RE: [MS_AccessPros] Re: Moving a secured 2003 db to a 2010 environment

 

Phil-

User-level security has its "bits and pieces" stored in two places:

1) The mdw file defines all the users and their passwords and the groups to which those users belong. It also has a unique ID that gets stored in any database you create while connected to the mdw.

2) The permissions to the database itself and all objects in the database are stored in the database.

Some key points:

a) The internal "ID" for the Admin user and the Users group is the same in all mdw files. This is why you must "lock out" the Users group and make the database owned by someone other than Admin in your database.

b) Anyone in the Admins group of the original mdw can modify permissions in a secured database associated with the mdw.

c) The internal ID for all users other than Admin and all Groups other than User is generated using the "key" of the mdw. You cannot simply create an identical ID in another mdw and expect it to work - the internal key won't match the key of the user in the database permission profiles.

Does that help?

John Viescas, author
Microsoft Office Access 2010 Inside Out
Microsoft Office Access 2007 Inside Out
Building Microsoft Access Applications
Microsoft Office Access 2003 Inside Out
SQL Queries for Mere Mortals
http://www.viescas.com/
(Paris, France)

------------------------
From: MS_Access_Professionals@yahoogroups.com [mailto:MS_Access_Professionals@yahoogroups.com] On Behalf Of Phil Knowles
Sent: Thursday, March 29, 2012 11:50 AM
To: MS_Access_Professionals@yahoogroups.com
Subject: Re: [MS_AccessPros] Re: Moving a secured 2003 db to a 2010 environment

Hi John

Thank you for taking the time to respond to my query.

You were right, I had not yet done step 5.

I have done that now and it has achieved what I wanted but I don't fully understand why and to satisfy my curiosity I wondered if you could explain it to me.

If I now copy the secured database to another (unsecured) computer but do not copy the corresponding WIF, then access is using system.mdw with this secured database.

Clearly, for the database to block usage it must have stored inside it somewhere the fact that the Users group has no permissions and/or admin is not in the admins group whereas I assumed that this protection was defined and held in the WIF.

Can you please tell me how and where this is held in the database rather than the WIF.

thanks once again

Phil




________________________________
From: John Viescas <JohnV@msn.com>
To: MS_Access_Professionals@yahoogroups.com
Sent: Wednesday, 28 March 2012, 12:09
Subject: RE: [MS_AccessPros] Re: Moving a secured 2003 db to a 2010 environment

Phil-

When you "secured" your database, you should have done:

1) Create a new .mdw
2) Add a password to Admin in the new .mdw
3) Create a new user in the Admins group and assign a password
4) Copy all your objects to a new database while signed on as the new user – that makes sure that Admin does NOT own the database.
5) Remove all permissions to all objects for the USERS group in the new database.
6) Create new users and groups and assign permission as needed.

I suspect you skipped step 5.

John Viescas, author
Microsoft Office Access 2010 Inside Out
Microsoft Office Access 2007 Inside Out
Building Microsoft Access Applications
Microsoft Office Access 2003 Inside Out
SQL Queries for Mere Mortals
http://www.viescas.com/
(Paris, France)

-----------------------------------

From: MS_Access_Professionals@yahoogroups.com [mailto:MS_Access_Professionals@yahoogroups.com] On Behalf Of Phil Knowles
Sent: Wednesday, March 28, 2012 12:29 PM
To: MS_Access_Professionals@yahoogroups.com
Subject: Re: [MS_AccessPros] Re: Moving a secured 2003 db to a 2010 environment

Hi Bill

I did but if the database file is copied and put on a PC over which I have no control and has the standard system .mdw then it would appear that it will open quite happily with no security. Is this the case?

cheers

Phil

________________________________
From: Bill Mosca <wrmosca@comcast.net>
To: MS_Access_Professionals@yahoogroups.com
Sent: Tuesday, 27 March 2012, 20:10
Subject: [MS_AccessPros] Re: Moving a secured 2003 db to a 2010 environment

Your Name?

It sounds like you did not give Admin a password and remove all his permissions. You must do that so Admin cannot open the database.

Bill Mosca, founder

--- In MS_Access_Professionals@yahoogroups.com, "pdk444444" <pdk444444@...> wrote:
>
> I have a db created in 2003 and I want to move it to 2010 but at the same time introduce usernames and passwords.
>
> I have set up the usernames and passwords on a 2003 PC and am now trying to move the db and the associated .mdw file (where all the usernames and passwords are defined) to a pc running 2010.
>
> This has worked fine and I have created desktop shortcuts to use the appropriate .mdw file.
>
> However, if I simply run access 2010 and then open the db, it ignores the mdw file I want it to use and uses the default system.mdw - this has the effect of opening the database with no security!
>
> How can I make sure that the database will only open in conjunction with the correct associated mdw file?
>

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]

__._,_.___

Reply to sender | Reply to group | Reply via web post | Start a New Topic

Messages in this topic (8)

Recent Activity:

• New Members 6
• New Files 3

Visit Your Group

Switch to: Text-Only, Daily Digest • Unsubscribe • Terms of Use

.

__,_._,___