Prev: reThink Migration – It’s Time for Change!
Next: OpenArgs passing form/subform/control and using to requery?
From: Vincent on 2 Jun 2010 17:17 I've been doing some work with resetting the user-level security permissions on one of our databases and now am confused and have a headache. I am trying to remove all of the permissions from the admin user and its associated group (The admin user is only in the Users group). The admin user and the Users group have been stripped of all permissions, but for some silly reason I can double-click on the database and view/ edit all of the tables. However, if I try to login with the admin user using a different workgroup file, I cannot even open the database! I thought the admin user always mapped to the same SID, so I am confused as to why the database is exhibiting this behavior. Please, restore my sanity with some insight into this issue. Thanks. Vincent
From: Rick Brandt on 3 Jun 2010 01:48 Vincent wrote: > I've been doing some work with resetting the user-level security > permissions on one of our databases and now am confused and have a > headache. > > I am trying to remove all of the permissions from the admin user and > its associated group (The admin user is only in the Users group). The > admin user and the Users group have been stripped of all permissions, > but for some silly reason I can double-click on the database and view/ > edit all of the tables. However, if I try to login with the admin > user using a different workgroup file, I cannot even open the > database! I thought the admin user always mapped to the same SID, so > I am confused as to why the database is exhibiting this behavior. > > Please, restore my sanity with some insight into this issue. Admin is still the owner of everything.
From: Access Developer on 2 Jun 2010 20:04 "Rick Brandt" <rickbrandt2(a)hotmail.com> wrote > Admin is still the owner of everything. Yes, a key step is changing ownership of the database. That's why I advise scanning, reading, carefully re-reading, and repeating the careful re-reading until you are completely oversaturated with Access Security, the Access Security FAQ. It is 39 pages of pertinent information, with no "filler" material. In Access 2.0 days, author Roger Jennings described Access' Security as "labrynthine" and that is still an accurate assessment. Find the Security FAQ via http://support.microsoft.com/kb/207793. There is another FAQ for Security in 2007, if you are a member of Microsoft Software Developer Network (MSDN), http://msdn2.microsoft.com/en-us/library/bb421308.aspx. Larry Linson, Microsoft Office Access MVP Co-author: "Microsoft Access Small Business Solutions", published by Wiley Access newsgroup support is alive and well in USENET comp.databases.ms-access
From: Vincent on 3 Jun 2010 10:40 On Jun 2, 8:04 pm, "Access Developer" <accde...(a)gmail.com> wrote: > "Rick Brandt" <rickbran...(a)hotmail.com> wrote > > > Admin is still the owner of everything. > > Yes, a key step is changing ownership of the database. That's why I advise > scanning, reading, carefully re-reading, and repeating the careful > re-reading until you are completely oversaturated with Access Security, the > Access Security FAQ. It is 39 pages of pertinent information, with no > "filler" material. In Access 2.0 days, author Roger Jennings described > Access' Security as "labrynthine" and that is still an accurate assessment. > Find the Security FAQ viahttp://support.microsoft.com/kb/207793. > > There is another FAQ for Security in 2007, if you are a member of Microsoft > Software Developer Network (MSDN),http://msdn2.microsoft.com/en-us/library/bb421308.aspx. > > Larry Linson, Microsoft Office Access MVP > Co-author: "Microsoft Access Small Business Solutions", published by Wiley > Access newsgroup support is alive and well in USENET > comp.databases.ms-access The ownership of all items has been removed from the admin user. I am wondering if this is a bug. I found the following statement in the MS Access Security FAQ: "The Access 2000 Security Wizard removes permissions to the point where they are not visible on the security menus, but testing has revealed that in Access 2000 it is possible to open a database by using the default workgroup information file regardless of the menu settings. The cure for both versions of Access is to create a new, empty database while logged on as a member of the Admins group and import all of the objects from the secured database...." I am using an Access 2000 format database, so this may be the issue. I don't look forward to reimporting all of the objects in all of the databases that we manage. Does anyone know of a different "fix" for this issue?
From: Vincent on 3 Jun 2010 16:51 On Jun 3, 10:40 am, Vincent <animedrea...(a)verizon.net> wrote: > On Jun 2, 8:04 pm, "Access Developer" <accde...(a)gmail.com> wrote: > > > > > "Rick Brandt" <rickbran...(a)hotmail.com> wrote > > > > Admin is still the owner of everything. > > > Yes, a key step is changing ownership of the database. That's why I advise > > scanning, reading, carefully re-reading, and repeating the careful > > re-reading until you are completely oversaturated with Access Security, the > > Access Security FAQ. It is 39 pages of pertinent information, with no > > "filler" material. In Access 2.0 days, author Roger Jennings described > > Access' Security as "labrynthine" and that is still an accurate assessment. > > Find the Security FAQ viahttp://support.microsoft.com/kb/207793. > > > There is another FAQ for Security in 2007, if you are a member of Microsoft > > Software Developer Network (MSDN),http://msdn2.microsoft.com/en-us/library/bb421308.aspx. > > > Larry Linson, Microsoft Office Access MVP > > Co-author: "Microsoft Access Small Business Solutions", published by Wiley > > Access newsgroup support is alive and well in USENET > > comp.databases.ms-access > > The ownership of all items has been removed from the admin user. I am > wondering if this is a bug. I found the following statement in the MS > Access Security FAQ: > > "The Access 2000 Security Wizard removes permissions to the point > where they are not visible on the security menus, but testing has > revealed that in Access 2000 it is possible to open a database by > using the default workgroup information file regardless of the menu > settings. The cure for both versions of Access is to create a new, > empty database while logged on as a member of the Admins group and > import all of the objects from the secured database...." > > I am using an Access 2000 format database, so this may be the issue. > I don't look forward to reimporting all of the objects in all of the > databases that we manage. Does anyone know of a different "fix" for > this issue? Okay--for those others that are thoroughly confused by Access security, I THINK what happened in my posted scenario was that a couple of the databases were created with the default system.mdw file instead of our custom workgroup file. This accounted for the different behavior I saw in the admin account. Recreating the database with the custom workgroup file and reimporting all of the tables seems to have corrected the issue I was seeing. Also, if anyone is struggling with Access security, I came across a nice website. It is a nice complement to the Access Security FAQ mentioned above. http://www.grahamwideman.com/gw/tech/access/accesssec/index.htm Cheers, Vincent
|
Next
|
Last
Pages: 1 2 Prev: reThink Migration – It’s Time for Change! Next: OpenArgs passing form/subform/control and using to requery? |