All users must be admins?

[dtremain]

I have a current situation some of my customers that run a particular fuel
data software that uses access databases. I noticed that all users of the
program had to be given admin rights - and this poses a severe security risk
I know. I've tried granting permissions on the files and folders that are
affiliated with the program, along with that of the MS Office folder, but
there are forever errors coming up, sometimes a Jet(?) error or a runtime
error. After talking to the software programmer and designer I was informed
that it was due to a temporary folder that's created by Access. According to
him the temp folder only carries Admin permissions. I know this can't be
right. Unfortunately I don't have anything further to add as far as error
codes go except for error 3051. I'm afraid I'm going to get a call telling
me that someone's network is down because someone with admin rights decided
to reak havoc on the server.

Is there anyone out there who might be able to shed some light on this for
me? I know I'm not bringing much to the table to work with, but I'll get
more info as soon as I can.

Thanks in advance,
Dave

 

[Chris Mills]

They need all permissions to the folder the mdb is in, so the app can create
or delete the LDB locking file (which is automatic). That folder can be placed
on it's own somewhere.

Access itself does not create any other "temporary files or folders" and
certainly not folders, though the app may be written to for all I know.

Apart from needing read/write/delete permission to the folder the mdb is
stored in, it is not usual to grant admin permissions to users.

I'm a bit rusty on LDB's (someone will correct me if I'm wrong) but LDB's
appear in a quick data-update test to be associated with the Front-End not the
Back-End?

Chris

 

[Peter-d]

As far as my experiance is concerned, an LDB is created eveytime an MDB is
accessed (i don't use MDE so I don't know). I get an LDB for both my front
end and back end.

 

[Chris Mills]

I get an LDB for both my front end and back end.Quite right. Dunno what I did. Anyway the effect for "dtremain" is that all
mdb folders need read/write/delete.

If the table links are made via UNC naming, I suppose it would be safer than a
"shared drive".
Chris

 

[TC]

IIRC you do not get one for the db, if you open the db exclusive
read-only (/excl, /ro).

HTH,
TC

 

[david epsom dot com dot au]

Access uses the user temp folder. You would hope that your
users have access to their own temp folder, but who
knows? Look for a file called Jet<something>.tmp,
normally 0 bytes long while you have Access open and
aren't doing anything.

On my pc as I write, c:\temp\jet52d5.tmp

(david)