Security Advice - FE/BE 1

[Blorf]

Hi.

Fairly new to access security. I set it all up, built my groups, users, assigned rights and all is well.

Now though I think I should split to Front End and Back.

Question:
If I split, will the FE and BE know rights based on the work group file I created, or do I need to re do the setup on one or the either?

Second, is it better to share the Front end, or give each user a copy? If I use copies for each user, will the one work group file work, or does each user need their own copy of that also? I would think the admin person would want to only control one work group, so I think I already know the answer to the second part.

Hope I am making sense.

Thanks,
ChaZ

There Are 10 Types Of People In The world:
Those That Understand BINARY And Those That Don’t.

 

[RobSindle]

What I do when I split a secured database is essentially copy it (via the file system), calling one MyApp.mdb and the other MyData.mdb.
Open the Mydata.mdb (while logged into your secured workgroup) and delete all forms/reports/queries/(most) modules.


Open the Myapp.mdb and blow away the tables and link to the backend.

When you're ready to deploy, typical use is: Put backend and workgroup file somewhere on the network.
(Make sure to relink your front-end to the backend using UNC) (i.e., \\machinename\FullPathTo\MyData.mdb)

Definitely better, in a standard LAN situation, to push out a front-end to each user.

Set up the target box on the shortcut for each that is essentially:

"C:\FullPathTo\MsAccess.exe" /wrkgrp "\\Machinename\Pathto\Workgroup.mdw" "C:\YourLocalDirectory\MyApp.mdb"


Good luck.

 

[Blorf]

That makes quite a bit of sense.

Because both copies are set to use the same security settings, this works I think.

When you log into MyApp with your name and password, that log in info also handles the security on MyData?



There Are 10 Types Of People In The world:
Those That Understand BINARY And Those That Don’t.

 

[RobSindle]

Essentially, yes.
But you CAN set the permissions separately, if you want.
For instance, if you permissions for a group on a table (link) in the front-end to Administer and set the permissions on the table itself (in the backe-end) to Read-only, then anyone from that group accessing through the front-end will only get read-only.

If you use this method to split the db, make sure you check the permissions on the front-end tables after you delete and relink to be sure they have the permissions you want.
Rob

 

[Blorf]

Thank you very much for the time and advice. I will do as you suggested and let you know how it turns out.

ChaZ

There Are 10 Types Of People In The world:
Those That Understand BINARY And Those That Don’t.

 

[Blorf]

Hi.

I would not have beleived it would be that simple, but wow, cool, neat, and all that.

I did notice that although the copied Data sied maintained security settings as I liked them, the app side, after I created the links, denied all users access. So.., In the Front side, I gave all groups full access to the linked tables, which made it let the users read the back end tables, and the security on that side took care of all my needs.


Again, I thank you very much,
ChaZ

There Are 10 Types Of People In The world:
Those That Understand BINARY And Those That Don’t.