Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

A2007 Security

27 views
Skip to first unread message

zucke...@gmail.com

unread,
Nov 20, 2009, 8:01:16 PM11/20/09
to
My current security process (with A2000) involves:

BackEnd:
- Autoexec macro with DoCmd.Quit
- All tables hidden (prevents unauthorized linking)

FrontEnd:
- Has Startup form

Both Ends:
- AllowSpecialKeys = False (prevents F11)
- AllowByPassKey = False (prevents holding Shift during startup)
- StartUpShowDBWindow = False
- AllowBuiltInToolbars = False
- AllowFullMenus = False
- AllowShortcutMenus = False
- AllowBreakIntoCode = False

The main security hole (and my developer access) was to use an
auxiliary database with VBA code that alters the frontend or backend
AllowByPassKey property. Then I could open the frontend or backend,
make my developer changes, and reset the AllowByPassKey property.

Unless someone created their own auxiliary database like mine, they
couldn't hack into the frontend or backend. This level of security
seems adequate for my organization.

This worked well with A2000. But now with A2007, the ribbon has the
Quick Access Toolbar. The QAT has a small dropdown arrow on the right-
side that lets the user select
More Commands -> Current Database -> change the "Use Access Special
Keys" property. They can also change the startup form. Then the user
can close the database & re-open and the F11 key gives him the
Navigation Pane and all of the tables. Thus they have defeated the
security without needing an "auxiliary" database of their own,

Is there a way to allow the use of the ribbon and/or the QAT without
allowing the user to access the Current Database settings?

I realize that I can use
DoCmd.ShowToolbar "Ribbon", acToolbarNo
But then users lose access to simple buttons like
- Sort Ascending
- Sort Descending
- Binoculars
- Filter By Form
- Form View
- Datasheet View
- Print

Any other suggestions?

Thanks,
Fred

Sky

unread,
Nov 22, 2009, 11:44:57 PM11/22/09
to

You can disable the Access options and perhaps the QAT More Commands as
well (I think, I can't remember exactly) using something like the
following in your ribbon:

<commands>
<!-- disable options dialog and QAT More Commands -->
<command idMso="ApplicationOptionsDialog" enabled="false"/>
</commands>

You can repurpose the options dialog with your own callback function,
e.g. named "CustomOnActionCommand" in the following, but I believe the
QAT More Commands is still accessible:

<commands>
<!-- repurpose options dialog -->
<command idMso="ApplicationOptionsDialog" enabled="true"
onAction="CustomOnActionCommand"/>
</commands>


What I do is build my own ribbon from scratch, and then you can create
your own QAT as well:

<ribbon startFromScratch="true">
<qat>
<documentControls>
<control idMso="FileNewDatabase" visible="false"/>
<control idMso="FileOpenDatabase" visible="false"/>
<control idMso="FileSave" visible="true"/>
...

- Steve

zucke...@gmail.com

unread,
Nov 24, 2009, 10:41:27 AM11/24/09
to
>
> You can disable the Access options and perhaps the QAT More Commands as
> well (I think, I can't remember exactly) using something like the
> following in your ribbon:
>
> <commands>
>    <!-- disable options dialog and QAT More Commands -->
>    <command idMso="ApplicationOptionsDialog" enabled="false"/>
> </commands>
>
> You can repurpose the options dialog with your own callback function,
> e.g. named "CustomOnActionCommand" in the following, but I believe the
> QAT More Commands is still accessible:
>
> <commands>
>    <!-- repurpose options dialog -->
>    <command idMso="ApplicationOptionsDialog" enabled="true"
>        onAction="CustomOnActionCommand"/>
> </commands>
>
> What I do is build my own ribbon from scratch, and then you can create
> your own QAT as well:
>
> <ribbon startFromScratch="true">
>    <qat>
>      <documentControls>
>        <control idMso="FileNewDatabase" visible="false"/>
>        <control idMso="FileOpenDatabase" visible="false"/>
>        <control idMso="FileSave" visible="true"/>
>        ...
>
> - Steve- Hide quoted text -
>
> - Show quoted text -

Steve,
I think you may be referring to XML commands to create a customized
ribbon. I've seen that concept published at MSDN/Microsoft.com. I
don't understand XML, but I'll take another look. I like the idea of
removing the ribbon completely, if I can leave the QAT and remove the
small dropdown arrow to the right of the QAT. Then I'll populate the
QAT with just the buttons I prefer.
Thanks,
Fred

Sky

unread,
Nov 24, 2009, 12:07:52 PM11/24/09
to
zucke...@gmail.com wrote:
>
> Steve,
> I think you may be referring to XML commands to create a customized
> ribbon. I've seen that concept published at MSDN/Microsoft.com. I
> don't understand XML, but I'll take another look. I like the idea of
> removing the ribbon completely, if I can leave the QAT and remove the
> small dropdown arrow to the right of the QAT. Then I'll populate the
> QAT with just the buttons I prefer.
> Thanks,
> Fred

If you want to hide the ribbon completely:
DoCmd.ShowToolbar "Ribbon", acToolbarNo

The above also removes the QAT completely.

You can also use Access 2003-style menus and toolbars if you create your
own. From Access Options (Alt-F, I), under Current Database, uncheck
Allow Full Menu, and assign your own startup Menu Bar.

The difficulty with Access 2003-style menus and toolbars in Access 2007
is that you must use VBA code to create them. Or create them in Access
2003 and you can use that database directly in Access 2007, or import
the menus and toolbars.

- Steve

0 new messages