Prevent Unauthorized User from Accessing Database

[CathyLynnHughes]

I have security set up on my Access Database (Tools/Security/User and Group Permissions/User and Group Accounts). I have removed all access for Users Group and created other groups that have access. My provisioners get into the database through a shortcut that combines the System.mdw and the database ("C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE" "P:\Portout Database\PortOut Database .mdb" /wrkgrp "P:\Portout Database\System.mdw").
This works fine.

The problem is when there is an unauthorized user who has access to the P Drive and Microsoft Access. This person can actually get into the database without going through any of the security questions (User ID and Password). I have to go into his computer through Security/Workgroup Administrator and click join so that his database is joined to the System.mdw where I have the security set up. After I do this, the User ID and Password are required whenever this person goes into the database.

I know there must be a better way to do this so that an unauthorized user may never access the database without going through security (User Id and Password).

What do I need to do differently?

 

[barny2006]

you can password protect a database.

 

[barny2006]

you can do this under tools, security, set database password.

 

[PHV]

Have you revoked all permissions from the default Admin user ?

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ181-2886

 

[CathyLynnHughes]

Dear barny2006,

The database password idea (tools, security, set database password) worked great. Thank you.

 

[CathyLynnHughes]

The password for the database works great to prevent unauthorized access to the database, but I have a different problem with authorized users.

I mentioned that I initially go into an authorized user’s computer through Security/Workgroup Administrator and click join so that his database is joined to the System.mdw where I have the security set up.

Sometimes IT does something to the user’s computer, and the database is no longer joined to the System.mdw where I have the security set up. Instead it is linked to the original System.mdw in which anyone (User Group) can get into anything and do anything.

What can I do to ensure that the database is always linked to the System.mdw where I have the security set up?

 

[Ed2020]

Database passwords may be an easy answer to your problem, but they're far from a good solution.

Database passwords in Access are extremely easy to crack. Also once a user is in it does nothing to restrict access to design priviledges.

PHV has, as usual, hit the nail on the head. You have quite possibly set up your users and groups correctly, but you have not removed all rights from the default Admin user.

In answer to your other question regarding the changing of the joined workgroup file I find the easiest answer is to provide users with a desktop shortcut that specifies the required MDW file (and user name and password if you prefer). This way Access can be joined to any MDW file and the shortcut will override it.

Ed Metcalfe.

Please do not feed the trolls.....

 

[barny2006]

you can also hide the design access from users. using hide/unhide features. where the user is just looking at the user interface, and nothing else. tables, queries, forms, everything will be inaccessible. the only thing that will be available, is user interface(the form).

 

[CathyLynnHughes]

Dear ED2020,

My provisioners get into the database through a desktop shortcut that combines the System.mdw and the database ("C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE" "P:\Portout Database\PortOut Database .mdb" /wrkgrp "P:\Portout Database\System.mdw").
This works fine.

The problem occurs if they go directly into the database without going through the shortcut. In such a situation, the user is connected to the default System.mdw and can get into anything.

PHV mentioned removing all permissions from the default Admin user. In the System.mdw where I have the security set up, I have removed all permissions for the Admins Group. The group still exists, but it has no permissions.

What else do I need to do to remove all permissions from the default Admin user?

 

[Ed2020]

You also need to switch the the "users" view in the permissions window and remove the rights from the "Admin" user (as well as the "Admins" group)

Ed Metcalfe.

Please do not feed the trolls.....

 

[CathyLynnHughes]

Dear Ed2020
I have already removed the rights from the "Admin" user in the "Users" view in the permissions window. As I stated before, I have also removed the Admins Group Permissions. This has all been done in the System.MDW where I have the security set-up.

Do I also have to do this in the default System.MDW? Do I have to go into each user's computer and do this? Will this prevent the user from accessing my database through the default System.MDW and getting into anything that they want to get into?

 

[Ed2020]

Cathy,

In addition to removing the Admin user rights in your MDW file you will also need to set a password for the Admin user (again, in your MDW file).

As you will need to log in as this user to do this you will need to:

1. Give the Admin full rights to the database.
2. Log in as the Admin user and add a password.
3. Log in as another user (again with full rights).
4. Remove all rights from the Admin user.

Ed Metcalfe.

Please do not feed the trolls.....

 

[JerryKlmns]

And something not mentioned yet but its common proactice to

"C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE" "P:\Portout Database\PortOutDatabase.mdb" /wrkgrp "P:\Portout Database\PortOutDatabase.mdw").