is it possible to make a database secure after creating it as unsecure?

[mezzanine1974]

I am new in the security option of the databases. I started to study
security and what i learned at the beginning is to create a new
workgroup and create a new user to be replaced with the default Admin
user who is member of default Admins group.

My question... If i create a new unsecure database with all tables,
queries and forms required as being default Admin user under the
default Admins group, can I make it secure completely then? I mean,
can I create a new workgroup and can i specify a new owner for this
unsecure database, so that it will be completely secure?

Is it clear?

Thanks

 

['69 Camaro]

Hi.

Is it clear?
Crystal.

If i create a new unsecure database with all tables,
queries and forms required as being default Admin user under the
default Admins group, can I make it secure completely then?
No.

I mean,
can I create a new workgroup and can i specify a new owner for this
unsecure database, so that it will be completely secure?

No. The original owner retains some permissions, even when another user is
assigned as the database owner, and all of the original owner's permissions
are manually removed, as well as removing the original owner from the Admins
group. Since the default Admin user still has permissions in the database,
he's not locked out. And since the default Admin user is universal across
all workgroups, anyone who has access to any Windows operating system with
Jet installed can open your database, because their default Admin user is
the same as your default Admin user. That's not everyone on the planet, but
it's probably well over a billion people.

Make an effort to secure the database the correct way. Don't take
shortcuts. And keep in mind that if you really need security, not merely
"hidden from novice computer users' eyes," then you shouldn't use User-Level
Security to secure your database, because anyone who really wants to break
Access security can do so with tools they can find for free or at a small
cost. Data that needs to be secured should be stored in a client/server
database, such as Oracle or SQL Server, not an Access (Jet) database.
Several of the big database vendors have free versions of their database
servers, so there are very few excuses for not securing data when
necessary -- and none of them are good ones.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
Blogs: www.DataDevilDog.BlogSpot.com, www.DatabaseTips.BlogSpot.com
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

 

[mezzanine1974]

So, there is no way to make a database secure, if you dont create a
new user to be replaced with default Admin.
You are right, I already studied the chapter which says that access
desktop databese can not be secured %100, even though provided
security wizards are art-of-science.
Fortunately, I am preparing this database for a middle scaled company
where I am working. And fortunately there is noone here who will be
able to break the security of the database. I will assign some
permission for each individual.

Thank you so much.

savas

 

['69 Camaro]

Hi.

So, there is no way to make a database secure, if you dont create a
new user to be replaced with default Admin.

Actually, there's no "replacement." Just create a new workgroup, then
create a user who will be the owner of the database, then log in as that
user and remove the Admin user from the Admins group. Ensure the Admin user
and the Users group have no permissions, including no permissions on any new
objects. Now, create a new database. Import the objects from the unsecured
database, and all objects in the new database are owned by the user you
logged in as. The default Admin user doesn't even come into play in the new
database.

And fortunately there is noone here who will be
able to break the security of the database.

That may be true today, but it may not be true tomorrow. And company
networks are broken into all too frequently by hackers, so you have to worry
about hackers you can't see breaking in and stealing the data, too.

I hope the data doesn't contain names with their SSN's.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
Blogs: www.DataDevilDog.BlogSpot.com, www.DatabaseTips.BlogSpot.com
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

 

[BruceM]

I studied all of the information I could find about user-level security, and
learned something new from just about every source, but the single most
helpful and accessible source for de-mystifying how users, groups, and
secure log-ins work was Jack MacDonald's paper, which is among the links
here:
http://www.geocities.com/jacksonmacd/
In particular, I have found the shortcut for opening Access but no
particular database while logged in as a secure user to be very helpful in
that I can open secure projects (copies, that is) to work on them.

 

[mezzanine1974]

Actually, there's no "replacement." Just create a new workgroup, then

create a user who will be the owner of the database, then log in as that
user and remove the Admin user from the Admins group. Ensure the Admin user
and the Users group have no permissions, including no permissions on any new
objects. Now, create a new database. Import the objects from the unsecured
database, and all objects in the new database are owned by the user you
logged in as. The default Admin user doesn't even come into play in the new
database.

When I done all what you described above, you are saying that database
shall be secure. It is reasonable and understandable. But, what if
someone else copy this secure database into another computer which has
default Admin user under default Admins group and running in the
default workgroup? Shall it run without any security restriction? I
mean, all imported objects had been created by someone else (again me
of course) who was default Admin under default Admins group in the
default workgroup. What i understood is that any object which created
by default Admin user will never loose assigned permissions in any
case, unlikely your descriptions above!

Shall it run without any security restriction?

 

['69 Camaro]

Hi.

When I done all what you described above, you are saying that database
shall be secure. It is reasonable and understandable. But, what if
someone else copy this secure database into another computer which has
default Admin user under default Admins group and running in the
default workgroup?

If you did as I described, then they will receive the message, "You do not
have permission to open this database file. Please see your Administrator .
.. . " when they try to open the database file, because you've previously
removed the default Admin user's permission to open databases in your secure
workgroup.

Shall it run without any security restriction? I
mean, all imported objects had been created by someone else (again me
of course) who was default Admin under default Admins group in the
default workgroup. What i understood is that any object which created
by default Admin user will never loose assigned permissions in any
case, unlikely your descriptions above!

If the default Admin user was the owner of the database when the objects
where imported, then the Admin user of any workgroup can open the database
and use it. In addition, if any other member of the Admins group in the
default workgroup owns a database, then anyone could open that database with
their own default workgroup. You _must_ create a new workgroup to secure a
database. The default workgroup cannot be used to secure a database,
because everyone else has that same workgroup, and their members of the
Admins group can open any database secured with the same workgroup.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
Blogs: www.DataDevilDog.BlogSpot.com, www.DatabaseTips.BlogSpot.com
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

 

[mezzanine1974]

You made my mind clear by means of security concept. Beginning part of
the security concept was quite complicated for me.
Thanks for your kind response.

 

['69 Camaro]

Hi.

You made my mind clear by means of security concept. Beginning part of
the security concept was quite complicated for me.
Thanks for your kind response.

You're welcome. Most of us who eventually secure a database correctly only
gave it 10 or 20 tries before we were finally successful.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
Blogs: www.DataDevilDog.BlogSpot.com, www.DatabaseTips.BlogSpot.com
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.