Question User security

F

foxy

Registered User.
Local time
Today, 18:52
Joined
Feb 17, 2009
Messages
64
I have developed an access app on my C: drive. I have set up user and group accounts, passwords and permissions so that users could not view form design or table design etc. I then copied the mdb to the server, got a user to log in from another PC and they were just allowed straight in, not prompted for a login at all.

Are the user accounts not stored within the mdb? Are they stored on each local install of Access 07?

If so, how do I implement this type of security whilst making the app available on the server?

Cheers

Foxy
 
When you set up security in Access, the security settings (User IDs, User Groups, Passwords and Permissions) are saved by default in a file called System.mdw

System.mdw normally resides in the Windows/System folder on your computer.

The System.mdw on my computer is different than the System.mdw on your computer. Why? I have different software, settings and set up than you do.

As a result, if your database is copied onto my computer and my System.mdw has no Access security settings, it lets me right in with no challenge.

At the same time, if you save the security settings for you secured database to System.mdw on your computer, all of your other Access databases are now requesting a log in before they will open.

The way to go is to create a new .mdw file (different name than “System”) which is in the same folder on the server as the database. This file will contain your security settings for that specific database. You have to place this new .mdw in the path on your shortcut to the database so that anyone who opens the database will have to enter their UserID and Password.

For an excellent overview of Access security, go to:
http://www.geocities.com/jacksonmacd
download the first file – Security Paper by Jack Macdonald. It’s a little long but it tells you everything you need to know.
 
because of issues with system.mdw, you should never implement security by modifying system

create a new secure workgroup and use that.

the other issue is that in the new workgroup, you first thing you need to do is ADD a new ADMIN user with a password, then delete ADMIN from the ADMINS group.

This is because EVERY user is automatically a member of ADMINS, and if you dont delete ADMIN, you dont in fact enforce any security.

But if you delete ADMIN first, then you are stuck, as you have no ADMIN user to create a new ADMIN user - you can lock yourself out of all your databases with no recourse, if you are not careful.
 
You must log in or register to reply here.

Similar threads

D
Remote desktop vs. browser based web apps.
Replies
13
Views
3,629
Albert D. Kallal
A
D
Solved Can You Restrict Important Info In Azure If Customer Owns Azure Subscription?
Replies
15
Views
755
dalski
D
A
Secure Storage Model for Microsoft Access: Stream-Based Encrypted Data Architecture(for discussion)
Replies
5
Views
412
GPGeorge
GPGeorge
D
Darshan Hiranandani : How to Access a Password-Protected MDB Database with an MDW File and Unknown User Password?
Replies
3
Views
1,179
Isaac
Isaac
S
Batch file for updating local frontend Access database copy
2
Replies
26
Views
3,938
arnelgp
arnelgp

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom