New Designer security problem

[Guest]

This will be my 3rd try at solving this. I've created my 1st Access 2000
database but can't secure it. I've already posted this problem 2 previous
times. None of the responses - which were followed to the letter - have
helped. The problem is this: I have set up my seucity system (with me as
the owner of all objects) with 2 basic groups - myself alone in the Admin
group (and a member of all other groups) and a separate group for other users
(different from the users group). Permissions were given to these groups for
the appropriate restrictions. The only time anyone accessing the database is
asked for a username and password is when they use my machine - the one used
to create the database. All other computers on the network allow instant
acces without a request for a name and password. Is there a flaw in Access
2000 that I'm not aware of?

 

[Rick Brandt]

This will be my 3rd try at solving this. I've created my 1st Access
2000 database but can't secure it. I've already posted this problem
2 previous times. None of the responses - which were followed to the
letter - have helped. The problem is this: I have set up my seucity
system (with me as the owner of all objects) with 2 basic groups -
myself alone in the Admin group (and a member of all other groups)
and a separate group for other users (different from the users
group). Permissions were given to these groups for the appropriate
restrictions. The only time anyone accessing the database is asked
for a username and password is when they use my machine - the one
used to create the database. All other computers on the network
allow instant acces without a request for a name and password. Is
there a flaw in Access 2000 that I'm not aware of?

Whenever a file is opened in Access without being prompted for a username
and password then the account being used MUST be the default user "Admin"
with authorities also inherited from the default group "Users".

A properly secured app will have zero permissions and ownership assigned to
both of these entities. If people who are not prompted to login can open
your file then either the user "Admin" or the group "Users" has permissions
or ownerships that they should not have. Your new custom user accounts and
groups have no bearing on this problem. The issue is that the default user
and group have authorities that you should have removed.

 

[Guest]

As you said, I took all permissions away from my USERS group and from my
ADMIN user. Now the opposite has occurred - I can ONLY open the database on
my machine. What now?

 

[Rick Brandt]

As you said, I took all permissions away from my USERS group and from
my ADMIN user. Now the opposite has occurred - I can ONLY open the
database on my machine. What now?

That is absolutely how it is supposed to work. Now you make your workgroup
file available on the network to all users who need to use your MDB file and
create for each of them a shortcut that specifies your workgroup and mdb
file as command line arguments.

"Path to MSAccess.exe" /wrkgrp "Path to workgroup file", "Path to mdb"

When they use this shortcut they will be prompted for a login and if they
enter a valid one they will be allowed in. If they attempt to open the file
without using the shortcut they will be denied access.

 

[TC]

You really need to obtain & follow a detailed list of instructions such
as, the Access Security FAQ (often referenced in this newsgroup).

For example, did you start by creating a *new* workgroup file with a
unique Workgorup Identifier? If not, you've left some holes from the
get-go

HTH,
TC

 

[Guest]

Thanks. I finally got your suggestion to work, but now a new problem has
occurred. A table that users have all but "administer permission" is now not
accessible to users. The permissions are through membership in a group with
those permissions. Any suggestions?

 

[Rick Brandt]

Thanks. I finally got your suggestion to work, but now a new problem
has occurred. A table that users have all but "administer
permission" is now not accessible to users. The permissions are
through membership in a group with those permissions. Any suggestions?

The only thing I can suggest is that your permissions and/or group
memberships are not what you think they are.

 

[TC]

As I asked you before, did you start the process by creating a new
workgroup file with a unique Workgorup Identifier?

If you didn't, then, you've left a huge hole that anyone with access to
your PC could easily use, to access your database with full
permissions, without knowing any passwords.

If that comes as a surprise to you, you need to stop trying to do it
piece by piece, and instead, obtain & follow a detailed list of
instructions such as, the Access Security FAQ (often referenced in this
newsgroup).

HTH,
TC