Housing the Databases

[Please Help]

Good morning,

I have a back-end and front-end databases. I do not want any users to have
access to the back-end database, which means I do not want users to think
that there is a BE database. Currently, I have a security setup on the
front-end database so that users have to log in to get into the database;
however, how can I secure my BE database?

How do you guys usually house your BE databases? Do you guys have them in a
remote network directory? I talked to my IT guy, and he said he can create a
remote network directory with a read-only access to the BE database. On the
other hand, he does not think that he can create a remote network directory
with write and read access to the BE database.

Thanks.

 

[a a r o n . k e m p f]

if you have these security requirements, you need SQL Server

Access doesn't really support security _OR_ multiple users.

-Aaron

 

[Please Help]

Hi Aaron,

Thanks for your response. How would you house your BE and FE databases
where users can read and write to the database? At the same time, users have
no direct access to the BE database.

Thanks.

 

[Golfinray]

The BE usually resides on a LAN. The FE is on each users computer with a
shortcut on each desktop. The BE must have read/write/edit delete and the
folder it resides in does also. If you want user-level security see
JMWILD.com.

 

[Wayne-I-M]

Arron has made a mistake

Access is specifically design for a multi user enviroment

The back end can be secured - in the same way a almost anything else on a
computer. This said (and this applies to sql as well) almost anything can be
"got-at" by someone who knows what they are doing.

Ask you IT guy to create the back end then secure it with satandard
security. This will be enough to deter almost all would be "just want to
take a look" tpyes.

If you are working with anything that requires more than standard secutiry
(such as a bank details) you will need to have bespoke application made and
niether access or sql will do the job.

 

[Please Help]

Hi Golfinray,

Thanks for your response. Please tell me more in detail on residing BE on a
LAN. I have no knowledge on the IT side. On the other hand, my IT guy has
no knowledge in databases. So if I tell him to reside it on LAN, he would
not have any idea.

Thanks.

 

[Please Help]

Hi Wayne,

Thanks for your response.

Please tell me more on asking the IT guy to create a BE and secure it with
standard security. I have the BE created and want it to reside it in a
remote network directory.

Thanks.

 

[a a r o n . k e m p f]

if you want the db to work on a remote machine.. and you want to have
more than one person use it-- you should move to SQL Server.

SQL Server works. YOu don't need to worry about people carting off the
whole db; it cannot be done

With Access it's basically impossible to prevent

-Aaron

 

[a a r o n . k e m p f]

hey what makes you say that SQL won't do the job?

I can secure anything in SQL; row level security-- anything.
Analysis Services has 1000000 times better security-- row level
security-- than anything else anywhere.

So now _WHY_ are you saying SQL won't secure it?

What is up with your mis-information, kid?

Aaron

 

[a a r o n . k e m p f]

SQL Server does this.

Upsize,upsize, upsize.

Access is impossible to secure

 

[Wayne-I-M]

Have a look at this site
http://support.microsoft.com/?id=207793
It will give you the details you need


This site
http://www.jmwild.com/Accesssecurity.htm
gives you a step by step

Hope this helps

 

[Wayne-I-M]

Hi Arron

I thought we had gone throught this before (you are making me sound like my
dad OMG - lol)

The question that was asked was about MS Access. I doubt that your
suggestion that they scrap the DB application they have and create a new one
in with an other programme will be helpful.

 

[a a r o n . k e m p f]

fck you then data
you cannot secure a backend usign MS Access.

move to SQL

 

[Tony Toews [MVP]]

If you are working with anything that requires more than standard secutiry
(such as a bank details) you will need to have bespoke application made and
niether access or sql will do the job.

Very likely using SQL Server to store data would be secure for 99% of
the apps out there including health care, employee and financial
transaction data.

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

 

[Please Help]

Hi Wayne,

Thanks for the links to the information.

Currently, I have both of my BE and FE in a remote network directory. I
have the security setup by following step-by-step instructions from you link,
and I give the users a shortcut of FE. The users then use the shortcut to
use the database. When the users clicks on the shortcut, they have to type
in their username and password.

Even though I have the BE and FE in a remote network directory, if the users
know the UNC path, they can get to the remote directory and open the BE
database.

That is where my concern is. Is there a way I can house my BE on the
network where users have no physical access to it?

Thanks.

 

[Douglas J. Steele]

You can make it difficult for them to navigate to it (for instance, by
putting it in a hidden share so that they can't navigate directly to it),
but you cannot prevent them from being able to access it. If they can't
physically access it, they can't use it.

 

[Please Help]

Hi Douglas,

What do you mean by "putting it in a hidden share"? You mean a hidden
network directory? Even with the hidden network directory, can they still
get to the BE by typing in the UNC path? Please tell me more. Also how can
I tell my IT guy?

Also what I mean by no physical access is they can access the BE through the
secured FE shortcut, but not just by opening the BE directly.

Thanks.

 

[Douglas J. Steele]

Assuming you're dealing with a Windows Server, they're actually going via a
share, not a folder. It's common to name the share the same as the folder,
but that isn't always the case. When you create the share, put a dollar sign
at the end of its name. That means that it will not appear in Windows
Explorer. However, if the user knows the name of the share, he/she will be
still be able to get to it: they just won't be able to navigate to it.

It's not possible to have a back-end which can be connected to through a
front-end and not be able to connect directly to the back-end. Assuming
you're using Access 2003 or earler, you can use User-Level Security to
prevent them from doing anything directly with the tables, but that's the
best you can do.

 

[Please Help]

Hi Douglas,

Thanks for your continuing help.

We will be using file server, not sql server. The directory that we will
have all the BE is G:\Groups\ADB\. If I understand you correctly, I can
create a share called "BE$" in that directory and would be able to house all
my BEs. At the same time, I can make any changes to the BE anytime I wish
and would not have to worry about users having direct access to the BE. Also
the users will be able to use the database with user-level security thru
shortcut. Am I correct?

Can I also create a hidden share for FEs and would still function as
mentioned above?

One thing I have to let you know is I am not an IT administrator.
Therefore, I do not have any admin rights to the network. I only create
databases. Because of that would I still be able to make changes to the BE
in BE$ share? "G:\" is a network drive.

Again, I really appreciate for your helps.

 

[Douglas J. Steele]

There's no difference between a hidden and a non-hidden share in terms of
security.