By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
426,107 Members | 1,318 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 426,107 IT Pros & Developers. It's quick & easy.

Still able to link to a secured DB

P: n/a
Hi and Thanks in advance!

I am able to link to a MSAccess 2000 db that I secured. I have removed
all permissions from the Admin user and actually the whole users group
and admins group. I changed the database owner to a user I call owner.
But, I can still link to this db from an unsecured database. Can you
think of anything else to check?

Thanks,
Kathy
Nov 12 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a

"KathyK" <ka*************@nike.com> wrote in message
news:df**************************@posting.google.c om...
Hi and Thanks in advance!

I am able to link to a MSAccess 2000 db that I secured. I have removed
all permissions from the Admin user and actually the whole users group
and admins group. I changed the database owner to a user I call owner.
But, I can still link to this db from an unsecured database. Can you
think of anything else to check?

Thanks,
Kathy


If you can get access from an unsecured database/workgroup (where you
are automatically logged on as the default user 'admin') it means that
'admin' has still got too many permissions. This comes about as all
'admin' accounts are identical regardless of database or workgroup.

Probably 'admin' is still a members of 'admins' in your new workgroup
file (you did create a new workgroup file didn't you?) and thus inherits
its permissions. You cannot remove implicit permissions from 'admins',
you must therefore be careful who is allowed to be a member of it, start
with the minimum, ie only your owner account. Also check that 'admin'
and 'users' have no permissions to the database itself as well the
objects in it. All accounts are members of 'users' so its permissions
are also critical.

If you still cannot see the problem get the security FAQ from M$ and
follow the recipe there carefully.

David
Nov 12 '05 #2

P: n/a
I did create a new workgroup file. I created my own DBAdmin group and
only those people have all rights. I removed all rights from the admin
group and the user group and removed the admin user from the admin
group. The admin user is not a member of any group but the user group.
I changed the ownership of the database and all abjects.
I'm still stumped! I'm going to get the Faq, but any other thouyghts
would be helpful!
Kathy
"David Hare-Scott" <pr*****@nowhere.com> wrote in message news:<RX********************@news-server.bigpond.net.au>...
"KathyK" <ka*************@nike.com> wrote in message
news:df**************************@posting.google.c om...
Hi and Thanks in advance!

I am able to link to a MSAccess 2000 db that I secured. I have removed
all permissions from the Admin user and actually the whole users group
and admins group. I changed the database owner to a user I call owner.
But, I can still link to this db from an unsecured database. Can you
think of anything else to check?

Thanks,
Kathy


If you can get access from an unsecured database/workgroup (where you
are automatically logged on as the default user 'admin') it means that
'admin' has still got too many permissions. This comes about as all
'admin' accounts are identical regardless of database or workgroup.

Probably 'admin' is still a members of 'admins' in your new workgroup
file (you did create a new workgroup file didn't you?) and thus inherits
its permissions. You cannot remove implicit permissions from 'admins',
you must therefore be careful who is allowed to be a member of it, start
with the minimum, ie only your owner account. Also check that 'admin'
and 'users' have no permissions to the database itself as well the
objects in it. All accounts are members of 'users' so its permissions
are also critical.

If you still cannot see the problem get the security FAQ from M$ and
follow the recipe there carefully.

David

Nov 12 '05 #3

P: n/a
How are you logging onto the workgroup? Is it being done by setting your
new workgroup as the default workgroup (using the workgroup administrator)
or using the Access command line switches?

Also did you secure the database using the user level security wizard?

Sorry to ask about things that you've probably already thought of but Jet
Security is rather like taming a wild bear - dangerous and messy while
learning but of immense satisfaction once you've got it cracked!

"KathyK" <ka*************@nike.com> wrote in message
news:df**************************@posting.google.c om...
I did create a new workgroup file. I created my own DBAdmin group and
only those people have all rights. I removed all rights from the admin
group and the user group and removed the admin user from the admin
group. The admin user is not a member of any group but the user group.
I changed the ownership of the database and all abjects.
I'm still stumped! I'm going to get the Faq, but any other thouyghts
would be helpful!
Kathy
"David Hare-Scott" <pr*****@nowhere.com> wrote in message

news:<RX********************@news-server.bigpond.net.au>...
"KathyK" <ka*************@nike.com> wrote in message
news:df**************************@posting.google.c om...
Hi and Thanks in advance!

I am able to link to a MSAccess 2000 db that I secured. I have removed
all permissions from the Admin user and actually the whole users group
and admins group. I changed the database owner to a user I call owner.
But, I can still link to this db from an unsecured database. Can you
think of anything else to check?

Thanks,
Kathy


If you can get access from an unsecured database/workgroup (where you
are automatically logged on as the default user 'admin') it means that
'admin' has still got too many permissions. This comes about as all
'admin' accounts are identical regardless of database or workgroup.

Probably 'admin' is still a members of 'admins' in your new workgroup
file (you did create a new workgroup file didn't you?) and thus inherits
its permissions. You cannot remove implicit permissions from 'admins',
you must therefore be careful who is allowed to be a member of it, start
with the minimum, ie only your owner account. Also check that 'admin'
and 'users' have no permissions to the database itself as well the
objects in it. All accounts are members of 'users' so its permissions
are also critical.

If you still cannot see the problem get the security FAQ from M$ and
follow the recipe there carefully.

David

Nov 12 '05 #4

P: n/a

"Ben Eaton" <be************@hotmail.com> wrote in message
news:bn**********@news.wplus.net...
How are you logging onto the workgroup? Is it being done by setting your new workgroup as the default workgroup (using the workgroup administrator) or using the Access command line switches?

Also did you secure the database using the user level security wizard?

Sorry to ask about things that you've probably already thought of but Jet Security is rather like taming a wild bear - dangerous and messy while
learning but of immense satisfaction once you've got it cracked!


If the mdb is properly secured the result of attempting to open it using
the incorrect workgroup should be no access. If the custom groups and
accounts are visible then the correct workgroup ust be in use.

David
Nov 12 '05 #5

P: n/a

"KathyK" <ka*************@nike.com> wrote in message
news:df**************************@posting.google.c om...
I did create a new workgroup file. I created my own DBAdmin group and
only those people have all rights. I removed all rights from the admin
group and the user group and removed the admin user from the admin
group. The admin user is not a member of any group but the user group.
I changed the ownership of the database and all abjects.
I'm still stumped! I'm going to get the Faq, but any other thouyghts
would be helpful!
Kathy


You have missed something, one of the steps that you think you has done
has not in fact been done.

Try this test. Attempt to open the MDB using your custom workgroup and
logon as 'admin', you should have its password as you must give it one
to invoke the logon process. You should not be able to open it. If you
can then that account has permision to do so either explicitly or
implicitly though membership of a group that has permission. Go though
these things again as you have missed something. If all else fails
follow the FAQ recipe.
David
Nov 12 '05 #6

P: n/a
If you are logging into a workgroup that has permissions to use those
tables, then you can most certainly link to those tables from another
database.

If you are able to link to the database when logged into a different
workgroup, then you have a problem.

However, if you have given a user access to the tables, and they are logged
intot he correct workgroup, then then they will be able to link to them. You
can prevent this, but it is certanly a bit of work. (you will have to read
the secirty FAQ).
--
Albert D. Kallal (MVP)
Edmonton, Alberta Canada
No************@msn.com
http://www.attcanada.net/~kallal.msn
Nov 12 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.