|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Hiding Backend FilesI have implemented security on the front- and back-end files for a timesheet
application, and after 2 days of testing, everything seems to be working as expected. It occurs to me, however, that there is nothing preventing a legitimate user or anyone who can gain casual access to our network from accidentally or purposefullly deleting the back-end files. Can anyone suggest any strategies? Thank you. Sprinks Unfortunately, MS Access does not provide a way to do this. Keep in mind that
Access files are like any other files in your network. Perhaps you might want to talk to your network administrator to prevent the deletion of files. When all else fails, always have a backup. Show quoteHide quote "Sprinks" wrote: > I have implemented security on the front- and back-end files for a timesheet > application, and after 2 days of testing, everything seems to be working as > expected. It occurs to me, however, that there is nothing preventing a > legitimate user or anyone who can gain casual access to our network from > accidentally or purposefullly deleting the back-end files. Can anyone > suggest any strategies? > > Thank you. > Sprinks Thanks, Ray.
Sprinks Show quoteHide quote "Ray" wrote: > Unfortunately, MS Access does not provide a way to do this. Keep in mind that > Access files are like any other files in your network. Perhaps you might want > to talk to your network administrator to prevent the deletion of files. > > When all else fails, always have a backup. > > > "Sprinks" wrote: > > > I have implemented security on the front- and back-end files for a timesheet > > application, and after 2 days of testing, everything seems to be working as > > expected. It occurs to me, however, that there is nothing preventing a > > legitimate user or anyone who can gain casual access to our network from > > accidentally or purposefullly deleting the back-end files. Can anyone > > suggest any strategies? > > > > Thank you. > > Sprinks You can't do much since users need almost full permissions on the folder.
You can remove the delete permission on the *file*, however the next time it is compacted, the resulting file will inherit the folder permissions, so you'd have to remove the delete permission again on the file. Another idea is to put the backend/mdw files in a hidden folder. Users won't see it in Windows Explorer (they could still get to the folder if they know the path, so don't tell them). \\servername\share$ rather than \\servername\share will hide it. -- Show quoteHide quoteJoan Wild Microsoft Access MVP Sprinks wrote: > I have implemented security on the front- and back-end files for a > timesheet application, and after 2 days of testing, everything seems > to be working as expected. It occurs to me, however, that there is > nothing preventing a legitimate user or anyone who can gain casual > access to our network from accidentally or purposefullly deleting the > back-end files. Can anyone suggest any strategies? > > Thank you. > Sprinks If a compacted file inherits the folder permissions, how about making sure
that the folder permissions not have DELETE premission from the start. Sorry, I'm not a network expert. Or how about allowing only the administrator to copy the file, compact it somewhere else, and re-copying the compacted version back in the folder. This will bring the database off-line for a while but it's worth the sacrifice. Show quoteHide quote "Joan Wild" wrote: > You can't do much since users need almost full permissions on the folder. > You can remove the delete permission on the *file*, however the next time it > is compacted, the resulting file will inherit the folder permissions, so > you'd have to remove the delete permission again on the file. > > Another idea is to put the backend/mdw files in a hidden folder. Users > won't see it in Windows Explorer (they could still get to the folder if they > know the path, so don't tell them). \\servername\share$ rather than > \\servername\share will hide it. > > > -- > Joan Wild > Microsoft Access MVP > > Sprinks wrote: > > I have implemented security on the front- and back-end files for a > > timesheet application, and after 2 days of testing, everything seems > > to be working as expected. It occurs to me, however, that there is > > nothing preventing a legitimate user or anyone who can gain casual > > access to our network from accidentally or purposefullly deleting the > > back-end files. Can anyone suggest any strategies? > > > > Thank you. > > Sprinks > > > Ray wrote:
> how about making sure The downside to this technique is that the locking database file won't be> that the folder permissions not have DELETE premission from the start. deleted when the last user exits the database, which can cause problems in a multuser database. Not to mention about the inability to compact the database, but you addressed that issue elsewhere. > Or how about allowing only the administrator to A user only needs read permission to copy the file and write permission to> copy the file, compact it somewhere else, and re-copying the compacted > version back in the folder. create a new file, so all users except the Administrator would need to be denied read permissions on the mdb file (or even the files in the directory) to prevent them from copying the file, and they would need to be denied write permissions on the directory to prevent them from writing a new file in that directory (the file that was compacted elsewhere). Unfortunately, any user who can't read the mdb file also can't open it, so only the Administrator would be able to use the database if this technique were employed. And any user who doesn't have write permissions in the directory can't create the LDB file, so the mdb file would only be opened in exclusive mode, which puts shackles on a multiuser database. Users need delete permission on the folder in order to be able to delete the
associated ldb file. -- Show quoteHide quoteJoan Wild Microsoft Access MVP Ray wrote: > If a compacted file inherits the folder permissions, how about making > sure that the folder permissions not have DELETE premission from the > start. Sorry, I'm not a network expert. Or how about allowing only > the administrator to copy the file, compact it somewhere else, and > re-copying the compacted version back in the folder. This will bring > the database off-line for a while but it's worth the sacrifice. > > "Joan Wild" wrote: > >> You can't do much since users need almost full permissions on the >> folder. You can remove the delete permission on the *file*, however >> the next time it is compacted, the resulting file will inherit the >> folder permissions, so you'd have to remove the delete permission >> again on the file. >> >> Another idea is to put the backend/mdw files in a hidden folder. >> Users won't see it in Windows Explorer (they could still get to the >> folder if they know the path, so don't tell them). >> \\servername\share$ rather than \\servername\share will hide it. >> >> >> -- >> Joan Wild >> Microsoft Access MVP >> >> Sprinks wrote: >>> I have implemented security on the front- and back-end files for a >>> timesheet application, and after 2 days of testing, everything seems >>> to be working as expected. It occurs to me, however, that there is >>> nothing preventing a legitimate user or anyone who can gain casual >>> access to our network from accidentally or purposefullly deleting >>> the back-end files. Can anyone suggest any strategies? >>> >>> Thank you. >>> Sprinks Joan,
Thank you; a hidden folder will work great. Most of my concern is about casual, accidental deletion. Sprinks Show quoteHide quote "Joan Wild" wrote: > You can't do much since users need almost full permissions on the folder. > You can remove the delete permission on the *file*, however the next time it > is compacted, the resulting file will inherit the folder permissions, so > you'd have to remove the delete permission again on the file. > > Another idea is to put the backend/mdw files in a hidden folder. Users > won't see it in Windows Explorer (they could still get to the folder if they > know the path, so don't tell them). \\servername\share$ rather than > \\servername\share will hide it. > > > -- > Joan Wild > Microsoft Access MVP > > Sprinks wrote: > > I have implemented security on the front- and back-end files for a > > timesheet application, and after 2 days of testing, everything seems > > to be working as expected. It occurs to me, however, that there is > > nothing preventing a legitimate user or anyone who can gain casual > > access to our network from accidentally or purposefullly deleting the > > back-end files. Can anyone suggest any strategies? > > > > Thank you. > > Sprinks > > > 
Other interesting topics
Can i require password from operating system for mdb file to open?
Security log ins Listing current users at startup on the autoex form Auto join to MDW Exclusive Access Baffled By Security Wizard References trying to send a secure file prevent import /export how to import form,report or module objects with project security |
|||||||||||||||||||||||
