database security

kabir_hussein

kabir_hussein

Registered User.
Local time
Today, 09:32
Joined
Oct 17, 2003
Messages
191
Hi i am hoping to make my database secure so users can not edit the designs of forms or even tought tables. queriies etc

I have had a look at the tools menu and tried using the security wizard but it is a bit confusing can anyone give me some tips

many thanks
 
First and foremost, you could search this forum for topic "workgroup security" which is the keyword you want. But I'll give you a thumbnail of how you should think about this if you want to do it in a way that provides the greatest flexibility yet allows for later upgrades if needed.

You have users. They have roles to play. Decide what those roles are and what each one means. I.e. data-entry clerks, data-quality clerks, query developers, code developers, etc. etc. Or, break it down by departments if that is the way you need to look at it.

What should happen is that you get a set of, for lack of a better term, job descriptions with respect to your database. (Don't care about what they do OUTSIDE the DB.) These descriptions will tell you what each person should be able to do INSIDE the DB.

OK, each description is the basis for one GROUP of users. It is OK for a user to be in more than one group sometimes, but for the most part, this should be a clear-cut separation of powers/abilities. So, using the workgroup tools, you would create GROUPS (make the names short - you'll thank me later).

The more groups you have, the worse off you are, because you have a chaotic situation. The WORST possible case is that everybody's job is unique. (If that is the way it came out, start over again and try to look at the problem a different way, if possible.) The BEST possible case is no more than two or three groups. Looking ahead, you will NEVER assign permissions to users. You will assign them to GROUPS. Then, when you get a new user, you make the user a member of the group. If a user changes jobs, you change the group they belong to.

OK, in the Tools >> Security >> Permissions dialog box, you have a drop-down list of object types - Tables, Queries, ..., Modules - and the database itself, as a whole. You can choose whether you are working on users or groups. Select Groups.

Each object in each class is enumerated in a scrolling list box on that same dialog box. You CAN multi-select objects if you want to give a group the same level of access to every object in a single operation. The "<new xxxx>" object is there, too, so you can set the default for new objects of that class. But remember, you have not less than SEVEN classes of object for which you need to decide the rights.

You have two pre-defined groups: Admins and Users, and one pre-defined user, Admin. (I'll not easily forgive Bill Gates for allowing the only difference between the Admin user and the Admins group to be the letter "s" at the end of the name.) You CANNOT do without the Admins group, and ALL users are automatically and forever members of the Users group. But you CAN do something to protect yourself anyway. By default, Admins has full rights on everything.

Build a user account for yourself and make it a member of the Admins group. Log in to that account. Now make Admin (the user) a member of the Users group but NOT a member of the Admins group. You might need to check on the rights of the Admin user and the Users group. I would curtail them heavily. IN PARTICULAR, I would make absolutely sure that the Admin (user) account does NOT have OpenExclusive on the database object. The Admins group can have that, but NOT the Admin user.

OK, build your other groups. Assign permissions to the groups. Assign users to members of the groups. If you did it right, they inherit all their permissions from group membership and have no individual rights. PERIOD. Well, possible exception... your personal account, if you are going to remain as the administrator, might be the ONLY account with individual rights. Also, the Users group and Admin user should have read-only access to the database. It is possible to deny them access to individual items if you wish. I do that because of a little 'gotcha' associated with workgroups. If a person accesses your database without joining the workgroup first, they come in as.... the Admin user! So by denying this user the right to do much, you block the mavericks who won't join the workgroup correctly.

There is far more to the topic than this, but I believe this to be enough to get you at least started in the right direction. Look up workgroup security, both on this forum and in the help files. Do some reading first, then design your groups. Then and ONLY then, start implementing from there.
 
The Doc is absolutely on the ball

Access security is a minefield for the unwary.

If you like to PM me with an email address I have a couple of documents that help to explain security . Too big to post on forum unfortunately

Len B
 
Hi many thanks everyone for the help, i have a problem whihc i am not sure how to do.

My database is a project management databae. to start a project you have to add the ptoject title, date, client etc.

My manager wants to limit users from using the add part form so they can not add parts to the databae. But if i use the Access security and stop users adding any data. This then does not allow them to add a new project etc.

Does anyone know a way round this.

many thanks
 
This is where you set up different Groups with different permissions.

So maybe you have

Master Group. Basically a Master Administration that can do everything. i.e. You.

Administration Group. Can add projects etc

User Group. Basically read only

You then add prople and assign them to the applicable group.

Alternatively if you have shut off the Database Window (F11) Bypass key and also given custom toolbar that does not allow views to be put into design view you could put all of these Project Add functions behind a password form.

You need to assess how complex each alternative would be in your situation.


Do Users also add data, can you effectively give then Add Data but not Add Project.

Len B
 
hi many thanks for the reply i am not really sure on how to do this but is there a way where users who can add new projects but can not add new parts. And vice versa


thank you
 
The_Doc_Man said:
It is possible to deny them access to individual items if you wish.
Click to expand...


Yes it seems you can but you need to think carefully about Groups and permissions.

Security is a very complex subject all by itself

I quite favour the Master Admin Functions behind a password form provided all other loopholes are closed off if I need to separate those that can and cannot add data.

L
 
hi thanks for the reply

do you know if it quite easy to do a password form so user have to type a password to get access to a form

thank you
 
Have a new form called frm_password with a single text box called txt_Password. Set the Input Mask to password.

have a button underneath with an event procedure

If txt_password =="passwod" then
Docmd.Openform, "frm_to add project,acnormal,,,acformadd
Docmd.Maximise
Else
DoCmd.close acform,"frm_Password"
End If

That was a bit swift but you should get the idea

Got to go home now

Byeeeeeeee till tomorrow

Len B
 
You must log in or register to reply here.

Similar threads

A
The Death of ActiveX: How to Build a CRUD Tree of Accounts in MS Access WITH MCP
Replies
13
Views
756
ayamnash
A
R
A form allowing password login plus "forgot password" facility
Replies
14
Views
978
The_Doc_Man
The_Doc_Man
P
No Options in File - Access Runtime 2021
Replies
8
Views
1,492
LarryE
LarryE
B
Looking for Access UI Design Inspiration – Forms with Buttons or Tabs
Replies
9
Views
3,220
Cotswold
Cotswold
Cotswold
The Trust Centre that doesn't trust me or my PC
Replies
8
Views
549
Cotswold
Cotswold

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom