Access security
Clive Read
Using MS Access 2002
I am setting up security on my database so that the users are forced
to enter their own name which in turn is then used to audit exactly
who is making changes.
The question is, on creating a workgroup admin file *.mdw if I delete
it I can replace it with any other and then join to that other mdw
which makes a nonsence out of using it in the first place.
What am I doing wrong as I am sure that once this file has been
deleted, the only method of opening a database is to either replace
it with a backup copy of the mdw OR recreate it from the information
saved.
One other question, is it wise to make a default mdw that covers all
databases and will this affect the backend too. My database is opened
from outbased locations too, so I am assuming that provided I send a
copy of the mdw to those locations then they will be locked into the
same security as in our office.
Many thanks once again
Clive
Keith Wilby
Hi Clive.
If you can replace your mdw file (WIF) with any other then your application
is not secure. Have you checked out the Security White Paper in the MS
Knowledge Base? It's essential reading for this subject. Also, I've
produced a guide to user-level security which you can view via my website
at www.keithwilby.org.uk which may help.
Always keep a backup of your WIF - I'm not aware of a method of recreating
them.
To address your final point, the WIF should ideally be in a shared area on
a server so that all your users can access it.
HTH - Keith.
Fletcher Arnold
Hi Clive.
>
> If you can replace your mdw file (WIF) with any other then your
application
> is not secure. Have you checked out the Security White Paper in the MS
> Knowledge Base? It's essential reading for this subject. Also, I've
> produced a guide to user-level security which you can view via my website
> at www.keithwilby.org.uk which may help.
>
> Always keep a backup of your WIF - I'm not aware of a method of recreating
> them.
>
> To address your final point, the WIF should ideally be in a shared area on
> a server so that all your users can access it.
>
> HTH - Keith.
You can re-create your WIF. But only if have kept a note of the original
info you used to create it in the first place - PID's etc. The security
wizard prompts you to keep an Access snapshot report of the information,
which you can print out and keep in a safe place.
Fletcher
Jeremy Wallace
Yeah, Access security is a great tool for what you're doing. You should
definitely check out the Access Security White Paper/FAQ. It's on the MS
site, but it moves so often I put a copy of it on my website, so I can
always refer to it. It's dense, and most people have to read it a few times
before it all sinks in. But it's well worth it.
Once a database is properly secured, you _will not_ be able to get into it
without using the proper mdw. That one's a hard and fast rule. If you can
use another mdw, you missed a step in securing the database.
It's not a good idea to use one mdw for _all_ of your databases. It may be a
good idea to use one mdw for all of your _secured_ databases, if you are
developing in-house. (If you're a consultant, you clearly don't want to be
sending the same security file to multiple clients!) But you don't want to
force users to join a particular workgroup, as that means that they will
have to log on even when they open up the database they made to track all of
the different kinds of donuts they eat in the morning. Instead, you want to
use either shortcuts or batch files to open your databases.
The easy way to do this is to make a shortcut of a database that has
something like this in the "target" parameter:
"fullPath\MsAccess.exe" "FullPath\YourDatabase.mdb" /wrkgrp
"FullPath\YourWIF.mdw"
This tells the OS to open Access, open your database, and use your workgroup
to establish correct security.
If you're going to be distributing your applications to multiple users, you
should have your database split into a front end and a back end, with the
front end getting copied to the user's PC only when a new version is needed.
I've come up with a nifty little system of doing this using batch files. If
you're interested in that, check out the "Deploying Databases" article in
the Developers' section of my website.
Hope this helps.
Jeremy
--
Jeremy Wallace
AlphaBet City Dataworks
http://www.AlphaBetCityDataworks.com
"Clive Read" <olim...@lineone.net> wrote in message
news:d93dc0c7.0301...@posting.google.com...
Keith Wilby
> You can re-create your WIF. But only if have kept a note of the original
> info you used to create it in the first place - PID's etc. The security
> wizard prompts you to keep an Access snapshot report of the information,
> which you can print out and keep in a safe place.
>
> Fletcher
>
I stand corrected. Thanks Fletcher.
TC
You just recreate one (from scratch) using the same values for company
name, organization name, workgroup ID, and (for each user) username &
PID that you did before. For that reason, it's probably more sensible
to backup *those values*, rather than the file itself. If the backup
*file* is corrupted (& you don't have the values), you have a problem.
But if the backup *values* are available, you can always recreate the
file.
TC
Shuffs
Just viewed your web site and just want to say how helpful it was, not
only about security, but describing (and walking through) the batch
file process.
after reading many posts on the subject (using Batch files), your
guide has clarified some complications and misunderstandings I had. I
hope to be looking to use some of this in the future.
Many thanks.
Phil
"Jeremy Wallace" <ne...@ymerej.com> wrote in message news:<ffidnTRT9YF...@giganews.com>...