Interesting security problem

[Autoeng]

I have set up several secured databases and have never run into this problem before and am hopeful that someone can shed some light on why it is happening.

Using Access 2K for split database with FE's local and BE and security workgroup on server. All users have shortcut calling FE and server security workgroup. Database is one form loaded at startup. All fields kept hidden until user enters part number into blank field then form fully appears. Two security groups use the database, admingrp and limitedgrp. The only rights difference between the two groups is that admingrp can update, insert, delete to tables. When a member of the limitedgrp tries to log on they are told they do not have the security to do so. For "let's see what happens" I granted admin rights to "Users" in the BE and still happening. The kicker to all of this is that if I log on as a limitedgrp use on my local machine that uses the exact same shortcut as everyone else I can get on!!

Now, who's brave enough to step into the bull ring with this one?!!

 

[ClydeDoggie]

A couple of things to try. First, the syntax for the shortcut is touchy. Are you using mapped drives in the path to the security mdw that the other users don't have? Is the syntax EXACTLY the same? Also, do the other users have the same NT permissions for the folder that the backend is in? Access security in a distributed environment depends on a lot to set up correctly, I would double check everything you thought you had done right already.

 

[Autoeng]

I have tripled checked all of your suggestion and to no avail. Here is what I have done in addition to the above to ensure that we are all pointing to the same information:

Copied my shortcut to the server. Deleted my and the users shortcut and got the same results.

Deleted the limitedgrp group. Tried to log on both mine and the users machines, neither would allow access.

Granted read permissions only to everyoneelsegrp. Users ID works on my machine but not theirs.

What a pain this has been. I've spent eight hours today only working on this problem. I hope that someone out there can find the flaw.

 

[Autoeng]

I have read the security faq's posted here many times and came across the following under chapter 12 of the Microsoft Security Faq's (

http://support.microsoft.com/default.aspx?scid=/support/Access/Content/SECFAQ.asp?SD=GN&LN=en-us)

which I think might relate to my problem described in this same thread.

The minimum permissions for a linked table require Modify Design permission on the linked table (not the base table). In Microsoft Access 2.0, Read Design permission was sufficient.

I'm not sure that I understand what this means. If I assign Modify Design permissions to the table links in my front end that automatically adds Read, Update and Delete Data permissions which for a particular group is not what I want to do.

Can anyone clarify what this statement means and if my interpretation is correct how to remove those permissions via code or any other method? Is it changes I need to be making to the backend's security that will reverse the frontend for a particular group?

 

[leummens]

In the frontend, the user needs to have all rights on the database.

You set the read/write etc rights in the backend.
This should work.

 

[Autoeng]

I figured the problem out! I'll post my stupidity here so that another won't have to go through this. I had placed the front end and the security file on the server for distribution. I thought that as long as I was working with the same front end on my local that any security changes that I made were passed along to the security file and would then be company wide. I was mistaken. Every time you change the security you have to post the front end again!

AAAUUUGGGGHHH! Live and learn!

Thanks to all that have tried to help me on this.