prevent users from opening the BE

[Omar]

Hi,
My application is split into FE, BE. The FE is saved as MDE and resides in
the user's workstation while the BE is saved as MDB and resides in a Shared
folder on the server mapped to a drive letter in all workstations.
All the user have access to the Mapped Drive and the folder where the MDB
resides.
My question is, how can I prevent the users from opening the BE files on
the server so as to keep the FE as the sole way to manipulate the data.
Thanks

 

[Keith Wilby]

Hi,
My application is split into FE, BE. The FE is saved as MDE and resides in
the user's workstation while the BE is saved as MDB and resides in a
Shared
folder on the server mapped to a drive letter in all workstations.
All the user have access to the Mapped Drive and the folder where the MDB
resides.
My question is, how can I prevent the users from opening the BE files on
the server so as to keep the FE as the sole way to manipulate the data.
Thanks

You need to apply user-level security. Have a look at the example on my
website, there's a link to the MS FAQ there too. Also, search this forum
for Joan Wild's and Jeff Conrad's web sites.

Keith.
www.keithwilby.com

 

[Omar]

Hi Again,
thanks for the reply.
I did implemented the User-Level Security using the wizard, and the FE is
protected that way.
the BE wasn't joining the MDW, so after reading your post, I Opened the BE,
and joined it to the MDW.
Now, whenever i open it, the username and password dialogue box is
displayed. I logged on using a username of one of the users whose access
rights are limited to certain tables , but i managed to access other tables
that he is supposed to have no access for.
am i missing something in here?
thanks

 

[Tom van Stiphout]

Depends on how secure you want it to be. The poor-mans version is to
create an AutoExec macro with two lines:
Msgbox "Yo! You can't be here. Run the FE instead!"
DoCmd Quit

-Tom.

 

[Omar]

Wooowww...

Simple things can really be powerful things. I never thought about it...
Thanks for the tip.. I will use that.

Just curious, what is the rich-man version of it? I would apperciate any
enlightement in this domain

Regards

 

[Keith Wilby]

Hi Again,
thanks for the reply.
I did implemented the User-Level Security using the wizard, and the FE is
protected that way.
the BE wasn't joining the MDW, so after reading your post, I Opened the
BE,
and joined it to the MDW.
Now, whenever i open it, the username and password dialogue box is
displayed. I logged on using a username of one of the users whose access
rights are limited to certain tables , but i managed to access other
tables
that he is supposed to have no access for.
am i missing something in here?

By the sound of it yes. You need to create a new, blank database whilst
joined to your custom workgroup. Next you need to import your BE tables
into it. Then you need to assign permissions as appropriate (I recommend
using RWOP queries in your FE). Using the wizard doesn't give you any
insight into how ULS works so I highly recommend you read and understand the
FAQ if you want a properly secured app.

Keith.
www.keithwilby.com

 

[Tom van Stiphout]

On Thu, 1 Nov 2007 08:14:00 -0700, Omar

Workgroup security, combined with RWOP queries in your front-end. Not
for the faint of heart. Download, study, and fully understand the
Access Security FAQ from microsoft.com if you want to explore this
further.
Upsizing to SQL Server also can give you much increased levels of
security.

-Tom.

 

[Tony Toews [MVP]]

Simple things can really be powerful things. I never thought about it...
Thanks for the tip.. I will use that.

Just curious, what is the rich-man version of it? I would apperciate any
enlightement in this domain

The upper lower class version is to use the startup options to hide
the database window and display a form which basically states "B*gger
off" and a close button which closes the database.

Note though that Tom and my solution can be bypassed by using the
shift key when starting up the database.

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

 

[Omar]

Thank you very much for your advice.
I studied the FAQ thoroughly and I figured out a wonderful solution (so far)
to secure my BE ( I am using Access 2003).

I am not an expert in Dbase programming, so I would like very much to get
your opinion about what i did.

1-I logged on with my secured FE as one of the admins
2-I closed the database but not MS Access
3-I created a blank database and imported all the BE tables
4-before closing the newly created DB I took ownership of it
5-I ran the ULS wizard one more time, and chose "modify", and I just clicked
on next in every screen (didn't want to do any thing actually via wizard
except encoding the DB)
6- I quit the DB and MS Access.
7-I created a shortcut that points to the mdw file (now used for both FE and
BE)
8-I reopened the new BE using the shortcut and created the form telling the
user to get lost and added a command that can be visible or hidden based on
the CurrentUser group using the IsUserInGroup function
9-this new button changes the value of the DisableShiftKeyByPass value each
time it is clicked... et Voila... I have it secured. (so far)

is there something i am missing? I appreciate any advice

thanks

Omar

 

[Ed Metcalfe]

The upper lower class version is to use the startup options to hide
the database window and display a form which basically states "B*gger
off" and a close button which closes the database.

Note though that Tom and my solution can be bypassed by using the
shift key when starting up the database.

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

My favourite solution is to create a simple database launcher application in
VB6 which passes the user name and password credentials to MS Access in the
command line. That way the user's don't need to know their user-level
security details.

Ed Metcalfe.

 

[Keith Wilby]

Thank you very much for your advice.
I studied the FAQ thoroughly and I figured out a wonderful solution (so
far)
to secure my BE ( I am using Access 2003).

I am not an expert in Dbase programming, so I would like very much to get
your opinion about what i did.

1-I logged on with my secured FE as one of the admins
2-I closed the database but not MS Access
3-I created a blank database and imported all the BE tables
4-before closing the newly created DB I took ownership of it
5-I ran the ULS wizard one more time, and chose "modify", and I just
clicked
on next in every screen (didn't want to do any thing actually via wizard
except encoding the DB)
6- I quit the DB and MS Access.
7-I created a shortcut that points to the mdw file (now used for both FE
and
BE)
8-I reopened the new BE using the shortcut and created the form telling
the
user to get lost and added a command that can be visible or hidden based
on
the CurrentUser group using the IsUserInGroup function
9-this new button changes the value of the DisableShiftKeyByPass value
each
time it is clicked... et Voila... I have it secured. (so far)

is there something i am missing? I appreciate any advice

I think you have it covered there but I don't know why you bothered with the
wizard. Have your users test it and try to break into it yourself. There's
no substitute for testing!

Keith.
www.keithwilby.com

 

[datAdrenaline]

Along with some of the other suggestions, one of the simplest ways to prevent
folks from opening the Back End is to put a database password on it. You
will have to re-link your tables in order to prevent inaccessibility. The
pwd coupled with the AutoExec macro, works very well for me. Also, with the
"yo- you shouldn't be here" message. I create a form that looks like the
same box that pops up for critical runtime errors, and display that with a
message like "A critical error has occurred. Please contact the
administrator!", then in the OnClose event of the form, Access Quits.

 

[Paul S]

If your be is in a folder on a shared network drive, you can get your IT guy
to limit access to this folder to authorized users only. Others can access
the information through the fe only.