R
ragtopcaddy via AccessMonster.com
How do I do it? What should the shortcut property look like?
Thanks,
Bill R
Thanks,
Bill R
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
6
'69 Camaro
Hi, Bill.
Try: (watch out for word wrap, as this is all one line)
"<Full path to Office>\MSAccess.EXE" "<Full path to DB>\MyDB.MDB" /wrkgrp
"<Full path to secure workgroup>\Secure.MDW" /decompile
HTH.
Gunny
See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.
How do I do it? What should the shortcut property look like?
Try: (watch out for word wrap, as this is all one line)
"<Full path to Office>\MSAccess.EXE" "<Full path to DB>\MyDB.MDB" /wrkgrp
"<Full path to secure workgroup>\Secure.MDW" /decompile
HTH.
Gunny
See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.
R
ragtopcaddy via AccessMonster.com
Gunny,
Thanks a million.
BTW: I have a '75 Eldorado ragtop myself!
Bill R
Thanks a million.
BTW: I have a '75 Eldorado ragtop myself!
Bill R
R
ragtopcaddy via AccessMonster.com
Gunny,
I was just testing the secured mdb. I opened the db by double-clicking on the
file in explorer. That logged me in as Admin. My implementation of security
on this db removed all permissions on all objects for the Users group. Admin
is removed from the Admins group and only has Users permissions. I couldn't
change any data in the tables, which is what I wanted. However, I could click
on command buttons and run code that makes changes to other objects, such as
killing files on the server in anticipation of creating new versions, which
will not happen because Admin can't write to tables in the database. How do I
deal with this possibility? It would be nice if command buttons or VBA
procedures were subject to security restrictions, but that's apparently not
the case.
Thanks,
Bill R
I was just testing the secured mdb. I opened the db by double-clicking on the
file in explorer. That logged me in as Admin. My implementation of security
on this db removed all permissions on all objects for the Users group. Admin
is removed from the Admins group and only has Users permissions. I couldn't
change any data in the tables, which is what I wanted. However, I could click
on command buttons and run code that makes changes to other objects, such as
killing files on the server in anticipation of creating new versions, which
will not happen because Admin can't write to tables in the database. How do I
deal with this possibility? It would be nice if command buttons or VBA
procedures were subject to security restrictions, but that's apparently not
the case.
Thanks,
Bill R
6
'69 Camaro
Ooooohh! Nice!
Gunny
See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.
Gunny
See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.
6
'69 Camaro
Hi, Bill.
It's not properly secured if the default Admin user can open the database.
You should also remove the ability of the Users group to open the database.
Any member of the Users group shouldn't be able to open the database, unless
he's also a member of another group.
Don't give permissions to open/run those forms except to the groups that are
authorized. Create an MDE database file and unauthorized users can't go to
the VB Editor and run code, either.
HTH.
Gunny
See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.
That logged me in as Admin.
It's not properly secured if the default Admin user can open the database.
My implementation of security
on this db removed all permissions on all objects for the Users group.
You should also remove the ability of the Users group to open the database.
Any member of the Users group shouldn't be able to open the database, unless
he's also a member of another group.
However, I could click
on command buttons and run code that makes changes to other objects
Don't give permissions to open/run those forms except to the groups that are
authorized. Create an MDE database file and unauthorized users can't go to
the VB Editor and run code, either.
HTH.
Gunny
See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.
R
ragtopcaddy via AccessMonster.com
Gunny,
My intention was for everyone to be able to open the db and look at info.
With the exception of the command buttons, this is working just fine. I don't
mind people seeing the data or opening forms and reports, I just don't want
them to edit, add, or delete data, including txt files on the server. I don't
see any way to accomplish this short of an additional security layer in the
form of a table that contains NT logon names and the examination of the user
to entries in that table at the beginning of procedures that make changes. Do
you concur?
Bill R
My intention was for everyone to be able to open the db and look at info.
With the exception of the command buttons, this is working just fine. I don't
mind people seeing the data or opening forms and reports, I just don't want
them to edit, add, or delete data, including txt files on the server. I don't
see any way to accomplish this short of an additional security layer in the
form of a table that contains NT logon names and the examination of the user
to entries in that table at the beginning of procedures that make changes. Do
you concur?
Bill R
'69 Camaro said:Hi, Bill.
That logged me in as Admin.
It's not properly secured if the default Admin user can open the database.
My implementation of security
on this db removed all permissions on all objects for the Users group.
You should also remove the ability of the Users group to open the database.
Any member of the Users group shouldn't be able to open the database, unless
he's also a member of another group.
However, I could click
on command buttons and run code that makes changes to other objects
Don't give permissions to open/run those forms except to the groups that are
authorized. Create an MDE database file and unauthorized users can't go to
the VB Editor and run code, either.
HTH.
Gunny
See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.
[quoted text clipped - 45 lines]Gunny,
6
'69 Camaro
Hi, Bill.
Not quite. One cannot put up a fence halfway around a perimeter and expect
it to keep the area secured. You also need to convert the file to an MDE
database file to protect the code from being viewed or changed. You need to
use RWOP queries so that the default Admin user can only see the data he's
supposed to see. The Users group has no permissions on any tables
whatsoever. Don't use the Environ variables to check the current user,
because those are subject to change at runtime, after the user has logged
in.
HTH.
Gunny
See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.
Do
you concur?
Not quite. One cannot put up a fence halfway around a perimeter and expect
it to keep the area secured. You also need to convert the file to an MDE
database file to protect the code from being viewed or changed. You need to
use RWOP queries so that the default Admin user can only see the data he's
supposed to see. The Users group has no permissions on any tables
whatsoever. Don't use the Environ variables to check the current user,
because those are subject to change at runtime, after the user has logged
in.
HTH.
Gunny
See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.
ragtopcaddy via AccessMonster.com said:Gunny,
My intention was for everyone to be able to open the db and look at info.
With the exception of the command buttons, this is working just fine. I
don't
mind people seeing the data or opening forms and reports, I just don't
want
them to edit, add, or delete data, including txt files on the server. I
don't
see any way to accomplish this short of an additional security layer in
the
form of a table that contains NT logon names and the examination of the
user
to entries in that table at the beginning of procedures that make changes.
Do
you concur?
Bill R
'69 Camaro said:Hi, Bill.
That logged me in as Admin.
It's not properly secured if the default Admin user can open the database.
My implementation of security
on this db removed all permissions on all objects for the Users group.
You should also remove the ability of the Users group to open the
database.
Any member of the Users group shouldn't be able to open the database,
unless
he's also a member of another group.
However, I could click
on command buttons and run code that makes changes to other objects
Don't give permissions to open/run those forms except to the groups that
are
authorized. Create an MDE database file and unauthorized users can't go
to
the VB Editor and run code, either.
HTH.
Gunny
See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.
[quoted text clipped - 45 lines]Gunny,Bill R
R
Rick Brandt
'69 Camaro said:Hi, Bill.
Not quite. One cannot put up a fence halfway around a perimeter and
expect it to keep the area secured. You also need to convert the
file to an MDE database file to protect the code from being viewed or
changed. You need to use RWOP queries so that the default Admin user
can only see the data he's supposed to see. The Users group has no
permissions on any tables whatsoever. Don't use the Environ
variables to check the current user, because those are subject to
change at runtime, after the user has logged in.
Actually, if you have a "base level" of user access you want to give most users
you can grant those permissions to the Users group and "normal users" will then
be able to use any workgroup, not have to log in, yet will still be restricted
to the permissions you give to the Users group. The use of logins and
particular workgroup files can then be restricted to those who need higher
authorities than the base group.
Lots of people secure their apps this way and only the developer actually uses
the secure MDW file which is not even included with the app.
R
ragtopcaddy via AccessMonster.com
Rick,
Yes, this is the method I'm using. My concern is not for proprietary or
confidential data, but primarily for "accidental death and dismemberment" of
my app by reckless users and tinkers. Also, in this particular app, there are
procedures that overwrite text files on the server and I need to be sure
those actions are not inadvertently executed.
Thanks for your help,
Bill
Yes, this is the method I'm using. My concern is not for proprietary or
confidential data, but primarily for "accidental death and dismemberment" of
my app by reckless users and tinkers. Also, in this particular app, there are
procedures that overwrite text files on the server and I need to be sure
those actions are not inadvertently executed.
Thanks for your help,
Bill
Rick said:[quoted text clipped - 9 lines]Hi, Bill.variables to check the current user, because those are subject to
change at runtime, after the user has logged in.
Actually, if you have a "base level" of user access you want to give most users
you can grant those permissions to the Users group and "normal users" will then
be able to use any workgroup, not have to log in, yet will still be restricted
to the permissions you give to the Users group. The use of logins and
particular workgroup files can then be restricted to those who need higher
authorities than the base group.
Lots of people secure their apps this way and only the developer actually uses
the secure MDW file which is not even included with the app.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.