Remote system administrator

[Guest]

I have to set up an administrator at a remote location to add accounts and
add them to groups. However; I want to restrict them from making any changes
to the design of the database.

The database I created has been split and is fully secured and I have full
administrative rights to it as the owner. The database has been upgraded to
Access 2002.

Problem is; I have lost the original PIDs and names necessary to implement
the instructions at Access Security FAQ #33.

Can the security wizard be used to create an entirely new MDW file which
could then be used to replace the original MDW that was used to secure the
database which could then in turn provide the names and PIDs to complete the
instructions at FAQ # 33?

What are the implications of running security wizard on a split database?
Will it have to be un-split first?

I have noticed in testing the wizard encrypts the database in the final
phase automatically. When tyring to decrypt it Access states in the status
bar it is encrypting it no matter how many times I attempt to decrypt.

Any suggestions would be appreciated.

 

[Joan Wild]

The database I created has been split and is fully secured and I have full
administrative rights to it as the owner. The database has been upgraded to
Access 2002.

Problem is; I have lost the original PIDs and names necessary to implement
the instructions at Access Security FAQ #33.

Since you have full administrative rights, you should unsecure it. Then
resecure it, and follow through with a production copy of the mdw as per
#33.

 

[Guest]

Thank you for the response. Please bear with me to see if I fully understand:

1. Remove all security from the database
2. Run the Security wizard to create a new MDW (or modify the existing?)
3. Create a SystemAdmin MDW using the PIDs and name from (2)

 

[Jeff Conrad]

Do you still have the PID for your Super User?
I **might** have an easier way to do this if
you have that information.

 

[Joan Wild]

Thank you for the response. Please bear with me to see if I fully understand:

1. Remove all security from the database
2. Run the Security wizard to create a new MDW (or modify the existing?)

Create a new one, this time taking note of the PIDs (which you should do
anyway).

3. Create a SystemAdmin MDW using the PIDs and name from (2)

Actually you create a Production MDW and make some user a member of the
Admins in this MDW. Ship the production mdw - they will be able to manage
users, but not modify permissions on objects.

 

[Guest]

No, unfortunately, I have lost them although I do recall printing them off in
March, 2003.

I am assuming I should be logged into the front-end of the database when I
run the Security wizard; correct?

 

[Joan Wild]

No, unfortunately, I have lost them although I do recall printing them off in
March, 2003.

I am assuming I should be logged into the front-end of the database when I
run the Security wizard; correct?

If I were you, I'd import the backend tables into the frontend, unsecure it
and then resecure it. Once it's secure, then split it, but don't use the
database splitter. See
http://www.jmwild.com/SplitSecure.htm

 

[Jeff Conrad]

Darn, my method won't work then.
:-(

I would make a report of all the object permissions before
you begin for easy reference. You can either use the built-in
Documentor function for this or use an add-in I recently completed.

I never use the Security Wizard to secure databases; I always
secure it manually. You may want to see Joan's steps here
for a good walk-through:

http://www.jmwild.com/security02.htm

Her first step says just to open Access, not the FE.

 

[Guest]

After several attempts I have accomplished the following:

1. Moved the backend tables to the frontend.
2. Removed security (perhaps only partially - see following)
3. Using Wizard created a new Secured.MDW with myself only as a user.

The Secured.MDW and the database are operating as expected. Admin user is
totally disabled and I am the only one permitted to enter the database at
this point.

However; when checking ownership of the objects in the database I note
everything lists me as the owner with the exception of:

MSysIMEXColumns
MSysIMEXSpecs
MSysRelationships

These three items are have Admin listed as the owner. I tried placing a
password on Admin once again and added it to the Admins group; then attempted
to switch ownership of the three above noted items to myself without success.
Each time I am informed I do not have permission to make the changes.

Any thoughts on how to correct this?

 

[Joan Wild]

After several attempts I have accomplished the following:

1. Moved the backend tables to the frontend.
2. Removed security (perhaps only partially - see following)
3. Using Wizard created a new Secured.MDW with myself only as a user.

The Secured.MDW and the database are operating as expected. Admin
user is totally disabled and I am the only one permitted to enter the
database at this point.

However; when checking ownership of the objects in the database I note
everything lists me as the owner with the exception of:

MSysIMEXColumns
MSysIMEXSpecs
MSysRelationships

These are system tables and there is no problem leaving the ownership as is.
In fact you shouldn't play with the ownership of any system tables.