Permission probs w/Split database for Access97 & Access2003 Multi-

T

tiskal

I've successfully split an Access 97 database and set up an identical front
end in Access2003. I've verified multiple times that my user group
permissions are defined identically for the tables in the back end as well as
the tables and all other objects in both versions (97 & 2003) of the front
end. However, with the Accesss 2003 front end, I've determined that users in
Groups with no Administrator nor "Modify design" rights to any database
objects can if fact change object permissions. I don't have the problem with
the Access97 front end nor the back end databases. I did have to create the
2003 front end by importing the objects from the 97 database. I'm only
working with copies right now and not the original database. Any advice on
how to eliminate this problems will be greatly appreciated.
 
G

Guest

Access has two different kinds of Administrator.

1) Administer Security (member of the admins group used to create the
database)

2) Administer Database objects (has admin permission on the object).

You should probably re-create the A2000 FE, making sure again
that you know which Workgroup File is in use, and which User
is the owner of the new objects.

microsoft.public.security is a good place to ask this kind of question.

(david)
 
T

tiskal

Thanks for the feedback David. I presently have Administer rights for the
database and all its objects and actually am the owner of all the subject
database objects.

Would it help if I create a different workgroup to set up these "new" test
BE & FE databases instead of using the same workgroup that I'm using for my
existing A97 on-line, multi-user, multi-facility database? When I try using
the A2003 software's "Convert database" command and pick my A97FE for
conversion, I get a message telling me I don't have the rights to do so. As I
mentioned I got around this by creating the A2003FE version of the database
by importing all objects. Do these facts shed any more light on the problems
I'm encountering?

Thanks again for your assistance!
 
D

david epsom dot com dot au

When you imported all the objects to a new database,
you said that anyone who was a member of the A2003
Admins Group could control security, (including Admin,
the default user, who by default is a member of the
default Admins Group)

You now need to secure the new database. To do
so you will need to import all of the objects into
a secured database, while logged in to a secure
workgroup as a secure user.

Forget about having Administer rights for the
database. That is not relevant. Forget about it:
it is not relevant. The Administer rights for
the database are not relevant.

What is important is the Admins Group of the security
workgroup used to create the database.

The Admins Group of the security workgroup used
to create the database is not something you can
easily check or look at. It is not shown in the
security settings. The only way to be sure about
the Admins Group used to create a database is to
plan carefully, act methodically, and record
everything you do.

Normally, you might plan to use the same workgroup
for the A97 and the A2000 database. You would have
to join the A97 workgroup to do that.

Another common idea is to use a completely
different workgroup for database creation,
so that your distribution workgroup does not
contain the Admins Group used to create the
database. To do that you have to record how
you create any security groups, so that you
can create the security groups in both databases.

microsoft.public.security is a good place to ask this kind of question.

(david)
 
T

tiskal

Thanks again David. This really helps clarify things for me. I will go the
route of setting up and using a completely different workgroup for creating
the A2000 FE database.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top