# signs

[nashat21]

hello!

lately our db has been giving us the error "Unrecognized database format" and we have had to repair our back end (at least once every day). After we have repaired, we normally find one or more records full of ### signs in one or more tables and delete them. The past few times, though, these ## signs have been causing a loss of relationships and the past two times, the repair has resulted in a loss of entire tables!!!!!!!!!! what could be the problem. we have been backing up every 15 minutes but we would like to find a solution rather than having to resort to backups.

any help is greatly appreciated.

nashat

 

[The_Doc_Man]

A couple of questions come to mind:

1. Is this table being shared by multiple users across a network, whether local-area or wide-area?

2. If 1 is yes, did you implement WorkGroup security as part of this database design?

3. If 2 is yes, did you take steps to block anyone from mucking the design of various data objects like queries and forms etc? (By implementing various security restrictions.)

Your description is consistent with the data processing phenomenon sometimes called "destructive interference" - in which the left hand does not know (or care) what the right hand is doing. In a free-for-all database with wide-open security (translate as "NO security"), if two folks attempt to make changes to the same object at the same time, they can. But no other user's copy of Access will know it. So if two users have the same object open and optimistic (or NO) locking is set on the design of your objects, there is flat-out NO WAY TO KNOW what will get corrupted.

 

[nashat21]

the answer to 1 is yes and the answer to 2 is no.. we tried to implement workgroup security but every user in this office has administrative privileges and i did not (and still do not) know how to bypass that issue. the other problem we were having with limiting privileges is that people could not populate labels and faxes (mail merge) from the db.. the only security we have at this point is record level locking and i have no way of discering whether that works or not.

thanks,

nashat

 

[The_Doc_Man]

There is still a way, though you will have a hard time taking things away from folks who will probably be indignant about losing privileges. But this works. I know because I've got a bunch of administrators as the users of my Access database, too.

First, institute workgroup security. Create an empty workgroup. Put it in the same directory as the shared database. Give it a name other than SYSTEM.MDW - perhaps something similar but not identical to the database name. Don't join that workgroup quite yet, though. Give everyone an account. Do NOT give them individual privileges. Don't give yourself individual privileges either. Just let the accounts exist as members of the Users group, which is the default case.

Next, create a couple of NEW group descriptors in the database. You will already have two: Users and Admins. Basically, you will NEVER again use those two, they are about to become totally useless. You will need two more groups.

Group 1 is the REAL administrative group. This group has EVERY POSSIBLE PRIVILEGE on EVERY OBJECT IN THE LIST. Plus every privilege on the <New xxxx> object that is the top of every object list in the permissions dialog.

Group 2 is the powerful but not absolute group that represents your other users. TAKE AWAY "OPEN EXCLUSIVE" from this group. Also step through the available privileges to see whether there are structural things you DON'T want them to do for your critical structures. Like, perhaps, no rights to delete objects that they didn't themselves create.

Step through the existing DB objects to assure that they are owned by YOU and not by Admin account. (Or owned by whatever name you chose to be the new admin account.)

Put your newly created account into the first group (the one with ALL privileges), whatever you called it. Now immediately exit the database. Join the new workgroup. Now re-enter the database under the name you chose for your personal account.

COMPLETE ALL OF THE ABOVE BEFORE YOU ATTEMPT THE FOLLOWING STEPS. (Otherwise, you are in the situation of the cartoon character who sits on a limb in order to saw it off...)

Now edit the Users group so that it is READ-ONLY for everything. Maybe even take away "view design" from Users if you want to be really picky. Do the same for the Admins group. Assure that you also take away OPEN EXCLUSIVE from the Admins group.

Now tell everyone that if they don't join the workgroup, they don't get into the database. They'll grumble, but this should help the stability of the DB and it should also make them more aware of how often they were stepping on each other's toes.

Now I'll tell you why you did what I said you should do:

By default, if you don't join a workgroup, you come in as user Admin (no "s" on the end), who is a member of the Admins (with an "s") group. Which has OPEN EXCLUSIVE and a bunch of other rights. But if you re-define a new Admins group and put yourself in that group, you can retain control when you take away the rights from the others.

The use of groups to control security rights makes it easier in the case where lots of users have the same rights. You just assign them membership in the group rather than giving each one his or her own individual rights. That way, the job comes closer to being reasonably manageable.

I know that setting up WorkGroup security is a pain in the toches but it should help with at least SOME of the problems you are seeing. Maybe not all. But I'm guessing that ANY help is better than none, given the frequency of database backup that you described.