Open secured DB without workgroup file

[Guest]

Hello,

I have a database i want to secure so ive set it up with a workgroup file
and appropriate rights and it works for registered users.

Inside the database, i have code to determine their windows account and
limit the access to data from inside the db based on their window account.

However, i would like it to work for ANYONE, not just registered users (ie,
make Admin a user). What i was thinking was making the user 'Admin' a member
of my datausers group which has been locked down completly.

I was hoping that if i removed the password from the admin group, that i
would not need to create a shortcut to use the workgroup file and that anyone
can just launch the mdb directly and it would log them in as Admin. When the
super user needs to go in, they would then use the workgroup to which would
prompt them for an id/password. Is this possible to achieve?

I would like to not have to use the work group file for everyone since our
department manages multiple different versions of access and we would have to
create shortcuts and ids for everyone.

Any help is appreciated.
Ben

 

[Joan Wild]

Basically, you need to give the Users Group whatever permissions you want
'the world' to have. Then they won't need your secure mdw, can use their
standard system.mdw with no login.

 

[Guest]

That sounds like what I was thinking of, but how would a 'super' user (one
with admin privledges) be able to log in and make design changes to the db?
In my tests, they would have to log in using the admin user account, change
the password, then log in with the mdw so that they get the login prompt,
then login. Is there a way around having to change the admin password to be
able to login as an administrator?

Thanks for the help.
Ben

 

[Guest]

Hello sorry about the second post, but I did as you had suggested. The only
problem is that it still requires me to create the shortcut using the
workgroup file. There is no login screen anymore which is good, but i was
hopeing that i could bypass the workgroup file using this method. Is that
possible?

 

[Joan Wild]

The super user would use your secure mdw when making changes. Users would
not use this mdw at all. Since the Users Group has permission, your users
can just use their standard system.mdw workgroup - no shortcut needed.

The super user would use the shortcut, and login to make changes.

See http://www.jmwild.com/SecureNoLogin.htm

 

[Joan Wild]

Hello sorry about the second post, but I did as you had suggested.
The only problem is that it still requires me to create the shortcut
using the workgroup file. There is no login screen anymore which is
good, but i was hopeing that i could bypass the workgroup file using
this method. Is that possible?

No need to use the workgroup file, since you've granted permissions to the
Users Group, and that is common to all mdw files.

See http://www.jmwild.com/SecureNoLogin.htm

 

[Guest]

Joan,

thank you for all your help. your site is really informative.

I have one more problem tho. I followed your steps, however, i cant seem to
lock down the users ability to open datbase tables. i need to remove the
read permissons for anyone who isnt admin (i hope thats clear). i have
queries set up to run under the owner's permissions that obtain the filtered
data, but i cannot have users open and directly modify the data in the tables.

any suggestions?
thanks again!

 

[Joan Wild]

Joan,

thank you for all your help. your site is really informative.

I have one more problem tho. I followed your steps, however, i cant
seem to lock down the users ability to open datbase tables. i need
to remove the read permissons for anyone who isnt admin (i hope thats
clear). i have queries set up to run under the owner's permissions
that obtain the filtered data, but i cannot have users open and
directly modify the data in the tables.

I don't understand what isn't working. If you set up RWOP queries, then
users don't need permissions on the tables at all.

 

[Guest]

you are correct, they dont need permissions. but somehow its defaulting to
them having permissions on the table. it doesnt allow me to disable read on
the tables and it gives them edit aswell.

in step 24 of your instructions, do i allow the users group any permissions?
or do that manually afterwards?

 

[Joan Wild]

you are correct, they dont need permissions. but somehow its
defaulting to them having permissions on the table. it doesnt allow
me to disable read on the tables and it gives them edit aswell.

You need to login using your secure mdw as the super user or whoever owns
the objects. That user will be able to change the permissions.

What are you seeing that makes you think it's 'defaulting' to them having
permissions on the table?

in step 24 of your instructions, do i allow the users group any
permissions? or do that manually afterwards?

You can do it then, or manually afterwards. I generally do it afterwards,
so that I know I'm starting with no permissions and then add back just the
ones I want.

 

[Guest]

Im not sure exactly what I did wrong, but i started fresh again and gave the
users NO permissions and then added them back through the super user...it
seems to be working. I must have made a mistake somewhere along the way.

Thanks again for your patients. I'm new to the idea of db security through
work groups and I think i've got this one working.

Thanks so much!

 

[Joan Wild]

You're welcome.