security for 100+ user and dbs without having to signin

J

Joelle921

I am charged with securing 100+ dbs which are used by 100+ users - most
dbs are reporting only and don't require any user data-entry so they
can be ReadOnly.

Currently all users default to Admin and don't use (or want to use)
ids/passwords to signon. What I'd like to do is limit the security for
Admin and setup a new group - SuperUser - which would then have
unlimited security to all dbs. So only if I (or another administrator)
logs on a SuperUser will the db allow full authority.Is this possible??

Is there any other way to limit security to all other users without
forcing them to sign on each time??

Can I create a group EndUser and force the id/password thru each time
they click to open a db from the front-end menu - ie in the Shell
statement - tho there would be an issue if they open the db anyway
other than thru the menu - they'd have to manually enter the
id/password

Can all users have the same id/password so I dont' have to manage 100+

PS - I'm currently forcing the db open as ReadOnly thru the menu but if
they dont' use the front-end menu it opens with Full-access and the
powers-that-be aren't satisfied

Call Shell("""C:\program files\microsoft office\office11\msaccess.exe""
\\accpost\agreements\agrmnt.mdb /ro", 1)


thanks
 
D

david epsom dot com dot au

The correct method is to replace each of these
databases with a secured database, where the
default user has limited permission.

However there is also an incorrect way: in each
database remove all unnecessary permissions from
the default user.

If you do it the incorrect way, the default
user will still be able to go back into the
database and restore all permissions. (Because
you can't actually remove the right of the
default user to administer permissions unless you
create a new database)

1) Unless you follow the documented steps mechanically,
you will probably do it the incorrect way: if you
want it to be right, you should follow the documented
steps mechanically.

2) It might not matter: are your users going to
go in and restore their "write" permissions on
the tables?

3) It might even be better: if you don't secure
this stuff properly, you don't really have to worry
about documentation and succession planning.

Note: the default user is the user called "admin"
by default, the default user has no password, and
by default the default user is the owner of all of
your databases.
 
G

Graham Wideman [Visio MVP]

Minor clarification/addition:

The key problem is that:

a) The owner of a DB can always give themselves permissions.

b) The owner is the user who created the DB. If the DB was created
by someone unaware of security, then likely they were logged in as
the default user "Admin".

c) You can't change the owner of the DB.

....hence the usual advice to establish a new user,
then use that user to create a new DB, then import all existing objects
to the new DB. Etc. And in your case, times 100.


Graham
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top