By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
445,841 Members | 1,757 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 445,841 IT Pros & Developers. It's quick & easy.

Security--User Account PIDs

P: n/a
For the purposes of reconstructing an MDW, should the worst ever come about,
is there any incentive for me to record user account PIDs? Certainly there's
plenty of incentive to record PIDs for all groups and for the administrator
account, but if all permissions are coming from the groups, do I need to be
able to reconstruct the exact same users?

Object ownership? That would give me incentive to record the PID for the
account I use to administer the database, right? But the others?

--
Jeremy Wallace
AlphaBet City Dataworks
http://www.ABCDataworks.com

Nov 12 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a

Jeremy,

On Fri, 27 Feb 2004 11:03:24 -0500, "Jeremy Wallace"
<ab**********@AlphaBetCityDataworks.com> wrote in
comp.databases.ms-access:
For the purposes of reconstructing an MDW, should the worst ever come about,
is there any incentive for me to record user account PIDs? Certainly there's
plenty of incentive to record PIDs for all groups and for the administrator
account, but if all permissions are coming from the groups, do I need to be
able to reconstruct the exact same users?
If you are ABSOLUTELY CERTAIN that no permission OR ownership data is
ever user-specific, then, yes, you can ignore user pids and simply
save enough data to recreate the groups, then create new users with or
without original pids (ie, AdamX in GroupOne does not need to be the
same as AdamX in the old GroupOne, as long as GroupOne is in fact
identical). But make sure you're not forgetting about any permission
or ownership issues in rarely used or system level objects.
Object ownership? That would give me incentive to record the PID for the
account I use to administer the database, right?
Yes, although ownership can be shifted to groups instead of your
authoring user, too, so the original logic still applies.
But the others?


....are not needed, provided you haven't forgotten about anything.
Cicle through all objects in code, checking ownership and permissions.
Make sure you're not missing anything before committing to this
approach.

Peter Miller
__________________________________________________ __________
PK Solutions -- Data Recovery for Microsoft Access/Jet/SQL
Free quotes, Guaranteed lowest prices and best results
www.pksolutions.com 1.866.FILE.FIX 1.760.476.9051
Nov 12 '05 #2

P: n/a
On Fri, 27 Feb 2004 11:03:24 -0500, "Jeremy Wallace"
<ab**********@AlphaBetCityDataworks.com> wrote:

You are correct.

I often create security groups just for the purpose of giving members
access to certain features. Groups like CanSeeSalaryData,
CanSetJobToNonTaxable, etc. Since my code only checks the group name,
and these groups are in no way used to secure objects, that seems a
perfectly valid approach.

-Tom.
For the purposes of reconstructing an MDW, should the worst ever come about,
is there any incentive for me to record user account PIDs? Certainly there's
plenty of incentive to record PIDs for all groups and for the administrator
account, but if all permissions are coming from the groups, do I need to be
able to reconstruct the exact same users?

Object ownership? That would give me incentive to record the PID for the
account I use to administer the database, right? But the others?


Nov 12 '05 #3

P: n/a
Tom van Stiphout <to*****@no.spam.cox.net> wrote in
news:ol********************************@4ax.com:
I often create security groups just for the purpose of giving
members access to certain features. Groups like CanSeeSalaryData,
CanSetJobToNonTaxable, etc. Since my code only checks the group
name, and these groups are in no way used to secure objects, that
seems a perfectly valid approach.


I actually almost never use Access/Jet security for anything other
than user identification. I don't secure the code or forms or
tables, but I use group membership to control access to features of
the application. In that case, the user PIDs have no function.

Of course, I use the same PID for every user I create.

The only time I've ever done anything different was when I actually
was securing the application, but I've only done that twice.

--
David W. Fenton http://www.bway.net/~dfenton
dfenton at bway dot net http://www.bway.net/~dfassoc
Nov 12 '05 #4

P: n/a
Thanks all. Just wanted to make sure I wasn't missing something. I am quite
strict about running all permissions based on groups, not users, so I think
I'm safe.

Jeremy

--
Jeremy Wallace
AlphaBet City Dataworks
http://www.ABCDataworks.com
"Jeremy Wallace" <ab**********@AlphaBetCityDataworks.com> wrote in message
news:L5********************@speakeasy.net...
For the purposes of reconstructing an MDW, should the worst ever come about, is there any incentive for me to record user account PIDs? Certainly there's plenty of incentive to record PIDs for all groups and for the administrator account, but if all permissions are coming from the groups, do I need to be able to reconstruct the exact same users?

Object ownership? That would give me incentive to record the PID for the
account I use to administer the database, right? But the others?

--
Jeremy Wallace
AlphaBet City Dataworks
http://www.ABCDataworks.com

Nov 12 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.