|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Creating a secure database on a networkOk so this is my first time creating a secure database on a server. Can
anyone point in the right direction where I might find some step by step instructions on how to create a secure database on a server? I want my users to be set up in groups and be able to log on to the database from their desktops. Review the links I have accumulated here:
http://home.bendbroadband.com/conradsystems/accessjunkie/resources.html#Security -- Show quoteHide quoteJeff Conrad Access Junkie - MVP http://home.bendbroadband.com/conradsystems/accessjunkie.html http://www.access.qbuilt.com/html/articles.html "Secret Squirrel" wrote in message: news:7E0AE8E8-A2C5-4DCF-A55B-E36860F2FCC0@microsoft.com... > Ok so this is my first time creating a secure database on a server. Can > anyone point in the right direction where I might find some step by step > instructions on how to create a secure database on a server? I want my users > to be set up in groups and be able to log on to the database from their > desktops. Thank you for the links but I still have a couple of questions;
Most of that information doesn't talk about a database on a server, or maybe it does and I'm just not understanding it. Do I need to do anything to the users desktops in order for them to get a login prompt? Also, where does the System.mdw file go if the database is on the server? I have a link on everyone's desktop right now to access the database, can they use that same link or do I need to modify it? There is just so much involved with this security that I'm get very confused. Show quoteHide quote "Jeff Conrad" wrote: > Review the links I have accumulated here: > > http://home.bendbroadband.com/conradsystems/accessjunkie/resources.html#Security > > -- > Jeff Conrad > Access Junkie - MVP > http://home.bendbroadband.com/conradsystems/accessjunkie.html > http://www.access.qbuilt.com/html/articles.html > > > "Secret Squirrel" wrote in message: > news:7E0AE8E8-A2C5-4DCF-A55B-E36860F2FCC0@microsoft.com... > > > Ok so this is my first time creating a secure database on a server. Can > > anyone point in the right direction where I might find some step by step > > instructions on how to create a secure database on a server? I want my users > > to be set up in groups and be able to log on to the database from their > > desktops. > > > Well before we even begin to talk about what needs to be done on the
server, let's take a few steps back then. Let's work on the security of the database itself first. 1. Have you *correctly* set up User Level Security on this database? (I assume we are talking a Jet back end, correct?) 2. Have you split the database into a back end and front end? 3. Did you create your own workgroup file and set up groups and users? 4. Did you name your custom workgroup file something other than the name of your front end file, the back end file, and system.mdw? 5. Have you verified that you have correctly set up security by attempting to open the database while joined to the default system workgroup file Access uses? 6. Are all of your users going to be using the same Access version or are we talking mixed versions here? -- Show quoteHide quoteJeff Conrad Access Junkie - MVP http://home.bendbroadband.com/conradsystems/accessjunkie.html http://www.access.qbuilt.com/html/articles.html "Secret Squirrel" wrote in message: news:90FE3344-8446-434E-9B9C-AF6D48993D05@microsoft.com... > Thank you for the links but I still have a couple of questions; > > Most of that information doesn't talk about a database on a server, or maybe > it does and I'm just not understanding it. Do I need to do anything to the > users desktops in order for them to get a login prompt? Also, where does the > System.mdw file go if the database is on the server? I have a link on > everyone's desktop right now to access the database, can they use that same > link or do I need to modify it? There is just so much involved with this > security that I'm get very confused. Ok
1. Well that's what I've been tinkering with at home. I've been testing setting up user security on another database. I have no idea what a jet back end is either. 2. No I have not split it into a back end and a front end. I don't enough about that to successfully do that yet. So to answer the balance of your questions, I have been learning how to do all of that. And all my users will be using the same version, 2K. Show quoteHide quote "Jeff Conrad" wrote: > Well before we even begin to talk about what needs to be done on the > server, let's take a few steps back then. Let's work on the security > of the database itself first. > > 1. Have you *correctly* set up User Level Security on this database? > (I assume we are talking a Jet back end, correct?) > > 2. Have you split the database into a back end and front end? > > 3. Did you create your own workgroup file and set up groups > and users? > > 4. Did you name your custom workgroup file something other than > the name of your front end file, the back end file, and system.mdw? > > 5. Have you verified that you have correctly set up security by attempting > to open the database while joined to the default system workgroup > file Access uses? > > 6. Are all of your users going to be using the same Access version > or are we talking mixed versions here? > > -- > Jeff Conrad > Access Junkie - MVP > http://home.bendbroadband.com/conradsystems/accessjunkie.html > http://www.access.qbuilt.com/html/articles.html > > > "Secret Squirrel" wrote in message: > news:90FE3344-8446-434E-9B9C-AF6D48993D05@microsoft.com... > > > Thank you for the links but I still have a couple of questions; > > > > Most of that information doesn't talk about a database on a server, or maybe > > it does and I'm just not understanding it. Do I need to do anything to the > > users desktops in order for them to get a login prompt? Also, where does the > > System.mdw file go if the database is on the server? I have a link on > > everyone's desktop right now to access the database, can they use that same > > link or do I need to modify it? There is just so much involved with this > > security that I'm get very confused. > > > "Secret Squirrel" <secretsquir***@discussions.microsoft.com> wrote in Splitting into a front-end and back-end is FAR simpler than applying message news:63A7BE29-3AF1-4E95-A4A5-CD85836655C7@microsoft.com... > > 2. No I have not split it into a back end and a front end. I don't enough > about that to successfully do that yet. security! Check what Tony Toews has at http://www.granite.ab.ca/access/splitapp/index.htm, or simply use the built-in wizard. -- Doug Steele, Microsoft Access MVP http://I.Am/DougSteele (no e-mails, please!) "Secret Squirrel" wrote in message:
news:63A7BE29-3AF1-4E95-A4A5-CD85836655C7@microsoft.com... If you have no idea what a Jet back end is most likely you are using one> 1. Well that's what I've been tinkering with at home. I've been testing > setting up user security on another database. I have no idea what a jet back > end is either. then. I wanted to see if your data was going to be in an Access/Jet database as opposed to SQL Server. Setting up the server side of things is relatively easy once you have security set up properly on the database. So we need to concentrate on this for the moment. Continue studying the links I provided earlier to make sure you have a *properly* secured database. > 2. No I have not split it into a back end and a front end. I don't enough You will definitely want to split this database so as to avoid corruption.> about that to successfully do that yet. You don't want all of your hard work going down the tubes. Review the splitting links I have here: http://home.bendbroadband.com/conradsystems/accessjunkie/splitting.html > So to answer the balance of your questions, I have been learning how to do That sounds good. Mixed versions can create some additional issues so> all of that. And all my users will be using the same version, 2K. it looks like you do not have to worry about this. For now, do not worry about any server issues, concentrate on really understanding how User Level Security works on your test database. Once you have that down and everything works perfectly, the rest will be a snap. -- Jeff Conrad Access Junkie - MVP http://home.bendbroadband.com/conradsystems/accessjunkie.html http://www.access.qbuilt.com/html/articles.html OK I have a basic understanding of how the user security works. I've
successfully set up users on my test database. Now I'm ready to understand the server part of things. Which I guess is the easy part. I've also read up on how to split my database and I will do that once everything is in place. So where do I go from here regarding the server? Also, how do I prompt new users to enter a new password? Do I set that for them or can they do that when they log in for the first time? Show quoteHide quote "Jeff Conrad" wrote: > "Secret Squirrel" wrote in message: > news:63A7BE29-3AF1-4E95-A4A5-CD85836655C7@microsoft.com... > > > 1. Well that's what I've been tinkering with at home. I've been testing > > setting up user security on another database. I have no idea what a jet back > > end is either. > > If you have no idea what a Jet back end is most likely you are using one > then. I wanted to see if your data was going to be in an Access/Jet database > as opposed to SQL Server. > > Setting up the server side of things is relatively easy once you have security > set up properly on the database. So we need to concentrate on this for > the moment. > > Continue studying the links I provided earlier to make sure you have a > *properly* secured database. > > > 2. No I have not split it into a back end and a front end. I don't enough > > about that to successfully do that yet. > > You will definitely want to split this database so as to avoid corruption. > You don't want all of your hard work going down the tubes. Review > the splitting links I have here: > > http://home.bendbroadband.com/conradsystems/accessjunkie/splitting.html > > > So to answer the balance of your questions, I have been learning how to do > > all of that. And all my users will be using the same version, 2K. > > That sounds good. Mixed versions can create some additional issues so > it looks like you do not have to worry about this. > > For now, do not worry about any server issues, concentrate on really understanding > how User Level Security works on your test database. Once you have that down > and everything works perfectly, the rest will be a snap. > > -- > Jeff Conrad > Access Junkie - MVP > http://home.bendbroadband.com/conradsystems/accessjunkie.html > http://www.access.qbuilt.com/html/articles.html > > > I strongly recommend splitting the database and *testing* before setting
things up on the server. Here is what you need to do. 1. Place the BE (back-end) data tables file in a common folder on the server that everyone has access to. All users must have full permissions on this folder. 2. Place the MDW (workgroup file) used to secure the database in the same folder as well. Make sure they have different file names. 3. Create a FE (front end) file and place it somewhere on *each* user's machine. Maybe like in their My Documents folder. Make sure the links to the BE file are working. 4. Create a desktop shortcut on *each* user's desktop with the proper parameters. Similar to the one you probably have, but it might differ. Make sure it includes the path to the msaccess.exe file, the FE database file, and the workgroup (MDW) file on the server. Double clicking the icon will bring up the login screen for your users to gain entry into the secured database. This all assumes of course you have set up security properly. -- Show quoteHide quoteJeff Conrad Access Junkie - MVP http://home.bendbroadband.com/conradsystems/accessjunkie.html http://www.access.qbuilt.com/html/articles.html "Secret Squirrel" wrote in message: news:7432FB30-2B48-4563-88B4-9710A5CDB109@microsoft.com... > OK I have a basic understanding of how the user security works. I've > successfully set up users on my test database. Now I'm ready to understand > the server part of things. Which I guess is the easy part. I've also read up > on how to split my database and I will do that once everything is in place. > So where do I go from here regarding the server? > > Also, how do I prompt new users to enter a new password? Do I set that for > them or can they do that when they log in for the first time? Before I run this test I have two questions..
If I want to change a query or report down the road, how would I go about this if I put the FE on everyone's desktop? Will I have to change it on everyone's pc? Also, can you give me an example of what the shortcut should be like? Show quoteHide quote "Jeff Conrad" wrote: > I strongly recommend splitting the database and *testing* before setting > things up on the server. > > Here is what you need to do. > 1. Place the BE (back-end) data tables file in a common folder on the > server that everyone has access to. All users must have full permissions > on this folder. > 2. Place the MDW (workgroup file) used to secure the database > in the same folder as well. Make sure they have different file names. > 3. Create a FE (front end) file and place it somewhere on *each* user's > machine. Maybe like in their My Documents folder. Make sure the > links to the BE file are working. > 4. Create a desktop shortcut on *each* user's desktop with the proper > parameters. Similar to the one you probably have, but it might differ. > Make sure it includes the path to the msaccess.exe file, the FE database > file, and the workgroup (MDW) file on the server. > > Double clicking the icon will bring up the login screen for your > users to gain entry into the secured database. This all assumes of > course you have set up security properly. > > -- > Jeff Conrad > Access Junkie - MVP > http://home.bendbroadband.com/conradsystems/accessjunkie.html > http://www.access.qbuilt.com/html/articles.html > > "Secret Squirrel" wrote in message: > news:7432FB30-2B48-4563-88B4-9710A5CDB109@microsoft.com... > > > OK I have a basic understanding of how the user security works. I've > > successfully set up users on my test database. Now I'm ready to understand > > the server part of things. Which I guess is the easy part. I've also read up > > on how to split my database and I will do that once everything is in place. > > So where do I go from here regarding the server? > > > > Also, how do I prompt new users to enter a new password? Do I set that for > > them or can they do that when they log in for the first time? > > > "Secret Squirrel" wrote in message:
news:2B89A4B1-8290-4361-9081-E6A9173C2CC3@microsoft.com... Comments in-line....> Before I run this test I have two questions.. You would need to give each user a new FE file. Depending upon how often> > If I want to change a query or report down the road, how would I go about > this if I put the FE on everyone's desktop? Will I have to change it on > everyone's pc? you make changes and the number of users, this could be very easy or tedious. MVP Tony Toews has a utility to handle this for you here: http://www.granite.ab.ca/access/autofe.htm I have not used it myself, but have heard very good things about it. I know what you are thinking: "Wouldn't it be easier just to have one file on the server for all the users to share?" The answer is definitely NO because you will have FAR greater chances of database corruption with users sharing the same file! All your hard work would be lost. Do not stray towards the dark side. > Also, can you give me an example of what the shortcut should be like? At this point I have to ask:"How are you opening the secured database on your machine?" You should be opening it from a shortcut icon with the correct parameters. If you are joined to the custom workgroup file at all times (which I suspect) this is not really the way to go. The shortcut syntax is generally like so: "Path to MSACCESS.EXE here" "Path to database file here" /WRKGRP "Path to workgroup file here" All of that would be on one line. You would need to modify for your needs such as where Access has been installed and where you have your files. Now since the workgroup file will be on the server you'll have something like so: "Path to MSACCESS.EXE here" "Full path to FE on user's PC" /WRKGRP "Full path to MDW on server" For the last part you can use UNC like so: "\\ServerName\ShareName\Security.mdw" (Just an example, you will need to modify) -- Jeff Conrad Access Junkie - MVP http://home.bendbroadband.com/conradsystems/accessjunkie.html http://www.access.qbuilt.com/html/articles.html Ok I will work on creating a FE/BE setup.
As for the shortcut, right now I have a shortcut on their desktops pointing to the database on the server. It's unprotected right now but as you can tell I'm working on setting up security for it. I was going to have the workgroup joined at all times but you say that is not a good idea. Why is that? Also, do I put all the syntax for the shortcut in the target field? Show quoteHide quote "Jeff Conrad" wrote: > "Secret Squirrel" wrote in message: > news:2B89A4B1-8290-4361-9081-E6A9173C2CC3@microsoft.com... > > Comments in-line.... > > > Before I run this test I have two questions.. > > > > If I want to change a query or report down the road, how would I go about > > this if I put the FE on everyone's desktop? Will I have to change it on > > everyone's pc? > > You would need to give each user a new FE file. Depending upon how often > you make changes and the number of users, this could be very easy or tedious. > MVP Tony Toews has a utility to handle this for you here: > > http://www.granite.ab.ca/access/autofe.htm > > I have not used it myself, but have heard very good things about it. > > I know what you are thinking: > "Wouldn't it be easier just to have one file on the server for all the users to share?" > > The answer is definitely NO because you will have FAR greater chances of > database corruption with users sharing the same file! All your hard work > would be lost. Do not stray towards the dark side. > > > Also, can you give me an example of what the shortcut should be like? > > At this point I have to ask: > "How are you opening the secured database on your machine?" > > You should be opening it from a shortcut icon with the correct parameters. > If you are joined to the custom workgroup file at all times (which I suspect) > this is not really the way to go. > > The shortcut syntax is generally like so: > > "Path to MSACCESS.EXE here" "Path to database file here" /WRKGRP "Path to workgroup file here" > > All of that would be on one line. You would need to modify for your needs such > as where Access has been installed and where you have your files. Now since > the workgroup file will be on the server you'll have something like so: > > "Path to MSACCESS.EXE here" "Full path to FE on user's PC" /WRKGRP "Full path to MDW on server" > > For the last part you can use UNC like so: > > "\\ServerName\ShareName\Security.mdw" > > (Just an example, you will need to modify) > > -- > Jeff Conrad > Access Junkie - MVP > http://home.bendbroadband.com/conradsystems/accessjunkie.html > http://www.access.qbuilt.com/html/articles.html > > > "Secret Squirrel" wrote in message:
news:8EF38896-6F1E-4898-8D36-1416FDAB904F@microsoft.com... Comments in-line....> Ok I will work on creating a FE/BE setup. Excellent, you will not regret this, trust me.> As for the shortcut, right now I have a shortcut on their desktops pointing If you are joined to the secure workgroup file at all times then if you or> to the database on the server. It's unprotected right now but as you can tell > I'm working on setting up security for it. I was going to have the workgroup > joined at all times but you say that is not a good idea. Why is that? any of your other users decides to create *any* new databases or open *any* other exiting non-secured databases, they will be prompted for a User Name/Password. By using a shortcut with the correct parameters you and your users can create and manage any non-secured databases without hassles and at the same time temporarily use the custom workgroup file for that one secured database. Make sense? > Also, do I put all the syntax for the shortcut in the target field? That's correct; it all goes in the Target area of the shortcut.-- Jeff Conrad Access Junkie - MVP http://home.bendbroadband.com/conradsystems/accessjunkie.html http://www.access.qbuilt.com/html/articles.html To be certain you understand security and the limitations, AND how to crack
it, be sure to also review the links here at the same site: http://home.bendbroadband.com/conradsystems/accessjunkie/mdetomdb.html The ENTIRE process of Access Security (not just mde), in ALL aspects, is rendered useless for security purposes. Or nearly so. HTH Chris "Jeff Conrad" <je***@ernstbrothers.com> wrote in message http://home.bendbroadband.com/conradsystems/accessjunkie/resources.html#Securitynews:%23jLumkC3FHA.1420@TK2MSFTNGP09.phx.gbl... > Review the links I have accumulated here: > > Show quoteHide quote > > -- > Jeff Conrad > Access Junkie - MVP > http://home.bendbroadband.com/conradsystems/accessjunkie.html > http://www.access.qbuilt.com/html/articles.html > 
Other interesting topics
Basing Object Permissions on Ownership
Access Tools Menu Disabled Creating user-level security with MS Access file on a network Permissions Display logged on user - Stupid question #1 Database Access problems Access security best practice - Stupid question(s) #2 Access Security Invalid page fault in module RPCRT4.dll Adobe 7.0 and Office Access 2003 |
|||||||||||||||||||||||
