The first means that the workgroup information file you created when securing
your database will be used as the default when you open Access, i.e. for any
database.
The second creates a shortcut which open the particular file using the
workgroup information file you created for it. This is done by specifying
the workgroup information file in question in the shortcut's command line.
Other databases will use whatever is the default workgroup information file
(by default System.mdw).
The workgroup information file holds information on the users and groups.
It includes built in groups Admins and Users and a generic user account
Admin; when you open an unsecured database without logging in you are the
Admin user. You add groups and user accounts to the workgroup information
file when implementing security.
The workgroup information file does not ' apply security' as such; that is
done within each database by assigning permissions to objects to users and
groups. Its better to apply permissions to groups rather than individual
users and make users members of the groups as appropriate.
In a secured database by removing the Admin user from the Admins group and
creating a new user in that group only the new user has the irrevocable power
to administer database objects which all users of the Admins group enjoy.
Consequently the Admin user is only a member of the Users group. By removing
all permissions from the Users group (to which all users belong) anyone
attempting to open a secured database as the default Admin user is barred
from doing anything.
So if you have just one 'workgroup' using all your databases, i.e. the same
user and group structure is appropriate to them all, you could if you wished
make your new workgroup information file the default. If you have more than
one workgroup, either including different groups and users or the same users
but with different group memberships, i.e. you've secured several databases
and created separate workgroup information files for each then go for the
second option and create a shortcut for each database on each authorised
user's desktop. By specifying the appropriate workgroup information file in
the shortcut each will open using the correct one. The second approach is
usually more appropriate as, unless the number of secured databases and the
overall user base is very small, different databases will almost certainly
have different user patterns and consequently different security requirements
in terms of users and groups. As the default System.mdw file will be used
when any user opens Access directly or opens an unsecured database file
directly they will be able to do so without logging in but will not be able
to open any secured database as they will then be the Admin user to whom all
permissions are denied.
Ken Sheridan
Stafford, England
