Workgroup Administrator

[k7i5t3n]

This may be redundant to most people on this forum, but if anyone has an extra minute, could you possibly try to explain security - specifically the workgroup administrator and the ".mdw file" - in laymen's terms? I would really appreciate it! I created a database for work and messed around with the security before understanding what I was doing, now I need to go in and find a way to fix it since some network users are unable to access reports, but I'm having difficulty understanding the basic concepts. Thanks ahead for your time!!

Kristen

 

[The_Doc_Man]

OK, here's a go at it.

A "workgroup" in Office terms is a group of users sharing files, one of which might be an Access DB.

The "workgroup file" is the file that contains the list of users allowed to share the files associated with that workgroup. It also describes the permissions for each user who could touch the affected files.

A user has an account in the workgroup file. This account includes the user's login name which can (but does not have to) match their network login name. The workgroup file also includes a password that can (but probably will not) match the network password. There is a numeric ID that you assign arbitrarily.

A workgroup file contains groups. If the group is being used correctly, it represents a role that a person can play. For instance, you could have a group called "DataEntry" - the group of persons authorized to enter data into a database. It could have a "Maintainer" group - the group of persons authorized to modify database objects. Or the groups could be "Structure Maintainer" and "FormReportMaint" - split responsibilities. You, as the implied security manager, get to lay this out as you choose. Each GROUP should have rights assigned. Don't assign individual rights to any user.

A workgroup includes two groups (Admins, Users) and one user (Admin) by default. The groups cannot be removed but their properties can be changed. I think you could remove the Admin user but I don't think you SHOULD remove it. Instead, you would make it a member of the Users group (it is anyway) but NOT a member of the Admins group. Be sure you have another account that is a member of the Admins group BEFORE you do this.

If you do the right thing in your design, you have pre-analyzed the roles you want various people to play. You have created new groups corresponding to each role. You have assigned permissions to each role for every object in the database. You have also created accounts for each person allowed to log in to the database. You have created users and assigned them to groups that correspond to their role within your organization.

Search this forum for specific advice on how to modify the permissions on the Users group and the Admin account to improve your DB security.

 

[k7i5t3n]

Thank you for taking the time to post!

Let me ask you, does it matter where the workgroup administrator file is located? We are on a network at work and the original .mdb file is on the network drive and then when I request to look at the .mdw workgroup file, it's in a different folder for each person. Some people can access the database reports when using Access 2003 and some cannot (everyone can access them using Access 2002 - two computers have recently been upgraded to use Access 2003). It seems at random - at first I thought I could and everyone else couldn't since the program recognized me as the Admin user, but I find out today that another random person can show the reports in 2003 as well. Any suggestions as to what the problem might be?

Also, can the program recognize me as the Admin user simply by my network logon even though i haven't created user ids within my group? I checked with the IS department at work and they insist that it doesn't have to do with permissions granted on the network drive. ????

Thanks ahead!!!!