Splitting and permissions

[Guest]

How are permissions handled when splitting a secured database? I split my DB
manually and noticed that the permissions on the tables are different between
the front and back ends. Which does Access use?

Thanx,
RipperT

 

['69 Camaro]

Hi.

I split my DB
manually and noticed that the permissions on the tables are different between
the front and back ends. Which does Access use?

Access uses whichever security permissions assigned to the database file.
After you created a new database file, did you secure the tables, just like
the front end? No? Then it has no security permissions assigned to that
database file and everyone can open it without joining your workgroup.

Instead, you should try Joan Wild's (Access MVP) advice on how to easily
split a secure database on this Web page:

http://www.JMWild.com/SplitSecure.htm

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)

 

[Guest]

Joan Wilds site advises a 5 step process to split the DB and I used those
steps to split mine. Her 5 steps, however, include nothing about permissions
or re-assigning them - or further securing tables.

Access uses whichever security permissions assigned to the database file.

What is the 'database file' you're referring to? The front or the back?

After you created a new database file, did you secure the tables, just like
the front end? No? Then it has no security permissions assigned to that
database file and everyone can open it without joining your workgroup.

As I understand this statement, each time I want to update the permissions,
I will have to do it on both the front and the back end. I guess I need to
know if the front end and the back end are considered two separate database
files, each with its own set of permissions. Is this the case? Sorry I'm a
bit wishy-washy on this, but I'd really like to understand it. Thanx for
taking time to educate me!

Ripper

 

['69 Camaro]

Hi.

Her 5 steps, however, include nothing about permissions
or re-assigning them - or further securing tables.

Both copies retain the original security permissions. However, once an
object is deleted, the permissions for that particular object are gone, too.
So you won't find a list of forms, for example, and their assigned
permissions in the back end, because the back end database file will hold
the tables and relationships only. The front end will now have links to
those tables instead of having the tables themselves, so that may be the
only difference in the set of security permissions from the original
database file before the split.

What is the 'database file' you're referring to? The front or the back?

Both are database files: Sales.MDB and Sales_BE.MDB. The former is the
front end and the latter is the back end, but they are both database files.

As I understand this statement, each time I want to update the permissions,
I will have to do it on both the front and the back end.

Once the database has been split into two files, this is true. Any changes
made to security permissions in one database file are not transfered to any
other database file.

I need to
know if the front end and the back end are considered two separate database
files, each with its own set of permissions. Is this the case?
Yes.

Sorry I'm a
bit wishy-washy on this, but I'd really like to understand it.

No need to be sorry. You need to fully understand how it works in order to
implement security correctly.

Thanx for
taking time to educate me!

You're welcome!

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)

 

[Joan Wild]

Hi.


The front end will
now have links to those tables instead of having the tables
themselves, so that may be the only difference in the set of security
permissions from the original database file before the split.


Once the database has been split into two files, this is true. Any
changes made to security permissions in one database file are not
transfered to any other database file.

The permissions you grant on the linked tables in the frontend are just
that - permissions on the links. Permissions on the backend tables are
those that apply to the data.

If you grant full permissions on the links, but Read Data/Design on the
backend tables, they'll only be able to read data, so it doesn't really
matter what the permissions are in the frontend, as long as they're less
restrictive than the backend.

Of course, if you go with RWOP queries, users don't need permissions on the
tables at all.

There is more information in the security FAQ
http://support.microsoft.com/?id=207793

 

['69 Camaro]

Hi, Joan.

Thanks for adding some more details that I left out in my reply.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)