How did you set up the Access application to join the Sytem.mdw? Do you
mean System.mdw is the default workgroup as specified in Workgroup
Administrator?
Every Access database uses a workgroup file. By default this is System.mdw.
The workgroup file identifes you to the Access application, which specifies
the permissions the user or group has to that particular application. If
you do not specify otherwise, Access silently logs you in as the Admin user,
who by default is a member of the Users group and of the Admins group, which
means Admin has full permissions to all database objects and can administer
database permissions. In effect, the Admin user has unrestricted
permissions to the entire project unless you specify otherwise. Your
understanding about the default System.mdw file seems to be almost the exact
opposite of the way it works.
To specify otherswise you should create a new workgroup file. Make this
file the temporary default, and start the application. The general idea is
that in this new workgroup file you create users and assign them to groups.
In the Access application you use User and Group Permissions to assign
permissions to the groups. Be sure the Admin user is only in the Users
group, and remove most or all permissions from the Users group.
Important: Rejoin the default, untouched System.mdw file.
Open the database by way of a shortcut that inclues the full paths to the
Access.exe file, the mdb (or mde) file, and the new workgroup file. Any
Access application that has not been secured can be opened by double
clicking the file, or through the Access Open dialog. This is useful for
development, demonstrations, and so forth.
This is a very quick summary. The process has been well documented. The
links Arvin provided should prove helpful. One more that I found explained
it all very well was Jack MacDonald's Security Paper here:
http://www.geocities.com/jacksonmacd/
There are also links to an assortment of other security information.
