read and write in server without any shared drive or folders

[nazemmazem]

Hello everyone
I really need a solution for my problem
Could I access to server with VBA?
I mean I want to read and write in a folder in server without sharing that folder
I searched and I couldnt find any answer
Is there a code for this?
Could someone help me?
Thank you all And sorry for my bad English

 

[HiTechCoach]

Hello everyone
I really need a solution for my problem
Could I access to server with VBA?
I mean I want to read and write in a folder in server without sharing that folder
I searched and I couldnt find any answer
Is there a code for this?
Could someone help me?
Thank you all And sorry for my bad English

Welcome to AWF!

For VBA to be able to write to a folder, you must have permissions at the Operating system level.

It must first be configured in Windows. To write to a folder on another machine or server, you must have permissions to that folder. The permissions are granted by creating a "shared" resource in Window/Operating System.

 

[pbaldy]

You could create a hidden share, which would be accessible through code but not visible to anyone casually navigating the network.

 

[nazemmazem]

thank you for replying
but it doesn`t work
maybe i must explain more
i have some documents in a folder in sever and i have some users
every user should see some documents and shouldnt see the others(and it`s very important)
so i cant share the folder for all of them
i define users and documents and permissions in my database
what can i do now?

 

[Banana]

Why not just make subfolder in that share folder and assign permissions to each user via Windows so they can only access their own subfolder?

 

[nazemmazem]

Why not just make subfolder in that share folder and assign permissions to each user via Windows so they can only access their own subfolder?

thank you
but I cant.
if each documents belong to only one user, then I could do that
i cant copy one document in many subfolders
then what can i do for changed or reversion documents.
it`s not good solution
documents must be unique
thanks anyway

 

[Banana]

Ah, I see. It does sounds like your needs will be best served by using some kind of Document Management system... Sharepoint is an example of one but I'm sure there are other more specialized & lightweight (and cheaper as well). At least look into few software to be certain you don't end up re-inventing the wheel for less functionality and more money.

If you are really set on using Access, the two other thoughts I have at this point is to use Active Directory to manage the permissions, or use RunAs so the Access database is then managed by a dummy account that has full permissions to the share folder but "dispense" the file to only user that are authorized to view/modify it. Either solution requires quite good deal of VBA and solid understanding of the system, which is why I suggested looking into Document Management software first.

HTH.

 

[nazemmazem]

Ah, I see. It does sounds like your needs will be best served by using some kind of Document Management system... Sharepoint is an example of one but I'm sure there are other more specialized & lightweight (and cheaper as well). At least look into few software to be certain you don't end up re-inventing the wheel for less functionality and more money.

If you are really set on using Access, the two other thoughts I have at this point is to use Active Directory to manage the permissions, or use RunAs so the Access database is then managed by a dummy account that has full permissions to the share folder but "dispense" the file to only user that are authorized to view/modify it. Either solution requires quite good deal of VBA and solid understanding of the system, which is why I suggested looking into Document Management software first.

HTH.

that`s right
it`s Document Management system
I make it with access 2003 and it takes 2 months
I solve all problems
users, documents,permissions,reversions, and security levels and the others
and it`s already done

except one problem that i told you
if I couldnt find the right answer i have to drop it away
in this program, administrator user give permissions to other users to see some documents
and every users can see taht documents in a form
thank you so much
but I dont know what Active Directory and RunAs are
and I dont know how can i use them
I saw two other Document Management system
but they`re not with Vba and access
first one made a read only folder and shared it for everyone
that was a joke you know
and the other one made a folder and gave full permission to only one user
and the other users able to see the documents with his account
now if i make a folder and share it for only one user
is there a code in VBA to access to that folder wiht his username and password?

 

[Banana]

Interesting. Sharepoint avoids those problems you described but only because Sharepoint is a server, so the files are owned by Sharepoint. I'd be surprised if there weren't any other DMS solutions that used a server as well.

But if you insist on using the existing system, you need a RunAs which is basically what you are asking for. What this will require:

1) Creating a user account. Give the user account exclusive permissions to the share folder.
2) Create a little start up utility (whether as an Access file, a VBScript, a .BAT file, whatever rocks your boat) to start an new Access as that user account.
3) When the user want to view a file, have VBA run to copy the file out of that share folder into the desktop or similar.
4) When the user want to update a file, have the user choose the file and VBA then copy it back into the share, assuming the user has the permission granted by the database.

Because Access is running as that dummy user account and not the user itself, it has the full permissions to share folder (and thus VBA will be able to work on those files) whereas the users cannot navigate to the folder via Windows Explorer.

The problem is ensuring that you do not create a new security hole - the dummy account must have no OTHER permissions and you have to work out how to "log in" as the dummy. RunAs supports SaveCred so you do not need to supply the password everytime you execute the RunAs but this is a gaping security hole because a savvy user then could use the RunAs utility outside of the startup utility and thus get the same permissions.

I'm assuming you do not have Active Directory, since you don't know what it is. (it's what corporates use to manage Windows account for all computers in the corporate - it's included whenever anyone run a Windows server of some kind)

HTH.

 

[nazemmazem]

I understand
this is very good solution
but I dont know how can I log in at the dummy account,
i saw your post about Runas here

http://www.access-programmers.co.uk/forums/showthread.php?t=137331&highlight=runas

and i saw this

http://www.access-programmers.co.uk/forums/showthread.php?t=189884&highlight=runas

almost the same problem and you answered it too

but i dont know how can I make a RunAs
or Is there any VBA code to log in at the dummy account or another account?
with best wishes

 

[Banana]

RunAs is a utility already included in Windows. You would use a Command Prompt to call it.

I'll see if I can whip a little demo.

 

[nazemmazem]

I really thank you my friend

 

[The_Doc_Man]

Your problem stems from the fact that you are trying to do something that is an operating system function using a non-operating system program. An Access Control List on a document would limit who could read or write it, but there is a problem in that too many Access Control Entries in the list will absolutely kill performance. Further, if someone decides to be malicious, they can duplicate any steps you do inside your program but just bypass your security code.

As has been pointed out, server A won't talk to server B except through protocols (File Sharing Protocol being one of them). But when you establish the protocol, you make it available to all users who have the credentials regardless of the application they use. You cannot lock the protocol on the other end of that linkage.

Your asked if you could access a file without establishing file sharing. The answer is a qualified "NO." The exceptions are if you can do something like an FTP call to pick up or put back the file. Then use your Access application to control who can do this action. Problem? FTP is another commonly found protocol. So it is again just the issue that you cannot prevent someone from launching FTP against this file, either.

Which leaves this idea...

Go ahead and create a public share. When you store a file, ENCRYPT IT with some sort of key. At that point you don't care if somebody can see the file. They can't make any sense out of it, can't use it, and can only abuse it.

You then track the key you used, which might be numeric based on date/time, or it might be based on just a random number generator. In any case, you store the file by ENCRYPTING it. Then you use Access to hold / hide the keys based on your list of users who have / don't have the rights to the given file. Rather than trying to use Access to circumvent the file security system, just use it as an ordinary file system. But make the files themselves the extraordinary feature.

Then, of course, you must check the file out by DECRYPTING it and when you check it back in, ENCRYPT it again. And what you control isn't the file but the encryption key. All you need then is a function that can execute some SSL functions to encrypt or decrypt a file - functions you can fire off from a SHELL script.

Unfortunately, I'm not in possession of a good encryption tool myself, so I cannot offer a recommendation. If this idea appeals to you, though, you can do a web search for such types of tools. Usually, they are part of an SSL package.

Some ZIP packages also allow you to encrypt what you zip and also have command-line elements that would grant you the ability to specify at least a short key via SHELL commands. I have to leave that one detail to you.

You commented that English isn't your native language. I hope my explanation helps you. If something about it confuses you, please post back in this thread, with the understanding that I don't check here daily.

 

[nazemmazem]

thank you man
i get it well
i`ll try to ENCRYPT files in public share
thanks for your time

 

[Banana]

Still working on the demo.

I realized that a much more robust solution, short of getting a proper DMS program could be had by using a RDBMS backend and storing file as a BLOB field. The Access can interact with the server (it can be MySQL, PostgreSQL, SQL Server Express, Oracle Lite, whatever you prefer) and even use its security to manage the permission to the file so you can be certain the user do not get to see the files they shouldn't be seeing, and they can't overwrite the file they shouldn't be overwriting.

 

[The_Doc_Man]

Just a note: Banana's solution is probably easier than mine if the files are small enough. But you also need the resource implied, a back-end server with enough storage to manage the files as BLOB fields. Further, if someone figures out the requirements to connect directly to the back end server, it's just like FTP or a file share with access controls.

If you are rolling your own document management system, you actually don't care about the document itself. You care about the process of managing it. Tracking its state, remembering who has it (or is it now "checked in" and no one has it...), preventing people from casually (and undetectably) mucking about in the file, that sort of thing.

By the way, if you choose an encryption scheme and an SSL package is available, you might wish to not only encrypt the file, but also generate a hash code for the file so that you can test whether someone got to it through an unauthorized method. MD5 hash codes look like just a long string that could be stored in a relatively small number of bytes, like between 32 and 64. Other kinds of security strings are possible. Then when a file is checked in, you generate and store the hash and an encryption key. Encrypt the file. When you check it back out, decrypt it and regenerate the hash. If the old and new hashes match, you know that it hasn't changed since last check-in.

Just a follow-up thought.

 

[nazemmazem]

thank you and thank banana
you are really good