Securing Database

S

Sandy

Have been practising mechanics of securing database but left with few
problems :
First of all, what's the impact of creating new workgroup other than default
file of System.mdw under user\application data\micorsoft\access\..
Secondly, does users and group under User and Accounts Group options are
parent for all ms access applications i run.
I have created user rights through User level security wizard.
It created shortcut, and in which I can login in 2 users " adminisitrator"
and "sandy". When i open original file, it opens under admin. But under all
logins am not able to redefine user level security wizard etc. I dont know
where to login to access all admin functions, which I was able to do before
securing database. Also ownership has changed to administrator for all
documents.

This is quiet tedious and risky topic. Please guide me.
 
K

Keith Wilby

Sandy said:
Have been practising mechanics of securing database but left with few
problems :
First of all, what's the impact of creating new workgroup other than
default
file of System.mdw under user\application data\micorsoft\access\..
Secondly, does users and group under User and Accounts Group options are
parent for all ms access applications i run.
I have created user rights through User level security wizard.
It created shortcut, and in which I can login in 2 users "
adminisitrator"
and "sandy". When i open original file, it opens under admin. But under
all
logins am not able to redefine user level security wizard etc. I dont know
where to login to access all admin functions, which I was able to do
before
securing database. Also ownership has changed to administrator for all
documents.

This is quiet tedious and risky topic. Please guide me.

Using the wizard isn't a good idea if you want to gain an understanding of
how ULS works. Start by reading the MS FAQ on ULS (link on my webstie) and
practising on dummy files which you don't mind losing (it's easy to lock
yourself out).

HTH - Keith.
www.keithwilby.com
 
S

Sandy

Sir, Have gone as per directives mentioned in link.
But when i delete admin from admins group, am not able to perfrom any
administrative tool, as systems say u need to login as administrator. Have
changed ownership of document to my new MYADMIN, given this as member of
admins group. Please guide me.
 
S

Sandy

Also, when i change ownership of Database, it does'nt give me option to
change to my new admin user..!!
 
T

TC

You need to follow an explicit list of written instructions, adding &
omitting nothing. For example, the Access Security FAQ, often
referenced in this newsgroup.

HTH,
TC [MVP Access]
 
S

Sandy

I have created new admin login. I changed all ownership except database
object, which does'nt provide option to change. But things are working now
and am able to create new admin login, remove old admin from admins group and
create a new user..Thanks

Just last question: I need to spit database. Should i first create user
rights on my system, and then split database and giving path of backend file
 
K

Keith Wilby

Sandy said:
I have created new admin login. I changed all ownership except database
object, which does'nt provide option to change. But things are working now
and am able to create new admin login, remove old admin from admins group
and
create a new user..Thanks

Your custom admin user account should be the owner of the database object.
If it isn't then you've missed at least one step in securing your app. You
need to follow all of the steps in the FAQ in the order stated and omit
nothing.
Just last question: I need to spit database. Should i first create user
rights on my system, and then split database and giving path of backend
file
on server. Is this right procedure..

Your mdw file should be on the server, typically in the same folder as your
back end file. I prefer to split the app before I assign user permissions
but you could split it afterwards just as easily I think.

HTH - Keith.
www.keithwilby.com
 
J

Joan Wild

Sandy said:
I have created new admin login. I changed all ownership except
database object, which does'nt provide option to change. But things
are working now and am able to create new admin login, remove old
admin from admins group and create a new user..Thanks

You really should fix this, as you do not have a secure database, despite
appearances. You need to change the ownership of the database object to you
new admin user. You do this by logging in as that user, creating a new
database and importing all objects. You'll then have to re assign
permissions on the objects.
Just last question: I need to spit database. Should i first create
user rights on my system, and then split database and giving path of
backend file on server. Is this right procedure..

That's OK, but don't use the database splitter wizard, as that will result
in an unsecure backend. Split it manually instead.
See http://www.jmwild.com/SplitSecure.htm

You'll want to put the secure mdw on the server along with the backend, and
give each user a desktop shortcut to launch the secure mdb.

It's target would look like "path to msaccess.exe" "path to mdb" /wrkgrp
"path to secure mdw"
 
S

Sandy

Thanks! i tried both ways by splitter and by linking. With linking security
works and in spliiter it does'nt. In fact am able to do everything smoothly
which i posted below. I was doing this on some test files. Hence i have one
more clarifications :

"If am using codes and that codes have reference of tables which are now
residing on server. Do i have to change anything in codes like giving path of
tables database?"
 
J

Joan Wild

Sandy said:
"If am using codes and that codes have reference of tables which are
now residing on server. Do i have to change anything in codes like
giving path of tables database?"

No likely. As long as you didn't change the names of the table links, then
your code should work.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top