Relink FE/BE tables with new user id

[Guest]

Using an Access 2003 FE/BE - FE is mde file. Have removed the Admin user
from the Admins group, established new admin id with full permissions,
cleared the paasword for Admin id, removed all permissions from Users group -
applied this to both FE & BE.

If I create a new user id (with password) and put it in a seperate group and
assign the appropriate permissions how do I keep my users from having to
enter a ID and Password to launch the FE (it launches using the Admin id
currently)? I use the refreshlink code from the Security FAQ and need to have
this new user be able to relink the BE tables.

Thanks - Jerry

 

[Joan Wild]

Using an Access 2003 FE/BE - FE is mde file. Have removed the Admin
user from the Admins group, established new admin id with full
permissions, cleared the paasword for Admin id, removed all
permissions from Users group - applied this to both FE & BE.

There is more to implementing security than that. Download and study the
security FAQ
Security FAQ
http://support.microsoft.com/?id=207793

Security Whitepaper
http://support.microsoft.com/?id=148555

Although the whitepaper is old, it contains information to help you
understand security.

I've also outlined the detailed steps at
www.jmwild.com/AccessSecurity.htm

 

[Guest]

Joan,

I have completed all the steps (just wanted to layout the key ones) and have
a secured database (both the FE mde and the BE mdb), what I am trying to do
is to have an application that does not required a user to login to but keep
the backend protected from being opened by the default system.mdw. This
application will be distributed to users outside the company.

Thanks
Jerry

 

[Joan Wild]

Joan,

I have completed all the steps (just wanted to layout the key ones)
and have a secured database (both the FE mde and the BE mdb), what I
am trying to do is to have an application that does not required a
user to login to but keep the backend protected from being opened by
the default system.mdw. This application will be distributed to users
outside the company.

You'd secure that backend using the same mdw as the frontend. If you don't
want users to login, then grant limited permissions to the Users Group.
Then they'll be able to use their system.mdw workgroup with no login.

As for relinking, you still grant the necessary permissions to the Users
Group.

 

[Guest]

According to # 14 in the Security FAQ the user needs to have Read Design
permissions to be able to relink tables, so any user that is in the Users
group would be able to open the BE without the FE and view the table designs?
If so then this is what I am trying find a way around - I was looking at the
Workspace username property and wondered if I changed it in my startup vba
code to the user I setup as Admin would this then allow me to relink the
backend without users having to enter an id/password?

Hopefully this makes sense?#?

Jerry

 

[Joan Wild]

Read the full section i.e. 14.3 No Permissions necessary.

 

[Guest]

OK .. I am using this approach for the relinking, so may be my real question
is:

I want to have no permissions for the Users group or Admin user but I don't
want my users to have to login to the application...so I setup a new group
call it AppUsers and added 1 user id to the group with a password. I then
set the permissions on the FE/BE for this user to read design,
read,insert,update and delete data. I need to have the FE launch with this
new id in order to access my forms, data, etc so I am trying to find a way to
login through code (or some other approach) for this id - I have looked at
changing the username for Workspace(0).UserName=newid but not sure if that
will accomplish what I want to do.

Thanks for your patience..

Jerry

 

[TC]

There is no way that "changing the username for Workspace(0).UserName"
will do what you want. I think that you may misunderstand how it all
works. This is what happens.

1. When Access starts, it selects which workgroup file to use. It does
this before it has even opened the database.

2. Having selected which workgroup file to use, it then tries to log on
as user "Admin" with a blank password. If that works, you're in (as
user Admin). If it doesn't:

3. Access then displays the logon box. When you enter a username &
password, Access tries to log-on as that user & password. If this
works, you're in (as that user); if it doesn't, it stays on the logon
box.

At this point, Access has chosen the workgroup file /and/ the user who
you are logged on as. There is absolutely nothing whatever that you can
do, to change those two selections, at this point, unless you quit
Access & start again. So trying to change the UserName property of the
default Workspace object, is doomed to failure.

You /can/ use the CreateWorkspace method to create a new workspace "as
if" you were some other user in the current workgroup file; and you can
do various things programatically, with that new workspace; and those
things will be treated (by Access) "as if" they had been done by that
other user; but you can /not/ make Access start using that workspace
for the normal user interface.

HTH,
TC

 

[Joan Wild]

I want to have no permissions for the Users group or Admin user but I
don't want my users to have to login to the application

That isn't possible. No login means that there is no password for the Admin
user, and users are silently logged in as 'Admin'. But you grant no
permissions for Admin, so they won't be able to do anything. You can set up
security so that there is no login, however that involves granting limited
permissions to the Users Group. Al you're doing is relinking tables, what
harm can they do?

 

[Guest]

TC - Just I thought - I was able to use the CreateWorkspace to "login" as
another user and modify tables. Thanks for the help!

Jerry

 

[Guest]

Joan - I was confused between linking and setting permissions - I now
understand that the 2 of them are not related - I was able to relink my
tables and then use the CreateWorkspace to modify the table structures with
another login other than Admin.

Thanks for all the help!

Jerry