Security Wizard Report

[Mia_placidus]

When I originally set up the scurity on my database I got
a Security wizard report which listed the name, password
and PID for each user. It does not include the
information for users previously created. I never saw the
offer to printthe report repeated when I went back to the
security wizard.

1) Is there a way to print the report outside the security
wizard?

2) Can I use it to recover the PID's for "lost" users.

3) Do I need to keep the PID's or just the stings used to
create them?

4) If I ever needed to recreate the workgroup file using
this information, how exactly would I do that?

 

[Joan Wild]

When I originally set up the scurity on my database I got
a Security wizard report which listed the name, password
and PID for each user. It does not include the
information for users previously created.

This doesn't make sense - you have a report for the 'original set up of
security', but not for previously created users. How could there be any
users created previous to the original setup?

I never saw the
offer to printthe report repeated when I went back to the
security wizard.

Could be. If I add users after the fact, I do to via Tools, Security,
Accounts; not rerunning the wizard.

1) Is there a way to print the report outside the security
wizard?

After you printed the report, the wizard offered you the option of saving
the report as a snapshot file (.snp). If you said Yes to this, you'll find
the file in the same folder as your secure mdb. If you said No, then no you
can't print the report again.

2) Can I use it to recover the PID's for "lost" users.

Yes. You can recreate the user via Tools, Security, Accounts. If you have
lost a user (not sure how this would happen), you can just recreate the
username, ans use a different PID and assign them to the necessary groups.
The only user where it's critical that you have the PID, would be the user
that is the owner of the database.

3) Do I need to keep the PID's or just the stings used to
create them?

Not sure what you mean - the PID is a string.

4) If I ever needed to recreate the workgroup file using
this information, how exactly would I do that?

You'd use the workgroup administrator (tools, security menu) to create a new
mdw file (it doesn't have to be the same name, but the User Name and
Workgroup ID must be the same). Once it's created, you'd join it and open
Access. I would create a new mdb (you'll discard it later). This may not
be necessary, but won't hurt. Go to Tools, security, Accounts and create
the groups you have in the report (use the same names and Group ID).

You would then create the users (using the same names/IDs), and assign them
to your groups.

 

[Jonathan]

I suspect what Mia meant here was that she created some accounts using
Tools, Security, User and Group Accounts before she when on to use the
User-Level Security Wizard. Which is pretty much what I did.

Jonathan

 

[Guest]

You are correct. I must have run the security wizard more
than once and I have the report for the second or
subsequent try. Accordingly, the report has things in it
like
Usename: Previously Created
Companyreviously Created
Workgroup Id: Previously created

Also the Group Id for the admins and users accounts are,
naturally, previously created.

When I created new users it asked for a username and a
personal Id. For UserName I put in something like
MarthaSmith and for personal ID I put in something like
PurchasingDBA. Access apparently converted the Personal ID
that I entered into a long nonsense string like
xswK4QLi1lPMJ548i and reported that string back in the
report. Along with the users password.

It's not clear to me how this nonsense string came about.
If Access used the ID I entered as some kind of a seed,
then entering the same seed might not result in the same
coded string.

Since the report says I need the information in the repor
t to re-create the workgroup file, I assume that means the
coded string and not the entered string. In any case the
report doesn't give back the entered string, so if you
didn't write it down, then you are SOL.

Likewise for the Username and the Workgroup ID.
Fortunately, I do have those written down. As I understand
what you say, these are critical to re-establishing the
workgroup file when this thing fails. This brings up the
same question: do I need the string I entered "QBFox" or
the encoded string sent back in the report:
qtOt5fH77hgelpst?

Unfortunately, My own string and password came back as
Previously Created. The password I know but the string is
probably gone. I guess I can create a new user, give him
all the same permissions I have, and then change all the
owners.

I didn't understand all the security stuff when I started
this, so I just relied on the wizard, and I may have run
it several times before I learned to use the security menu.
I thought this was a two-level thing where the security
menu controlled permissions to Access objects and the
Wizard just created the workgrp file that controlled who
had access to Access.

Any way, I have the report, but not the original report
and the snapshot of the report, copies of the workgroup
file, another copy of the DB with security removed, etc.,
but this report might be very helpful if I could print a
current and complete issue.

I guess all the Please Help Me Escape From Security
messages have me freaked out. WIBNI there was a way for
the owner to recreate the file with all the current info.
If you create new users using the menu you might never see
the PID's.

Now that I see how this works, I think I'll make a new DB
from scratch and put a new security system on it, from
scratch and get the full report.

 

[Joan Wild]

I suspect what Mia meant here was that she created some accounts using
Tools, Security, User and Group Accounts before she when on to use the
User-Level Security Wizard. Which is pretty much what I did.

That might exp
lain your other question/problem. You modified the default system.mdw. The
very first step in securing a database is to create a new workgroup file.
It is essential to follow all the steps, and in order.

Security FAQ
http://support.microsoft.com/?id=207793

Security Whitepaper
http://support.microsoft.com/?id=148555

Although the whitepaper is old, it contains information to help you
understand security.

I've also outlined the detailed steps at
www.jmwild.com/AccessSecurity.htm

 

[Joan Wild]

You are correct. I must have run the security wizard more
than once and I have the report for the second or
subsequent try. Accordingly, the report has things in it
like
Usename: Previously Created
Companyreviously Created
Workgroup Id: Previously created

OK that makes more sense.

When I created new users it asked for a username and a
personal Id. For UserName I put in something like
MarthaSmith and for personal ID I put in something like
PurchasingDBA. Access apparently converted the Personal ID
that I entered into a long nonsense string like
xswK4QLi1lPMJ548i and reported that string back in the
report. Along with the users password.

Are you sure you didn't enter PurchasingDBA as the password (not the ID)? I
just tested and Access didn't change what I entered. I would believe the
report.

Since the report says I need the information in the repor
t to re-create the workgroup file, I assume that means the
coded string and not the entered string. In any case the
report doesn't give back the entered string, so if you
didn't write it down, then you are SOL.

Go with what the report tells you.

Unfortunately, My own string and password came back as
Previously Created. The password I know but the string is
probably gone. I guess I can create a new user, give him
all the same permissions I have, and then change all the
owners.

You could, but read on....

I didn't understand all the security stuff when I started
this, so I just relied on the wizard, and I may have run
it several times before I learned to use the security menu.
I thought this was a two-level thing where the security
menu controlled permissions to Access objects and the
Wizard just created the workgrp file that controlled who
had access to Access.

The wizard, actually any wizard in Access, just does a series of steps for
you. There isn't a single thing it does that you couldn't do vie the menus.
By the way, I assume you are using 2002 or 2003. You shouldn't rely on the
wizard in 2000. The wizard in 97 only does some of the steps.

Any way, I have the report, but not the original report
and the snapshot of the report, copies of the workgroup
file, another copy of the DB with security removed,

Since you have the unsecured backup of the mdb, I'd suggest you start over
with it. If this is the only database that you have attempted security on,
and you have no other secure mdb files, then use Start, Search and locate
all mdw files on your computer. I believe, given what you've described,
that you modified your system.mdw file which ships with Access. Delete all
the mdw files you find. Then start Access. It will create a new system.mdw
for you.

Rename the yourmdb.bak to yourmdb.mdb. Open Access, and yourmdb.mdb.

I guess all the Please Help Me Escape From Security
messages have me freaked out. WIBNI there was a way for
the owner to recreate the file with all the current info.
If you create new users using the menu you might never see
the PID's.

If you never assign permissions directly to users, but rather to groups
(which is the easiest for maintenance), then the user PIDs don't matter.
What is critical is the Workgroup ID, the groups and their IDs, and the
owner of the database. The rest can be re-established once you have the
workgroup/groups back up.

Now that I see how this works, I think I'll make a new DB
from scratch and put a new security system on it, from
scratch and get the full report.

You don't need to create a new db from scratch, as you have the backup.
Also I would advise you to clear your machine of all the existing workgroup
files.

Further reading
Security FAQ
http://support.microsoft.com/?id=207793

Security Whitepaper
http://support.microsoft.com/?id=148555

I've also outlined the detailsed steps at www.jmwild.com/AccessSecurity.htm

 

[Miaplacidus]

Thanks guys, you were a lot of help.
Joan, you must have the patience of a saint.

I guess it goes to show that if there is ANY way to screw
something up, some moron will be smart enough to find out
what it is.