Access/Jet Backend Share Permissions

[JMongi]

I assume that all database users will need full permissions to the local network share that contains the backend, else Access couldn't write to the database.
Split Database; Backend on network share; Fronend on local computers

Is this correct?

 

[theDBguy]

They need, at least, "modify" (read/edit/delete).

 

[JMongi]

Which is enough permissions to do anything really. But, thanks for clarifying for me.

 

[theDBguy]

Which is enough permissions to do anything really. But, thanks for clarifying for me.

Yes, enough for Access users; but hopefully not enough for doing a huge damage like changing permissions or something.

 

[JMongi]

I'll keep that in mind. Just trying to firm up all the various locations, permissions, etc.

 

[theDBguy]

I'll keep that in mind. Just trying to firm up all the various locations, permissions, etc.

Good luck!

 

[The_Doc_Man]

As the others have stated, you need the generic MODIFY permission on the database itself AND on the folder where it is located. You also need AT LEAST PassThru (an advanced permission) on all parent folders of the folder holding the database. You do NOT need generic FULL CONTROL because you don't need to change permissions or ownership of the files.

 

[JMongi]

Thanks for the info @Pat Hartman and @The_Doc_Man.

Right now, a user would have to know how to browse to the server domain and find the share the BE would be stored in. Currently, I'm the only employee that knows how to do that. That could change in the future (we're a small company). We don't need to sweat unauthorized access too much. I just need to prevent accidental and casual mucking about. I think adding the "$" to the share to make it hidden should be sufficient to prevent unintentional access and prove intentional access if it occurs.

This is just the basics of our DB infrastructure. It's good to get a firm grasp on what is required. Thanks!

 

[JMongi]

@Pat Hartman - Yes, that makes sense.
That is what I intend. I realize my first sentence in #9 was phrased ambiguously.

I didn't mean I expected users to browse the network to search for a BE. I meant, IF a user already knew how to browse server shares that could potentially be an issue given their need for permissions so that they could use the database BE. As you stated much more clearly than I, hiding the network share used to contain the BE and FE source files and managing the linking before distribution is good security practice to mitigate unwanted intrusion.

 

[gemma-the-husky]

If you give the actual back end folder a less than obvious name, then it wouldn't be apparent.

However note that if a user can get to the database window/navigation pane then hovering over a table will show the correction string. Also if the user can write code he might be able to find data that is otherwise hidden.

If security is such an issue, an access back end is not really the best solution, I think.

 

[JMongi]

Security is not that much of an issue. However, this seems like a simple thing that doesn't make my life much more difficult but adds another layer of knowledge on the end users part to mess something up intentionally or otherwise. And, yes, I do plan on managing the navigation pane visibility as well. Thanks for the input!