What's missing?

[Tom Stoddard]

I've created a new security (mdw) file and joined the workgroup. I created
some users and groups, put myself in admins and took admin out. I put a
minimal password on the user "admin".

I created a new database whiled logged in as myself so that I would own the
database. I secured the back end and front end so that everything works as I
wanted it to.

Then I exited the application, opened access and joined the default
system.mdw workgroup. I was then able to open the new database I had created
and secured without using a password and I had access to everything
including my back end data which "admin" does not have in the custom mdw I
created.

What have I forgotten to do? How can I prevent other users from opening this
database if they are using their default mdw workgroup?

 

[Joan Wild]

You need to follow every step in the security FAQ (or other sources). For
instance, you don't mention removing permissions on all objects from the
Users Group.

Security FAQ
http://support.microsoft.com/?id=207793

Security Whitepaper
http://support.microsoft.com/?id=148555

I've also outlined the detailed steps at
www.jmwild.com/AccessSecurity.htm

 

[Tom Stoddard]

Thanks, Joan, I was rereading the security faq when I received your reply.
My mistake was that I hadn't removed the open/run permission for the
database object from the group "Users".

I had read the security FAQ but not while I was setting things up. One thing
about the faq which disappoints me is that it tells you that if you want to
secure a database without using the security wizard, you should follow the
steps outlined below. In step 7, and I quote "Open the database that you
want to secure and run the Security Wizard."

I purposely did not use the security wizard because I'm just experimenting
right now. I want to understand this from the ground up. I guess I'll try it
again with the wizard to see what I can learn from it.

 

[Joan Wild]

I had read the security FAQ but not while I was setting things up.
One thing about the faq which disappoints me is that it tells you
that if you want to secure a database without using the security
wizard, you should follow the steps outlined below. In step 7, and I
quote "Open the database that you want to secure and run the Security
Wizard."

I can't find where it says in the FAQ "if you want to secure a database
without using the security wizard...."

I purposely did not use the security wizard because I'm just
experimenting right now. I want to understand this from the ground
up. I guess I'll try it again with the wizard to see what I can learn
from it.

You don't need to use the wizard if you don't want to. All it does is a
series of tedious steps, which you can do yourself.

Instead of step 7, create a new mdb and import all the objects from your
unsecured mdb (that'll make you the owner of them all).

Then go to Tools, security, permissions and remove all permissions for all
objects for the Users Group. Then start creating your own groups/users and
assigning permissions to them.

You'll find that the wizard just does this for you. There can be an
advantage to not using the wizard in 2002/2003. There is a bug which could
cause you grief if you want to add more groups after the fact.

 

[Tom Stoddard]

Thanks again. I'm using Access 2003 so I will avoid the wizard. The exact
sentence I referred to in the faq is the last sentence before step 1. I've
copied it and pasted it below:

You may elect not to use the Security Wizard and to secure the database
manually by following these steps.

The version of the faq I have is 2.41, dated October 2000. Is it out of
date?

 

[Joan Wild]

Thanks again. I'm using Access 2003 so I will avoid the wizard. The
exact sentence I referred to in the faq is the last sentence before
step 1. I've copied it and pasted it below:

You may elect not to use the Security Wizard and to secure the
database manually by following these steps.

The version of the faq I have is 2.41, dated October 2000. Is it out
of date?

No that's the latest; I was looking at an older version. As I said you can
secure it manually. Post back if you run into trouble.