G
Guest
I created and secured (properly, I thought) an Access database several months
ago for 5 to 7 people in my department to use. Last week we hit a glitch
where a copy of the database appeared alongside the original, with the same
file name except for a "1" at the end, that was mistakenly updated by a user
who then wondered why my reports from the original database didn't reflect
her updates. Still working on the who and why behind the replication, but in
troubleshooting the issue, we found that an unauthorized user was able to
access the original database with no ID or Password prompts, throwing into
question whether it was properly secured in the first place.
I worked down the security FAQ step by step when I set up the database, and
at that time verified that several others who hadn't been given permission
were unable to open it from their desktops. In reviewing other posts
regarding unauthorized individuals accessing a secured database, the most
common response is that the Admin was left in the Admins group, or
permissions still exist in the Users group, neither of which are the case
here. I'm thinking the best idea may be to start over and go through the FAQ
point by point again, but not sure the best way to do that with a database
that is up and running, and being updated daily by several people? Already
planning on doing this after hours, but how do I retain all of the data
without carrying over whatever it was I must have missed that is causing the
problem?
Other responses also referenced jmwild.com/security97 instead of the MS
security FAQ for securing a database and I wondered if that might be an idea
to try since I'm fairly certain I followed the FAQ steps correctly?
Finally, there was an item in the FAQ that I thought might save me from
going through the process again that I wanted to check on. Item #10 talks
about removing the Open/Run permission from the "database container" for the
Users group. With the database open, the permissions window shows the Users
group has no permission to the database or any objects in it, but I wasn't
sure if "database container" referred to something else besides the database
itself that I needed to navigate to?
Thanks in advance for any input on what I know is a rambling mess of
multiple questions. I've been impressed with the thoughtful and
knowledgeable responses from everyone and hope you might be able to point me
in the right direction as well.
ago for 5 to 7 people in my department to use. Last week we hit a glitch
where a copy of the database appeared alongside the original, with the same
file name except for a "1" at the end, that was mistakenly updated by a user
who then wondered why my reports from the original database didn't reflect
her updates. Still working on the who and why behind the replication, but in
troubleshooting the issue, we found that an unauthorized user was able to
access the original database with no ID or Password prompts, throwing into
question whether it was properly secured in the first place.
I worked down the security FAQ step by step when I set up the database, and
at that time verified that several others who hadn't been given permission
were unable to open it from their desktops. In reviewing other posts
regarding unauthorized individuals accessing a secured database, the most
common response is that the Admin was left in the Admins group, or
permissions still exist in the Users group, neither of which are the case
here. I'm thinking the best idea may be to start over and go through the FAQ
point by point again, but not sure the best way to do that with a database
that is up and running, and being updated daily by several people? Already
planning on doing this after hours, but how do I retain all of the data
without carrying over whatever it was I must have missed that is causing the
problem?
Other responses also referenced jmwild.com/security97 instead of the MS
security FAQ for securing a database and I wondered if that might be an idea
to try since I'm fairly certain I followed the FAQ steps correctly?
Finally, there was an item in the FAQ that I thought might save me from
going through the process again that I wanted to check on. Item #10 talks
about removing the Open/Run permission from the "database container" for the
Users group. With the database open, the permissions window shows the Users
group has no permission to the database or any objects in it, but I wasn't
sure if "database container" referred to something else besides the database
itself that I needed to navigate to?
Thanks in advance for any input on what I know is a rambling mess of
multiple questions. I've been impressed with the thoughtful and
knowledgeable responses from everyone and hope you might be able to point me
in the right direction as well.