Run-time version of Access bypasses Secured file

[Tony_VBACoder]

I have a very interesting situation relating to Access
2002 (SP2) WinXP and the Run-Time version of Access. It
appears that the Run-Time version bypasses the User-Level
Security that I have applied to my "front-end" database
allowing the user to open my application.

Some of my users have the Run-Time version of Access,
whereas others have the full version of Access. I have a
split database (front-end/back-end) where both the front-
end and back-end have been secured. I have provided a
short-cut file that has the full path to the MDW file and
MDB file, that the user is to use to launch my
application. Here is the interesting part if the user
decides to not use my icon shortcut to launch my
application:

1) When a user with the full version double-clicks on
the "front-end" .MDB file, they get the error message "You
do not have the necessary permissions to use...". This is
good and is exactly what I want. If they also click on
the "back-end" .MDB file, they get the same error
message; which again is good and is exactly what I want.

2) Now, when a user with the Run-Time version of Access
double-clicks on the "front-end" .MDB file, they are able
to get into the .MDB file, bypassing all Security that has
been applied. This is NOT what I want to happen. I did
put in some message boxes to test what user (CurrentUser)
Access thinks is logged in when a user attempts to open
the database with this method, and Access says it is
the "Admin" user.

3) However, if the user double-clicks on the "back-
end" .MDB file, Access loads but gives a blank screen,
which I guess is OK since it is seems to be not opening
the database. But why isn't the user presented with the
same error in #1 above: "You do not have the necessary
permissions to use..."


Can someone explain to me why I am experiencing #2 above?

Thanks.

 

[Paul Overway]

This occurs because you have not properly secured your database. See
http://support.microsoft.com/default.aspx?scid=/support/access/content/secfaq.asp
and follow directions provided in #1...you must complete ALL the steps
outlined or your database will not be secure.

 

[Tony_VBACoder]

Paul, thank you for the reply, however, that is exactly
how I secured both my front-end and back-end database. I
followed all 10 steps precisely, so I know that I secured
it properly.

 

[Rick Brandt]

Paul, thank you for the reply, however, that is exactly
how I secured both my front-end and back-end database. I
followed all 10 steps precisely, so I know that I secured
it properly.

You previously stated that when in the Runtime (without a prompt) you see
that the CurrentUser() returns "Admin". A properly secured database should
have zero permissions and zero ownership for the "Admin" user so it would
appear that your app is NOT properly secured.

Have you double-checked whether "Admin" owns the database and/or any
objects within? This is easily missed and owners have permissions above
and beyond any that you have explicitly given them.

 

[Tony_VBACoder]

Yup...there was a step that was omitted that related to
the Admin user getting all permissions. Once I reapplyed
User-Level Security and made sure to double-and-triple-
check all my steps along the way, everything is working
the way I expect it to.

Thanks for the all the help.