B
BruceM
I have studied a number of articles and documents about user-level security
(Access 2003). I finally decided to use Joan Wild's step-by-step
instructions to implement security, then I read Jack MacDonald's paper to
learn more about what I had just done. I may be ready to look through the
MS FAQ again.
It seems to have worked in my limited test, but I have a few questions.
1) From what I can tell, when I go to User and Group permissions and view
group permissions, one of the items that can be checked is "Administer". I
expect this is to administer user accounts, assign ownership if needed,
clear passwords, and all that sort of thing. Is that correct?
2) I have created a number of test users, all of whom have the same password
and the default PID (that 20-character string of letters and numbers). The
idea is that I will create shortcuts for individual users so that clicking
on the shortcut fills in that person's user ID. To do that I am using this
as the target in the shortcut:
"path to msaccess.exe" "path to the mdb file" /user UserName /wrkgrp "path
to secure mdw file"
I realize that a separate shortcut for each user is an administrative hassle
on the one hand, but there are some advantages such as the username always
being correct on that user's computer. The number of users is small enough
that it should work OK. I can change the strategy if need be. Anyhow, my
question is about a strategy for deploying the shortcuts, and specifically
about forcing the users to choose a password.
3) In a related question, I know that I can clear a user password if it is
forgotten, but then the shortcut above opens the database without any
security at all. Again, how can I force the user to select a password?
4) In a split database, I'm still trying to sort out when I assign
permissions. Do I assign permissions to objects, then split the database,
or do I assign permissions for tables in the back end and other objects in
the front end, or what? I'm still having trouble getting a conceptual
handle on this aspect of security.
5) I would like to have the username appear in records at times. Are spaces
in the user name OK, or is it like spaces in field names, which can create
extra work down the road?
6) If I assign permissions to groups, but there is one user with a unique
set of permissions, can I assign permissions to that user independent of the
group? Even if it is possible, is it advisable, or should I create a custom
group for that one user?
7) Why would I as the developer want to change ownership of database
objects? It is possible, I know, but I can't quite imagine why unless maybe
on a large project with several developers.
(Access 2003). I finally decided to use Joan Wild's step-by-step
instructions to implement security, then I read Jack MacDonald's paper to
learn more about what I had just done. I may be ready to look through the
MS FAQ again.
It seems to have worked in my limited test, but I have a few questions.
1) From what I can tell, when I go to User and Group permissions and view
group permissions, one of the items that can be checked is "Administer". I
expect this is to administer user accounts, assign ownership if needed,
clear passwords, and all that sort of thing. Is that correct?
2) I have created a number of test users, all of whom have the same password
and the default PID (that 20-character string of letters and numbers). The
idea is that I will create shortcuts for individual users so that clicking
on the shortcut fills in that person's user ID. To do that I am using this
as the target in the shortcut:
"path to msaccess.exe" "path to the mdb file" /user UserName /wrkgrp "path
to secure mdw file"
I realize that a separate shortcut for each user is an administrative hassle
on the one hand, but there are some advantages such as the username always
being correct on that user's computer. The number of users is small enough
that it should work OK. I can change the strategy if need be. Anyhow, my
question is about a strategy for deploying the shortcuts, and specifically
about forcing the users to choose a password.
3) In a related question, I know that I can clear a user password if it is
forgotten, but then the shortcut above opens the database without any
security at all. Again, how can I force the user to select a password?
4) In a split database, I'm still trying to sort out when I assign
permissions. Do I assign permissions to objects, then split the database,
or do I assign permissions for tables in the back end and other objects in
the front end, or what? I'm still having trouble getting a conceptual
handle on this aspect of security.
5) I would like to have the username appear in records at times. Are spaces
in the user name OK, or is it like spaces in field names, which can create
extra work down the road?
6) If I assign permissions to groups, but there is one user with a unique
set of permissions, can I assign permissions to that user independent of the
group? Even if it is possible, is it advisable, or should I create a custom
group for that one user?
7) Why would I as the developer want to change ownership of database
objects? It is possible, I know, but I can't quite imagine why unless maybe
on a large project with several developers.