More ULS Problems

[Alex T. Martínez]

Ladies and Gentlemen:

I’m having a problem with ULS similar to the one discussed in one of the
blows below (ULS Flaw?). I’m running MS Access 2003 on Windows XP. I’ve
already created all the groups and users, and have assigned all the
permissions; all under a new workgroup. Lastly I ran the ULS Wizard which
created the .bak file and gave me the nice summery report at the end. I
checked the ownerships, to include that of the database itself, and none of
the objects are owned my Admin.

That said, I can still sign in to a different workgroup (i.e. the original
system.mdw file) and can access the file without any challenge. Did I miss a
step in securing the file? Is there a way to verify that the file is
actually secured? Please help.


A-Mart

 

[Scott McDaniel]

Ladies and Gentlemen:

I’m having a problem with ULS similar to the one discussed in one of the
blows below (ULS Flaw?). I’m running MS Access 2003 on Windows XP. I’ve
already created all the groups and users, and have assigned all the
permissions; all under a new workgroup. Lastly I ran the ULS Wizard which
created the .bak file and gave me the nice summery report at the end. I
checked the ownerships, to include that of the database itself, and none of
the objects are owned my Admin.

That said, I can still sign in to a different workgroup (i.e. the original
system.mdw file) and can access the file without any challenge. Did I miss a
step in securing the file? Is there a way to verify that the file is
actually secured? Please help.

Yes, you obviously missed a step, since with a correctly secured database you would not be able to log in with a
different workgoup.

I suggest using the .bak file (which is basically your original file) and trying this again, expect using either (a) the
Security wizard to do the entire security process or (b) doing the entire process yourself by following Joan Wild's
process: http://www.jmwild.com/Accesssecurity.htm (see the step by step instructions). Don't forget to make a copy of
your file first, just in case.

Scott McDaniel
scott@takemeout_infotrakker.com
www.infotrakker.com

 

[Chris Mills]

At this stage, you should be able to logon as (say)(a user who you say should
not have permissions)(or any other way probably), and go through the User and
Group permissions and FIND OUT which user or group has such permissions when
they should not have. Starting with Database Permissions and going through
other objects as well.

One of the criticisms of Security Wizard, apart from potential bugs in the
wizard vs ULS (which may or may not be true), is that it shields you from a
full understanding of ULS. I believe, in the longer term, you MUST be capable
of going through the users and groups, and many objects of course, to see
where an errant permission lies. One school of thought, is that "wizards" just
try to hide this understanding from you!

The obvious thing, is that NO permissions should be assigned to any standard
user or group supplied in a default Access program.

I agree that some "step" must have been missed. And that the SecFAQ seems to
list the Sec Wizard as a step. But I do not agree that the Wizard should be
used at all!!! (for evidence, your own post)

HTH
Chris

(I have never used the security wizard, probably because I didn't know about
it when I started!)

(for a free alternate security analyser, same info as in-built but arguably
more presentable, see this tool -which is nothing to do with me- :
http://www.grahamwideman.com/gw/tech/access/permexpl/index.htm

) (closing bracket)

 

[Alex T. Martínez]

I really hate to keep pestering, but, after printing out the step-by-step
instructions and doing exactly what they said, I can still open the “secureâ€
file by joining the default workgroup (system.mdw). The shortcut works fine
since it automatically joins you to the right workgroup, but opening the root
file is another story. The step-by-step instructions suggested that I
shouldn’t be able to open that file at all, but that’s not the case. What
did I miss? Thanks for the prompt response, btw.

A-Mart

 

[Rick Brandt]

I really hate to keep pestering, but, after printing out the
step-by-step instructions and doing exactly what they said, I can
still open the "secure" file by joining the default workgroup
(system.mdw). The shortcut works fine since it automatically joins
you to the right workgroup, but opening the root file is another
story. The step-by-step instructions suggested that I shouldn't be
able to open that file at all, but that's not the case. What did I
miss? Thanks for the prompt response, btw.

There's a very simple concept that expalins that. When you open a file with a
workgroup that does not require a login, then you are doing so as the user
'Admin', member of the group 'Users'.

In a properly secured file neither of those entities should have any permissions
or own any of the objects (including the database object).

If you can open your file with a workgroup that does not prompt you to log in
then either 'Admin' or 'Users' has some permissions or owns the database. There
can be no other explanation.

 

[Alex T. Martínez]

I finally got it to work (had to do the whole thing over again). I read in
one of the earlier blogs that there is a way to do this without using the ULS
Wizard. I've never had good experience with MS Wizards, and I avoid them
like the plague. I'd rather learn how to do it manually if at all possible.
Again, thanks for all the help and advise!


A-Mart

 

[Chris Mills]

This suggests there may be a bug with the Wizard. But I wouldn't know, since
(as stated) I have never used the wizard.

If there IS a bug with the wizard then:
a) it is bad that MS hasn't fixed it?
b) it is bad that it's a listed step in the SecFAQ last time I checked (cant
be bothered right now)

From my brief reading of the previous thread "ULS Flaw?" (until it
exited-right off my screen due to it's length), I got the impression that it
sounded like a WIZARD BUG (???)

This sort of stuff, Bugs in Wizards, IF true, surely newbies could do without?
Especially since wizards are hopefully there specifically to assist newbies?
Oh I give up, I'm getting myself into a circular loop... ;-)
Chris

 

[Jan Kowalski]

U¿ytkownik "Alex T. Martínez" <[email protected]>
napisa³ w wiadomo¶ci
news:[email protected]...