Security + Splitting

[L'apprentis]

Hi everybody,
I have been spending the last few days trying to find a way through the "access security Maze" which I believe I have just done. I have been following the "Ms Access Security Faq to the letter" and just now, I can open the database via a desktop shortcut including a custom workgroup address and I think everything is working fine. Now, I am trying to organise the next step which is splitting the application.

GHudson stated:

I find it easier to start out with one database that has everything in it 
[including the security]. Then I copy the db. Rename them so that one is the 
front end, one is the back end. The security will still be in both since they are 
exact copies. Then remove the shared tables from the front end, remove 
everything else from the back end [except the tables that will be shared].
 Then relink the shared tables from the front end to the back end.

Using custom shortcuts will make it easier for the users to open the front 
end with the correct workgroup. You can customize the shortcuts target 
field with all the required file and workgroup info.

I Understand prtty well what's being said but am getting a bit confused of where and how the different part of the application should be organised on the network:

*The back end file should be on the network drive(drive F)
-That's fine...

*The front end should be distributed only on the station using the application:

1) Does that mean that I could place the FE on the F drive for a short
while and ask the different user to copy the application and past it on their own drive and then delete the FE of the share drive.

2) I will have to use the custom shortcut with the specific work group on each station. Should they all have the same shortcut which would mean that there is only one FE on the F drive and not make much sense or Should the shortcut link to the FE application save on their drive which doesn't make much sense either because they could open the DataBase without the shortcut with their own "default" Workgroup and wouldn't be secure anymore.

I apologize for my confusion and have probably missed a basic step in my reasonning but if anybody could redirect me in the right direction, I would really be gratefull.

 

[ghudson]

The front end should be on the users computer [C:\ drive]. You can mimick this by doing it on your computer. [You should have a user copy and a programmers copy of all files related to the application] Then you only have to give each user a copy of the front end, the custom shortcut and the workgroup file. I use WinZip to create a self extractor file to install the db package where it belongs. WinZip sells a self extractor add-on so that the user can not modify where it extracts the files to or you can use the version that is included with WinZip.

 

[L'apprentis]

Thank you very much for your advice ghudson. I don't want to sound like an idiot but there is still a fact that I am not sure of. If I put the Fe and the shortcut to the user drive, the user can access any of those:
-If the user click the shortcut, the security is applied
-If the user decide to access the FE directly, the security is not applied anymore?
Is there a mistake in the way I'm overviewing the situation?

 

[L'apprentis]

Sorry to be going on about security but I think i have miss one step. I am using access 2003.
Once you start the wizzard you got the 2 options:

1)Create a new Workgroup information file
2)Modify my current workgroup file (if you have created one previously)

If you choose option 1) you will get asked If "I want to create a shortcut to open database", in that case the data base can only be open by the wizzard shortcut.

I am in the option 2) situation where I have Created the workgroup file and the shortcuts manually which seems to be working pefectly ( the workgroup is only applied to the database with the shortcut), the problem i have though is that I can still open the database file itself? Is there an option where you can state if the database should be open exclusively via a shortcut?

 

[ghudson]

Your db is not properly secured if you can still open it directly from Windows Explorer. Your "secured" db should only open up with the custom shortcut if the security is correctly setup. Sounds like your computer is joined to your new workgroup file. You need to rejoin your computer back to the default [original] System.mdw file. Hopefully you have not altered it. Then you can begin testing and updating the workgroup security.

 

[L'apprentis]

That's what I am not sure of because i have rejoined my computer to the default "system.mdw" I can open all my different application normally without any password. the password is only asked when I click my custom shortcut (with the secure workgroup I have created)

 

[ghudson]

If you can open a db that you have not applied new securtiy to from Windows Explorer then you should be okay. You should be prompted to enter a user ID and password when you try to open a secured db with your custom shortcut. You should not be able to open a secured db directly from Windows Explorer.

 

[L'apprentis]

Well, I have decided to create the Mdw file via the wizzard and now the database seem to be properly secure and can't be opened unless using the shortcut. I have now personalised the shortcut path and the workgroup file where Made sure that Admin is only part of users and not admins. I have separated manually the application on Be and FE and everything appear to be normal. I am still pretty annoyed at the fact that my Database wouldn't be properly secure if I was creating the workfile first and then using the wizzard, I can't see what I've missed or misunderstood, i'll try to have a look again later.
I would like to thank you Ghudson for all your help and all the unvaluable threads you've been part of on that matter.