User Group Permission Read/Update/Insert/Delete NOT READ DESIGN.

A

Andy

Hi;

Just learned something "Frightening" by trial and error.

Have a runtime version created in A2K.

Used "User and Group permissions" to secure it.

The Administrator has a password to open the dbase and be able to access the
designs and codes. (user name: Admin, Pword: *****
The users open the dbase w/o a password, (they do have a password to protect
their data.), (user name: My Name, Pword is left blank.

Discovered this:
If on a "foreign" computer I add a user in Windows called "My Name" without
a password and then open a full version of Access I can import the
tables/qrys/macros into that dbase.

I know why its happening:
To be able to use the secured dbase package the user has to be granted
permissions to "Read, Update, Insert and Delete Data" in the
tables/qrys/macros.

BUT to do that You must also grant permission to "READ DESIGN".

With the Forms and Reports the only permission needed is "Open/Run", the
Forms and Reports CANNOT be imported by user "My Name".

Is there a workaround or another way to block this.

Thank You.

Andy
 
C

Chris Mills

If the database can be opened without a password then it was not secured
properly. In fact, you have used the standard test to tell if it is.

For more information on User Level Security see the SecFAQ at:
http://support.microsoft.com/?id=207793
....or see microsoft.public.access.security

It is true that table Read Design permissions are required (unless one perhaps
uses RWOP queries), but this is not regarded as a security breach.

If you secure it properly, only someone with a valid password can access the
tables. Of course, THEY can copy data out, since you've given them permission
to the data! This is why you commonly lock down your database with other
things as well, such as the AllowBypassKeys property.

And there are some articles like this:
www.access.qbuilt.com/html/security.html#PreventImportFrSecDB

This has nothing to do with runtime. Runtime does limit what a user can do,
but that's for licensing reasons and can't be used as a security measure (they
can just buy Full Acess).

Chris
 
A

Andy

Chris;

Thank You.

Me

Chris Mills said:
If the database can be opened without a password then it was not secured
properly. In fact, you have used the standard test to tell if it is.

For more information on User Level Security see the SecFAQ at:
http://support.microsoft.com/?id=207793
...or see microsoft.public.access.security

It is true that table Read Design permissions are required (unless one
perhaps
uses RWOP queries), but this is not regarded as a security breach.

If you secure it properly, only someone with a valid password can access
the
tables. Of course, THEY can copy data out, since you've given them
permission
to the data! This is why you commonly lock down your database with other
things as well, such as the AllowBypassKeys property.

And there are some articles like this:
www.access.qbuilt.com/html/security.html#PreventImportFrSecDB

This has nothing to do with runtime. Runtime does limit what a user can
do,
but that's for licensing reasons and can't be used as a security measure
(they
can just buy Full Acess).

Chris
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

read only database? 1
Cannot access foreign database Msysobjects - No read rights 2
Forms with Options? 5
Read dBase in asp.net 2
ULS Update/Delete Permissions not working 5
Viewing an Access Dbase 1
Make read only mdb methods 1
read only setting issue 1

Top