the front end that I am currently working in? I appologize if the
answer is somewhere obvious. I just can't find it.

tia,

Lee
 
T

TC

It's a good question & you are right to be unsure.

Most of the papers describing security would be much better, IMO, if
they included a diagram to show where everything actally is. The "view
from a thousand feet", as it were!

Briefly:

The workgroup file contains the usernames, group names, and user/group
relationships (ie. Tom is a member of Reporters, and Managers). It
/DOES NOT/ know anything about the databases, or objects, that are
being secured. It does not know any object names, or user/object
permission settings.

The database contains, of course, the objects being secured. It also
contains a system table of the following form, conceptually:

User/group Object Permissions
Tom frmThis Open
Managers tblThat Read, Write, Delete
etc.

In fact, the users and groups are not identified by name, in the table
above. If they /were/, you could create a new workgroup file, with the
same names, and no or known passwords, & thereby break into the
database!

Instead, they are identified by a unique number called the Security
Identifier (SID). Each user & group in the workgroup file has a unique
SID. This is not the same as the Personal Identifier (PID), or the
password; all those three are different animals.

You'll find more on this by googling this group for posts from me (TC)
which contain the words SID or MSYSACES.

HTH,
TC
 
J

Joan Wild

Lee Stafford via AccessMonster.com said:
I have set up my workgroup and all my users have been added to their
respective groups and the groups have all been given the correct
permissions. OK, now i have found a calculation error in a report, so I
go back to the original .mdb front end file and make the correction. Out
of curiosity I check the securities and each group is set to have full
permission of everything. I am confused. When I change the security
properties, what file am I actually changing? Am I changing the workgroup
file, or the front end that I am currently working in? I appologize if
the
answer is somewhere obvious. I just can't find it.
Click to expand...

The permissions you set are stored in the mdb file. So when you went back
to the 'original' mdb, you went back to the one that isn't secured.

Users, Groups, passwords, membership is stored in the mdw. Permissions on
the objects are stored in the mdb.

You shouldn't need to go back to the original to make a correction to a
calculation in a report.
 
L

Lee Stafford via AccessMonster.com

Thank you both for your answers. They are very helpful and I think I
understand at least an inkling of it now. :)

The reason I went back to the .mdb was because I had created an .mde file
from it and I didn't think I could make design changes to those types of
files.

Thanks again,

Lee
 
L

Lee Stafford via AccessMonster.com

Another question along the same lines. After fixing the error in the
report, I then changed the permissions again and made another .mde file out
of it......If I send this out to my end users, the securities will all
match up, right? They won't have to do anything to the back-end do they?
I only changed the FE and then made the permissions the same as before. It
should all work fine, right?

Like I said, I think I understand an inkling of it all now. :)

Thanks again,

Lee
 
T

TC

Changing the design of an existing report in an MDB, will not change
any permissions in that (or any other) MDB.

Then, when you make an MDE of the MDB, the permissions from the MDB are
copied to the MDE.

So yes, you should be ok, as far as I can see.

Cheers,
TC
 
J

Joan Wild

Lee Stafford via AccessMonster.com said:
Thank you both for your answers. They are very helpful and I think I
understand at least an inkling of it now. :)

The reason I went back to the .mdb was because I had created an .mde file
from it and I didn't think I could make design changes to those types of
files.
Click to expand...


That is true, you cannot make design changes in the mde. But you should set
up the permissions in the mdb (not the mde). Then any changes can be made
in the mdb. When you make the mde the permissions will be intact.

Otherwise you'd have to redo the permissions every time you made a mde file.
 
L

Lee Stafford via AccessMonster.com

That is very true Joan, I learned my lesson and now they are in the original .
mdb file. :)

Thanks again,

Lee
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to go from 2 secure MDB’s with 1 workgroup to 2 workgroups 8
Replacing Workgroup Security with Domain Groups/Acounts - is it possible 8
Workgroup file limit? 2
User Level Security - Many Questions about FE/BE & no login 12
MDB 'remembers' old MDW 6
2003 User&Permissions Problem in 2007 2
Admin Privileges for Others not Working 0
Trying to program workgroup security using DAO... Help!! 6

Top