N
Nick Balstone
I've thoroughly read the security FAQ and Jack MacDonald's alternative
guide to setting up security in Access, but I'm still not 100% clear
on a particular point, and would greatly appreciate clarification from
those in the know.
I've gone through the whole procedure of:
- creating a new secure mdw, using wrkgadm.exe
- opening my db using this mdw (via a new shortcut)
- set a password for the default user Admin
- closed Access, and restarted via the shortcut, and logged in as
Admin
- created a new 'superuser', and added them to the Admins group
- closed Access again, restarted and logged in as the 'superuser'
- created new groups: "newadmins" and "newusers"
- made the superuser the owner of the database (did this via the
Immediate window rather than by creating a new db and importing -- it
worked, as the User permissions dialog now shows the superuser as
being the owner of the db)
- made the superuser the owner of all objects in the db
- created a set of users, and put them into the appropriate group
(newusers or newadmins)
- set up group permissions: newadmins have all permissions, newusers
have read, insert and update permissions
- removed all permissions from the default groups Admins and Users
- removed all permissions from all users, including the default Admin
user
This works fine when I run my secured db via the secure mdw file,
everyone has the permissions that I was hoping for.
However, upon opening the same db via the default system.mdw, the
default user (i.e. Admin) appears to have full permissions to do
anything.
What I then did was to go into the User and Group permissions dialog
in the default version of Access and removed all permissions from the
Admin user there. That then did the trick -- the db can now only be
opened by using the secure mdw file and logging in with
username/password.
What's my problem, you may well be asking? It is that this final step
doesn't seem to be documented in the FAQs. And thinking about it,
security is set on the individual db, so once I removed all rights
from the default Admin user (using the secure mdw) shouldn't that have
rendered the database unusable via the default system.mdw? And when I
distribute the db to the rest of the team then I'm going to have to
remove all permissions to this db from the default Admin user on each
of their workstations to stop them opening it except via the secure
shortcut I give them. Surely that can't be right.
Can anyone tell what I've missed in my procedure above?
Thanks in advance,
Nick
guide to setting up security in Access, but I'm still not 100% clear
on a particular point, and would greatly appreciate clarification from
those in the know.
I've gone through the whole procedure of:
- creating a new secure mdw, using wrkgadm.exe
- opening my db using this mdw (via a new shortcut)
- set a password for the default user Admin
- closed Access, and restarted via the shortcut, and logged in as
Admin
- created a new 'superuser', and added them to the Admins group
- closed Access again, restarted and logged in as the 'superuser'
- created new groups: "newadmins" and "newusers"
- made the superuser the owner of the database (did this via the
Immediate window rather than by creating a new db and importing -- it
worked, as the User permissions dialog now shows the superuser as
being the owner of the db)
- made the superuser the owner of all objects in the db
- created a set of users, and put them into the appropriate group
(newusers or newadmins)
- set up group permissions: newadmins have all permissions, newusers
have read, insert and update permissions
- removed all permissions from the default groups Admins and Users
- removed all permissions from all users, including the default Admin
user
This works fine when I run my secured db via the secure mdw file,
everyone has the permissions that I was hoping for.
However, upon opening the same db via the default system.mdw, the
default user (i.e. Admin) appears to have full permissions to do
anything.
What I then did was to go into the User and Group permissions dialog
in the default version of Access and removed all permissions from the
Admin user there. That then did the trick -- the db can now only be
opened by using the secure mdw file and logging in with
username/password.
What's my problem, you may well be asking? It is that this final step
doesn't seem to be documented in the FAQs. And thinking about it,
security is set on the individual db, so once I removed all rights
from the default Admin user (using the secure mdw) shouldn't that have
rendered the database unusable via the default system.mdw? And when I
distribute the db to the rest of the team then I'm going to have to
remove all permissions to this db from the default Admin user on each
of their workstations to stop them opening it except via the secure
shortcut I give them. Surely that can't be right.
Can anyone tell what I've missed in my procedure above?
Thanks in advance,
Nick