Security on a split Database

[Jedi420]

I had a secured Access database (secured properly!) that I recently began working on again. To facilitate multi-user access, I split the database. I noticed, however, that the security did NOT extend to my backend DB ... only the front-end mde file.

That means that anyone can just open my backend and do whatever they want to my data. Placing a password on the backend restricts access from the front end. Is there something I'm missing? Should I try to implement security on the Back-end? Any advice or suggestions will be greatly appreciated. (^_^)

-Jedi420

A man who has risked his life knows that careers are worthless, and a man who will not risk his career has a worthless life.

 

[FancyPrairie]

Yes, you need to secure the backend. I would use the Security Wizard to do it (it will make a backup copy of your db prior to securing it). You also need to tell the Security Wizard to use the workgroup your front end is using. Once the BE db has been secured, then open the secured db and set your permissions.

If you are unfamiliar with doing this, make a backup copy of your BE db prior to doing anything (even though Access will create a backup of your unsercured db anyway).

 

[Jedi420]

When I open the BE and try to run the security wizard, I get a message saying, "The security wizard cannot be run on a database when you are both logged on as the Admin user and the database has been previously secured. To fix this problem, you may log on as another member of the Admins group of import all object to a new database". I think importing to a new database would be the best/easiest option, since my BE didnt inherit any of the user accounts that my old consolidated DB did. Would you recommend this course of action?

-Jedi420

A man who has risked his life knows that careers are worthless, and a man who will not risk his career has a worthless life.

 

[FancyPrairie]

It's kind of hard for me to figure how your FE and BE are setup (security wise). You might as well try what you suggested. I can't think of another way of doing it. Be sure to backup your BE db before trying it. But it doesn't sound like the security was originally done correctly. When one secures a database, user Admin and group Users should have no rights to anything. And it sounds like you're coming in as user Admin.

Just an FYI...

I start out with unsecured FE and BE, launch the FE and assign a password to user Admin. I then create a new user account, assigning the new user to the group Admins. I then exit the db and restart it and login in as the new user. Then I run the Security Wizard and have it create a new workgroup where the new user is the only user of the database. After the db has been secured and all objects have been assigned to the new user, then I create group(s) and assign privileges to the group(s). I then create user accounts and assign users to groups. None of the users are assigned any privileges nor is user Admin or group Users. All user privileges are based on the group to which they are assigned.

 

[Jedi420]

I've found an even better solution. To have some security on your back-end database without having to go through to pains of setting up security on it and synching that to the security of your front-end, you can simply put a password on the BE. You have to relink your tables on the front end though so the link string has the password in it, otherwise, you'll get an error message saying 'Invalid Password'.

With a password on the BE, no one can just open your DB, nor can they open a new DB and link to your tables. I know that Access password are more of a detterent than anything (if you really want to get it, YOU CAN!), but I'm satisfied with this solution. Hope this helps anyone with similar concerns.

-Jedi420

A man who has risked his life knows that careers are worthless, and a man who will not risk his career has a worthless life.