Security: Advice on remote admins

TinkerMan

TinkerMan

Dooh!
Local time
Today, 10:53
Joined
Jan 12, 2005
Messages
35
Hi :)

I'm currently in the process of testing security before shipping my database off. I have read the access security faq, but I'm not sure which option to go for. The main factor that makes me doubt, is that the db will be sent to locations that I will not be able to physically get to myself. I am hoping that some of you have some experience on dealing with remote installations of your databases.

Option 1:
  • Use one workgroup file
  • make a user_admin user which is NOT member of the admins group
  • rename the workgroup file to an mdb, open it and give the user_admin permissions to edit the user and group table
The problem with this approach is that the user_admin can assign any user to the admins group, which basically defeats the whole purpose of this option really.

Option 2:
  • Use two workgroup files (development/securing and distribution)
  • make the user_admin a member of the Admins group in the distribution file
As the Admins group is different in the distribution workgroup file, it is impossible to change any database object. The only problem is if something were to go wrong (which I think is highly unlikely :D ) it might be good to be able to manually walk the user through fixing the problem, and to do that it is likely that some database object needs changing, therefore needing an admin login...

comments or suggestions welcome :)

Thanks again :)
 
Your db must be split. Providing db design updates to the front end when neccessary will prevent the user from losing data. Search around for the topic is all over the forum.
 
Thanks ghudson :)

This is a very important point, although I have always done that, exactly for that reason, for all my db's.

After keeping this on the backburner over night, I seem to have concluded that option 2 is the only alternative that does not by default invalidate the security. I'll try fixing the problems by sending them new frontend db's. If all hell breaks loose, I'll just send a workgroupfile with a temp admin password. As long as that file is not spread to other sites it'll probably be ok. If I get really paranoid I could always recreate the db with new admins ID to invalidate the temp workgroup file.
 
You must log in or register to reply here.

Similar threads

D
Darshan Hiranandani : How to Access a Password-Protected MDB Database with an MDW File and Unknown User Password?
Replies
3
Views
480
Isaac
Isaac
M
Solved Can I access the user passwords in the MDW file?
Replies
13
Views
688
gemma-the-husky
gemma-the-husky
B
Advice Request : Simplest method to allow multi-site access to a prototype database
Replies
10
Views
402
Pat Hartman
P
M
help am old and its been 4 years since I worked on access
Replies
10
Views
408
The_Doc_Man
The_Doc_Man
T
Question about multiple users
Replies
6
Views
372
Pat Hartman
P

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom