Ernie said:
I created user-level security and created a desktop shortcut that
everyone can copy to their desktop. When they click on the shortcut,
the security logon screen appears and everything appears to be
working fine! However, if they happen to find the actual database
file (.mdb) and click on it, the file opens with no security and full
access to change anything they want. How can I hide/secure the
actual database file or prevent them from being able to open it
without logging on?
This is a classic case of applying security incorrectly. Access security is
*Hard* and the vast majortiy of people who set it up get it wrong and most
of those don't perform the extra step of trying to open it with the wrong
workgroup as you did so they are completely oblivious to the fact that their
security is useless.
Whenever you open Access with a workgroup that doesn't prompt you to log in
you are ALWAYS logged in as the user "Admin" member of "Users". If your app
is properly secured neither of these entitites will have sufficient
permissions to open the file. The fact that people can open your file with
the default mdw file means that one of these entities still has permissions
or ownership.
It is that last (Ownership) that trips up many people. If the user "Admin"
is still the owner of the database and the objects within he will still be
able to open it and do whatever he pleases despite having zero permissions.
If you check the owner of your database object and all of the others you
will likely see that this is the case. You need to open Access with your
secure workgroup as a different user besides "Admin", create a new blank
file and import all of the objects from your current file into the new one.
This will transfer ownership of everything to that user.
You can change ownership of most objects without doing the above, but (at
least in older versions) the only way to transfer ownership of the database
object itself was to do as described above.
