Hiding Backend Files

[Sprinks]

I have implemented security on the front- and back-end files for a timesheet
application, and after 2 days of testing, everything seems to be working as
expected. It occurs to me, however, that there is nothing preventing a
legitimate user or anyone who can gain casual access to our network from
accidentally or purposefullly deleting the back-end files. Can anyone
suggest any strategies?

Thank you.
Sprinks

 

[Ray]

Unfortunately, MS Access does not provide a way to do this. Keep in mind that
Access files are like any other files in your network. Perhaps you might want
to talk to your network administrator to prevent the deletion of files.

When all else fails, always have a backup.

 

[Sprinks]

Thanks, Ray.

Sprinks

Unfortunately, MS Access does not provide a way to do this. Keep in mind that
Access files are like any other files in your network. Perhaps you might want
to talk to your network administrator to prevent the deletion of files.

When all else fails, always have a backup.

 

[Joan Wild]

You can't do much since users need almost full permissions on the folder.
You can remove the delete permission on the *file*, however the next time it
is compacted, the resulting file will inherit the folder permissions, so
you'd have to remove the delete permission again on the file.

Another idea is to put the backend/mdw files in a hidden folder. Users
won't see it in Windows Explorer (they could still get to the folder if they
know the path, so don't tell them). \\servername\share$ rather than
\\servername\share will hide it.

 

[Ray]

If a compacted file inherits the folder permissions, how about making sure
that the folder permissions not have DELETE premission from the start. Sorry,
I'm not a network expert. Or how about allowing only the administrator to
copy the file, compact it somewhere else, and re-copying the compacted
version back in the folder. This will bring the database off-line for a while
but it's worth the sacrifice.

 

[Sprinks]

Joan,

Thank you; a hidden folder will work great. Most of my concern is about
casual, accidental deletion.

Sprinks

 

[Granny Spitz via AccessMonster.com]

how about making sure
that the folder permissions not have DELETE premission from the start.

The downside to this technique is that the locking database file won't be
deleted when the last user exits the database, which can cause problems in a
multuser database. Not to mention about the inability to compact the
database, but you addressed that issue elsewhere.

Or how about allowing only the administrator to
copy the file, compact it somewhere else, and re-copying the compacted
version back in the folder.

A user only needs read permission to copy the file and write permission to
create a new file, so all users except the Administrator would need to be
denied read permissions on the mdb file (or even the files in the directory)
to prevent them from copying the file, and they would need to be denied write
permissions on the directory to prevent them from writing a new file in that
directory (the file that was compacted elsewhere). Unfortunately, any user
who can't read the mdb file also can't open it, so only the Administrator
would be able to use the database if this technique were employed. And any
user who doesn't have write permissions in the directory can't create the LDB
file, so the mdb file would only be opened in exclusive mode, which puts
shackles on a multiuser database.

 

[Joan Wild]

Users need delete permission on the folder in order to be able to delete the
associated ldb file.