By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,850 Members | 967 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,850 IT Pros & Developers. It's quick & easy.

Security & Linking/Importing Tables in Access 2000

P: n/a
Hello,
I have a problem that I was hoping to get some assistance with. I
have built a split database (back end with all the tables and a
password to protect the information & a front end to link to it).

I have followed the Access Security model to create security over my
Front End database (create a new workgroup, remove the admin user from
the admins group, change permissions on the users group to very
limited access etc).

Here is my problem. I have linked all the tables in my front end
(with the password) & my security works fine within this database.
I have then created a new blank database & imported all of the tables
from the Front End. The import brings across all the valid links to
the back end & allows me to delete, append, add & update data although
i have disallowed most of these functions in the security model.

Does anyone have any suggestions on how I can fix my security issue &
stop people from accessing this security hole.

Thanks in advance.

patcho
Nov 13 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
I had the same problem at work where there were just 2 user accounts, mine
and a gen user account. A nosey so and so took it upon himself to show how
clever he was and did what you described and left little clues for me to
show that he had been there.

I got round it by removing ALL permissions on all the tables in the backend
for the gen-user account.

Make sure you set the permissions on the backend and not the frontend as
they will still be able to import from the backend. You need to make sure
that you are the owner of all the tables too.

I left my account with full access to everything and sure that all the
queries in the FE are set to run with OwnerAccess Option. You do this by
opening the query in design view and go to the properties. From the list,
select owner's in run permissions. This means that people logged in as a
gen-user can't open the tables but can run the queries that read from them.

Mark
"patcho" <sp*******@fm.optus.net.au> wrote in message
news:71*************************@posting.google.co m...
Hello,
I have a problem that I was hoping to get some assistance with. I
have built a split database (back end with all the tables and a
password to protect the information & a front end to link to it).

I have followed the Access Security model to create security over my
Front End database (create a new workgroup, remove the admin user from
the admins group, change permissions on the users group to very
limited access etc).

Here is my problem. I have linked all the tables in my front end
(with the password) & my security works fine within this database.
I have then created a new blank database & imported all of the tables
from the Front End. The import brings across all the valid links to
the back end & allows me to delete, append, add & update data although
i have disallowed most of these functions in the security model.

Does anyone have any suggestions on how I can fix my security issue &
stop people from accessing this security hole.

Thanks in advance.

patcho

Nov 13 '05 #2

P: n/a
sp*******@fm.optus.net.au (patcho) wrote:
I have followed the Access Security model to create security over my
Front End database (create a new workgroup, remove the admin user from
the admins group, change permissions on the users group to very
limited access etc).


Hi.

There is a major difference between the "database password" and invoking
user-level security, so be sure you understand the difference :o)

As Mark has stated make sure that you deny access to the "Users" group for
all of your objects *including* the database object (this appears in the
drop down list above the default 'tables').

I would also recommend denying access to all tables for all but the admin
user and use queries set to run with owner access.

The step-by-step example on how to secure an app on my website might be
useful (there's all sorts of junk on there ;-), use the left-hand panel to
find Access).

HTH - Keith.
www.keithwilby.org.uk
Nov 13 '05 #3

P: n/a
Thank you very much to both Mark & Keith,

It looks like I was about 60% of the way there & just missed the crucial
parts :-)

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 13 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.