Access Security?

Hello All,

What are the best ways to implement security for Access databases (i.e.
.MDB files)?

I ask the question from a general perspective. Why? Well I had written
a prototype database which I split. So I thought that I'd implement
security on it. The security worked great for both groups (i.e. Admins
& Users), but after looking at the detail I took it a little further.

What I did was move the .MDW file that I created in Access 2k.
Afterward both the front and back end database files (.MDB files) that
I created and secured with the .MDW file were accessible. I was able
to change the name of tables. So without spending much more time I
thought that I'd ask the general question from the perspective of only
using .MDB files. I have read about the use of .MDE files, but haven't
looked at them in detail.

I will state that security is relative, and nothing is ever totally
secure. From the brief exposure that I've had it looks like security
really is twofold. If I'm wrong please correct me. First, on network
you have to be able to administer the distribution of a .MDW file to
replace the System.MDW file for users to facilitate the group and user
security within Access. Second, the back end .MDW files can be secured
by the OS's path user's/group's permissions or rights. Also I should
state that I haven't really looked into the .MDW file administration
issue, so I maybe missing a big piece of the puzzle.

I have done some reading and know that I need to read the whole Security
FAQ per http://support.microsoft.com/kb/q207793/, but I thought this
would be a good question to ask the experienced users. I'm not looking
for the great debate, just some good guidance.

Am I looking at this correctly? Am I missing a large piece of the
puzzle? Or what?

The piece of the puzzle that you're missing is that the default "system.mdw "
should be left alone so that "non-secured" apps can still open and that your
custom workgroup information file (mdw) should be stored on a server where
all of your users can access it. Users would then join your workgroup on a
session by session basis using a desktop shortcut to the mdb with the
"/wrkgrp" switch in the command line. No "administration " of the mdw file
necessary other than the upkeep of the users and groups.

Do the users only have read writes to the MDW file on the server? I
don't know where the password is stored. Where ever the password is
stored the user would have to be able to update that file. I'm just
thinking out loud, so correct me if I'm wrong.

On Fri, 11 Nov 2005 20:44:17 GMT, Greg Strong <NoJunk@NoJunk4 U².com>
wrote:

Do the users only have read writes to the MDW file on the server? I
don't know where the password is stored. Where ever the password is
stored the user would have to be able to update that file. I'm just
thinking out loud, so correct me if I'm wrong.

Per
http://support.microsoft.com/default...#_Toc493299661
the workgroup file includes password, so users would have to have update
permissions/rights.

"Greg Strong" <NoJunk@NoJunk4 U².com> wrote in message
news:iu******** *************** *********@4ax.c om...

On Fri, 11 Nov 2005 20:44:17 GMT, Greg Strong <NoJunk@NoJunk4 U².com>
wrote:

Do the users only have read writes to the MDW file on the server? I
don't know where the password is stored. Where ever the password is
stored the user would have to be able to update that file. I'm just
thinking out loud, so correct me if I'm wrong.
Per
http://support.microsoft.com/default...#_Toc493299661
the workgroup file includes password, so users would have to have
update permissions/rights.

Users need RWXD permissions to the folder

In order to be able to dynamically create the LDB file....
to where the mdb and mdw
reside and RWX to the files themselves.