Klatuu said:
Thanks, Rick.
I have the world's worst kind of user. That is the one who has an
once of technical knowledge and wants to make design decisions. He
once tried to use security and locked all his databases up, so is
saying "We need good security, but Access Security is to cumersome
and hard to use, let's write our own. And, I don't want us to have
to enter a password if we are using other Access mdbs on our own."
I, of course, am campaigning for using Access security. The problem
is, that even though I have been writing Access Apps for 7 years, I
have never had the opportunity to use Access Security. Home grown
has always been imposed on me.
The short of it is, I know I have a learning curve, but I have to
convince the powers that be it is the best method.
My opinion only, but I think the biggest problem for people trying to learn
security is trying it on the big complete app that they just spent a lot of time
creating. If you start out by just trying to get a completely empty file
properly secured then you are 90% home.
You create a new MDW. Open a new blank file using the new MDW and set up a
password on Admin, create a new "master" group with one user and then strip
Admin and Users from all rights (including rights on newly created objects).
Then you throw that file away (because Admin owns it), and restart Access using
the new user and try it out on a another new file.
The above steps might not be complete, but my point is that once you accomplish
the basic task of having an MDB file (even an empty one) that cannot be opened
with any workgroup file except the secured one you created then you can easily
progress from that point. Any new files you create while using that workgroup
will automatically be secured. All that is left is setting permissions on
individual objects which might be "tedious", but is not complex or difficult.
For existing apps you just start with a new blank secured file, make sure that
Admin and Users have no rights to "new" objects of any kind and then import
everything from the desired file. Since all of the imported objects are "new"
then they should automatically be inaccessible to Admin and Users and your
database object ownership is already taken care of since you created the file
with your new master account.