I keep being able to bypass Access user-level security...

M

Marko Stojovic

Registered User.
Local time
Today, 07:58
Joined
Jan 25, 2001
Messages
29
I hope someone can help me...
I've been trying (partially in vain)to set up user-level security in Access 97.
I created a new workgroup, joined it, added myself as a user+administrator, revoked administrative rights from the Admin user, created a copy of the whole database whilst logged on as myself (bypassing the known security bug), and then assigned permissions to various users.

While I'm a member of the workgroup I created, there is no problem - the system asks me for my password. However, when I leave the workgroup I created, and join the default system workgroup, I am able to log on freely without Access asking me for a password at all!

Another thing is that even though my colleague has also joined the workgroup, he gets no password request at all...

It all baffles me somewhat, and I've had to use other options such as securing the whole folder where the database is housed. However, if there's anybody who has struggled with this or has some suggestions, I'd be very grateful!
 
You definitely forgot to remove the rights for both standard Administrator and User (attention: Individuals and GROUPS as well!!)

Since the standard SYSTEM.MDW contains these two (four) accounts, everybody has full access to your data.
 
Yes, I consciously didn't set any restrictions as far as database objects are concerned. Therefore, anybody who managed to log on to the database would have full access to all the objects.

However, I don't understand why the Admin User can bypass the log-on procedure, given that all users should be required to log on with a password. The password for the Admin user is set, but the logon box doesn't appear unless the Admin user is a member of the specific workgroup I created (which of course s/he doesn't have to be, given that anyone accessing the application may belong to a random workgroup and will be the Admin user).

By the way, I took the Admin User off the Admins group, so it is only a member of the Users group.

[This message has been edited by Marko Stojovic (edited 01-26-2001).]
 
You must log in or register to reply here.

Similar threads

D
Darshan Hiranandani : How to Access a Password-Protected MDB Database with an MDW File and Unknown User Password?
Replies
3
Views
634
Isaac
Isaac
jwcolby54
Database Properties - Did you know
2 3
Replies
43
Views
1,457
xavier.batlle
X
The_Doc_Man
Important Security Guidelines
2
Replies
24
Views
1,080
The_Doc_Man
The_Doc_Man
D
Solved Change password using tempvar not passing to following form
Replies
4
Views
481
Gasman
Gasman
A
MS ACCESS connect to SQL server BE: Authentication Prompt every time I attempt to
Replies
4
Views
476
GPGeorge
GPGeorge

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom