Scope of User Level Security

[Ian Millward]

I am having my first go at securing a database and am using User Level
Protection rather than a Password Protected DB. I have got it working fine
with all the appropriate levels of permissions doing just what I expected.

This is for a small, single database which will go on a large government
server but is only for the use of about half a dozen users spread around the
country and who will have the Retail version of Access 2000 on their
machines.

To my dismay, I have discovered that all the databases on my machine are
covered by this protection which seems to work per installation of Access
rather than for selected databases. I am concerned that when I install this
on the server, the whole of the Civil Service, who use Access, will grind to
a halt because they do not feature in my Groups. This, of course, is absurd
but I can't seem to find any documentation on how selectivity can be
applied.

Can someone give me a pointer in the right direction?

 

[Joseph Meehan]

I doubt if all the databases are covered by user level security. My
guess is you are starting Access with a short cut that opens the workgroup
file. This asks for your password, even before it tries to open the
database. It makes no difference to the other databases, even if it is
asking for a password.

Try double clicking on one of the databases directly. It should open
without asking for the password.

 

[Van T. Dinh]

If you want to secure a *particular* database, create a separate MDW file to
be used with the database and DON'T change the SYSTEM.MDW file.

You can create a shortcut asking Access to use a particular MDW file when
ever you open this database. This way, when the users use other databases,
they still use the default System.MDW. When the users use the protected
database, they will use the custom MDW file.

If easy to get the Access Security wrong. Suggest you download the FAQ on
Security from Microsoft Web site, read it *twice* and then try on a *copy*
of the database (keep the original unsecure in the mean time!).

 

[Albert D. Kallal]

As mentioned, you need to setup your application to ONLY use your workgroup
file when YOUR application is used and thus not bother everyone else. This
is accomplished by setting up a shortcut that specifies your workgroup file.
No doubt, you will distribute this workgroup file with your application.

Further, you should read up on splitting your database for reasons of
support. (how do you plan to distribute updates to your software to your
users? Splitting is about the only way to manage this problem. For info on
splitting, check out:

Also, when you say users are going to be spread around the country, you are
not talking about a wide area network were all users connect to the one
database are you? If you are considering such a setup, please read the
following.

http://www.attcanada.net/~kallal.msn/Wan/Wans.html

 

[Ian Millward]

Thanks Albert,

<< Also, when you say users are going to be spread around the country, you
are
not talking about a wide area network were all users connect to the one
database are you? If you are considering such a setup, please read the
following.

http://www.attcanada.net/~kallal.msn/Wan/Wans.html>>


Most interesting.

The problem I see with putting a command line reference to the Workgroup
file in a shortcut is that any body using the System Workgroup file and
starting from the File/Open menu can open my file which is only protected by
opening it with my own workgroup file. I am sure it is something I am not
doing right but I am at least heading in the right direction. What I am
looking for is some method internal to my file which will only allow it to
open using my workgroup file irrespective of what is on the command line of
the shortcut..

Ian Millward

 

[Rick Brandt]

Thanks Albert,

<< Also, when you say users are going to be spread around the country, you
are
not talking about a wide area network were all users connect to the one
database are you? If you are considering such a setup, please read the
following.

http://www.attcanada.net/~kallal.msn/Wan/Wans.html>>


Most interesting.

The problem I see with putting a command line reference to the Workgroup
file in a shortcut is that any body using the System Workgroup file and
starting from the File/Open menu can open my file which is only protected by
opening it with my own workgroup file. I am sure it is something I am not
doing right but I am at least heading in the right direction. What I am
looking for is some method internal to my file which will only allow it to
open using my workgroup file irrespective of what is on the command line of
the shortcut..

If your file can be opened with any MDW file except the one you used to secure
it then you didn't apply security properly.

 

[Albert D. Kallal]

The problem I see with putting a command line reference to the Workgroup
file in a shortcut is that any body using the System Workgroup file and
starting from the File/Open menu can open my file

NO, they should not be able to do that! If you loose, or miss place your
workgroup file then you are in trouble!

If your users try and create a new workgroup file, and even add the same
users to that workgroup file, they WILL NOT get in to your application. I
repeat, they can not, and will not be able to open your application. If your
users could simply switch (or create) the workgroup file, then security
would be a joke...would it not?

If you can open and use your database with a different workgroup file, then
you have setup security wrong.

 

[Ian Millward]

Albert,

<< If you can open and use your database with a different workgroup file,
then
you have setup security wrong.>>

That is the whole point, I am trying to get help on how to set it up
correctly. I have read the MS paper on security and put in to practice all
the things they recommend but still no go.

Many thanks

 

[Douglas J. Steele]

Albert,

<< If you can open and use your database with a different workgroup file,
then
you have setup security wrong.>>

That is the whole point, I am trying to get help on how to set it up
correctly. I have read the MS paper on security and put in to practice all
the things they recommend but still no go.

Assuming you're talking about
http://support.microsoft.com/support/access/content/secfaq.asp then I
suspect you missed a step (or two) applying the instructions.The most common
omission is to forget to remove the Admin user from the Admins group (point
number 6 in the section "What are the steps to help protect a database?"