|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Linked Tables Security ProblemI'm involved with a project at work where we are using two different databases. The project is split into two areas. I manage one and another colleague manages the other. I'm quite new at this stuff so I posted in here and there and read the articles regarding securing the database when I created it. My colleague (who's a know it all) went right ahead and created his database telling me how I should secure mine by doing this and that and he even went to far to encypt his also. I'm still learning, so I took my time and followed the advice from here and on the net articles including the Microsoft one. We are supposedly both Administrators of our own databases and read only users of the other. We're using Access 97 When I set my database up I secured it manually using the help from here and the net. My colleague used the Wizard and went on to encrypt his also (why - I'm not sure) OK - Thats the intro Now the question I thought it might be useful to share information between the two databases by use of linked tables. I tried to access his database which it let me do and it also let me link the table. Fine so far but I thought I was a read only user in his database. Surprisingly it also lets me edit his data and delete it as well. So I tried it the other way around - linking one of my tables from within his database. Rightly, it denied the request citing security and access privileges. So as it would seem his database is not actually secure but mine is. My question finally is why ? What is different in the set up to let me see his data AND edit it but he can't see my data because it fails to link the table.
Show quote
Hide quote
"Reader1" <read***@james.com> wrote in message From what you have stated your colleague is indeed a "know it all" and you news:7fQzg.64465$ST2.19800@newsfe5-win.ntli.net... > > I tried to access his database which it let me do and it also let me link > the table. > Fine so far but I thought I was a read only user in his database. > Surprisingly it also lets me edit his data and delete it as well. > > So I tried it the other way around - linking one of my tables from within > his database. > Rightly, it denied the request citing security and access privileges. > > So as it would seem his database is not actually secure but mine is. > > My question finally is why ? > know far more than he because you have (a) read up on the subject and (b) did *not* use the wizard to set up your security. If you can edit his data then he has missed one or more steps in the securing process. The problem with the wizard is that it does stuff but doesn't tell you and you learn nothing about the process. Your colleague needs to read the FAQ from MS (link on my web site) to fully understand what's going on, although how you convince him on that is another topic ;-) If you haven't read it (it sounds like you have) then I can't stress enough how important it is that you do if you too want a full understanding. Regards, Keith. www.keithwilby.com > From what you have stated your colleague is indeed a "know it all" and you Unfortunately, one of the limitations of the FAQ is that one of the steps> know far more than he because you have (a) read up on the subject and (b) > did *not* use the wizard to set up your security. > Your colleague needs to read the FAQ from MS (link on my web site) to fully > understand what's going on, although how you convince him on that is another > topic ;-) is....THE WIZARD. (Step 7, have you read it Keith?) For the record, I also disagree with using Wizards. Therefore, I disagree with the FAQ. Regards Chris "Chris Mills" <phad_nospam@cleardotnet.nz> wrote in message Step 1.7, yes. It does puzzle me that para 1 states "You may elect not to news:uL9Lt33tGHA.3552@TK2MSFTNGP03.phx.gbl... > > Unfortunately, one of the limitations of the FAQ is that one of the steps > is....THE WIZARD. > (Step 7, have you read it Keith?) > use the Security Wizard and to secure the database manually by following these steps." and then goes on to tell you to open the wizard, but I think the document as a whole still has value. Keith. I think the SecFAQ (in step 7) gives a little bit of explanation BEYOND just
saying use the Wizard (it explains briefly what it does). If one reads it that way<g>. It is not my intention to say that the SecFAQ is ANY OTHER THAN the best document we have. But it's also dangerous to treat it mantra-like, because it certainly has limitations. (not many, but I have at least one other). The danger is that, treating the SecFAQ as Gospel could cause newbies not to question it, which is unscientific/or just plain Bad. e.g. The Bible. It's Crap. It says the Sun revolves around the Earth (Bruno died at the stake <became steaks>), and that The Earth is only so many years old. The SecFAQ is not untrue in the same way, but it DOES say use the Wizard, which is neither true nor untrue. Keep recommending it! Whilst always maintaining the ability to question... Cheers Chris Show quoteHide quote "Keith Wilby" <h***@there.com> wrote in message news:44d2fe42$1_1@glkas0286.greenlnk.net... > "Chris Mills" <phad_nospam@cleardotnet.nz> wrote in message > news:uL9Lt33tGHA.3552@TK2MSFTNGP03.phx.gbl... > > > > Unfortunately, one of the limitations of the FAQ is that one of the steps > > is....THE WIZARD. > > (Step 7, have you read it Keith?) > > > > Step 1.7, yes. It does puzzle me that para 1 states "You may elect not to > use the Security Wizard and to secure the database manually by following > these steps." and then goes on to tell you to open the wizard, but I think > the document as a whole still has value. > > Keith. > > The problem, is not really understanding the FAQ or anything else, it's that
Reader1 actually tested it and Colleague didn't. By Testing, I mean attempting to get in by "disallowed means". If you could access "Colleague" database, when he thought he disallowed it, then it's VERY VERY simple. Either your Username, or a Group you are joined to, has access permissions to his database and/or his objects. There is no other reason. Find which permission(s) is allowing you access. (There's a squillion permissions for sure, but this is the reason) Once you have setup Security (and the SecFAQ certainly helps), there are only two ways to subsequently check your security permissions: 1) The Access User Interface (Tools, Security...) 2) http://www.grahamwideman.com/gw/tech/access/permexpl/index.htm > encrypt his also (why - I'm not sure) otherwise you could use any system dump utility to read text out of thedatabase file. It is said that encryption is pointless-given that Access ULS can be so easily broken-nevertheless it prevents THAT type of file dumping. One *stupid* objection is that you can easily decrypt, which is true if you can break ULS, but in that case you wouldn't be needing to use dump utilities, because you're in anyway! All my files are encrypted, and I never need to decrypt them to get into them within Access. It is said that Encryption imposes a 10% performance penalty, which may well be true, and you may well think to be pointless overhead. Nevertheless, it does what it claims to do (and nothing more). Chris Show quoteHide quote "Reader1" <read***@james.com> wrote in message news:7fQzg.64465$ST2.19800@newsfe5-win.ntli.net... > Hello > > I'm involved with a project at work where we are using two different > databases. > > The project is split into two areas. > > I manage one and another colleague manages the other. > > I'm quite new at this stuff so I posted in here and there and read the > articles regarding securing the database when I created it. > > My colleague (who's a know it all) went right ahead and created his database > telling me how I should secure mine by doing this and that and he even went > to far to encypt his also. > > I'm still learning, so I took my time and followed the advice from here and > on the net articles including the Microsoft one. > > We are supposedly both Administrators of our own databases and read only > users of the other. > > We're using Access 97 > > When I set my database up I secured it manually using the help from here and > the net. > > My colleague used the Wizard and went on to encrypt his also (why - I'm not > sure) > > OK - Thats the intro > > Now the question > > I thought it might be useful to share information between the two databases > by use of linked tables. > > I tried to access his database which it let me do and it also let me link > the table. > Fine so far but I thought I was a read only user in his database. > Surprisingly it also lets me edit his data and delete it as well. > > So I tried it the other way around - linking one of my tables from within > his database. > Rightly, it denied the request citing security and access privileges. > > So as it would seem his database is not actually secure but mine is. > > My question finally is why ? > > What is different in the set up to let me see his data AND edit it but he > can't see my data because it fails to link the table. > > 
Other interesting topics
application deployment for SP2
New Post - Owner deleted - No backups, nothing! shift override in split database Problem with Multi-users in Access97 Suggestion on deploying and securing an Access appl Disabling Password in Access... Database Password how I add an username + posword to a mdb file? Hiding database window In Security, Workgroup Administrator Add Check Box to always point |
|||||||||||||||||||||||
