|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
More ULS ProblemsLadies and Gentlemen:
I’m having a problem with ULS similar to the one discussed in one of the blows below (ULS Flaw?). I’m running MS Access 2003 on Windows XP. I’ve already created all the groups and users, and have assigned all the permissions; all under a new workgroup. Lastly I ran the ULS Wizard which created the .bak file and gave me the nice summery report at the end. I checked the ownerships, to include that of the database itself, and none of the objects are owned my Admin. That said, I can still sign in to a different workgroup (i.e. the original system.mdw file) and can access the file without any challenge. Did I miss a step in securing the file? Is there a way to verify that the file is actually secured? Please help. A-Mart On Thu, 10 May 2007 14:18:02 -0700, Alex T. Martínez <AlexTMart***@discussions.microsoft.com> wrote:
Show quote >Ladies and Gentlemen: Yes, you obviously missed a step, since with a correctly secured database you would not be able to log in with a> >I’m having a problem with ULS similar to the one discussed in one of the >blows below (ULS Flaw?). I’m running MS Access 2003 on Windows XP. I’ve >already created all the groups and users, and have assigned all the >permissions; all under a new workgroup. Lastly I ran the ULS Wizard which >created the .bak file and gave me the nice summery report at the end. I >checked the ownerships, to include that of the database itself, and none of >the objects are owned my Admin. > >That said, I can still sign in to a different workgroup (i.e. the original >system.mdw file) and can access the file without any challenge. Did I miss a >step in securing the file? Is there a way to verify that the file is >actually secured? Please help. different workgoup. I suggest using the .bak file (which is basically your original file) and trying this again, expect using either (a) the Security wizard to do the entire security process or (b) doing the entire process yourself by following Joan Wild's process: http://www.jmwild.com/Accesssecurity.htm (see the step by step instructions). Don't forget to make a copy of your file first, just in case. Scott McDaniel scott@takemeout_infotrakker.com www.infotrakker.com At this stage, you should be able to logon as (say)(a user who you say should
not have permissions)(or any other way probably), and go through the User and Group permissions and FIND OUT which user or group has such permissions when they should not have. Starting with Database Permissions and going through other objects as well. One of the criticisms of Security Wizard, apart from potential bugs in the wizard vs ULS (which may or may not be true), is that it shields you from a full understanding of ULS. I believe, in the longer term, you MUST be capable of going through the users and groups, and many objects of course, to see where an errant permission lies. One school of thought, is that "wizards" just try to hide this understanding from you! The obvious thing, is that NO permissions should be assigned to any standard user or group supplied in a default Access program. I agree that some "step" must have been missed. And that the SecFAQ seems to list the Sec Wizard as a step. But I do not agree that the Wizard should be used at all!!! (for evidence, your own post) HTH Chris (I have never used the security wizard, probably because I didn't know about it when I started!) (for a free alternate security analyser, same info as in-built but arguably more presentable, see this tool -which is nothing to do with me- : http://www.grahamwideman.com/gw/tech/access/permexpl/index.htm ) (closing bracket) Show quote "Alex T. Martínez" <AlexTMart***@discussions.microsoft.com> wrote in message news:618A2A1E-A0E1-45A7-B964-AA79D3F4C71F@microsoft.com... > Ladies and Gentlemen: > > I'm having a problem with ULS similar to the one discussed in one of the > blows below (ULS Flaw?). I'm running MS Access 2003 on Windows XP. I've > already created all the groups and users, and have assigned all the > permissions; all under a new workgroup. Lastly I ran the ULS Wizard which > created the .bak file and gave me the nice summery report at the end. I > checked the ownerships, to include that of the database itself, and none of > the objects are owned my Admin. > > That said, I can still sign in to a different workgroup (i.e. the original > system.mdw file) and can access the file without any challenge. Did I miss a > step in securing the file? Is there a way to verify that the file is > actually secured? Please help. > > > A-Mart > I really hate to keep pestering, but, after printing out the step-by-step
instructions and doing exactly what they said, I can still open the “secure†file by joining the default workgroup (system.mdw). The shortcut works fine since it automatically joins you to the right workgroup, but opening the root file is another story. The step-by-step instructions suggested that I shouldn’t be able to open that file at all, but that’s not the case. What did I miss? Thanks for the prompt response, btw. A-Mart Show quote "Chris Mills" wrote: > At this stage, you should be able to logon as (say)(a user who you say should > not have permissions)(or any other way probably), and go through the User and > Group permissions and FIND OUT which user or group has such permissions when > they should not have. Starting with Database Permissions and going through > other objects as well. > > One of the criticisms of Security Wizard, apart from potential bugs in the > wizard vs ULS (which may or may not be true), is that it shields you from a > full understanding of ULS. I believe, in the longer term, you MUST be capable > of going through the users and groups, and many objects of course, to see > where an errant permission lies. One school of thought, is that "wizards" just > try to hide this understanding from you! > > The obvious thing, is that NO permissions should be assigned to any standard > user or group supplied in a default Access program. > > I agree that some "step" must have been missed. And that the SecFAQ seems to > list the Sec Wizard as a step. But I do not agree that the Wizard should be > used at all!!! (for evidence, your own post) > > HTH > Chris > > (I have never used the security wizard, probably because I didn't know about > it when I started!) > > (for a free alternate security analyser, same info as in-built but arguably > more presentable, see this tool -which is nothing to do with me- : > http://www.grahamwideman.com/gw/tech/access/permexpl/index.htm > > ) (closing bracket) > > > "Alex T. MartÃnez" <AlexTMart***@discussions.microsoft.com> wrote in message > news:618A2A1E-A0E1-45A7-B964-AA79D3F4C71F@microsoft.com... > > Ladies and Gentlemen: > > > > I'm having a problem with ULS similar to the one discussed in one of the > > blows below (ULS Flaw?). I'm running MS Access 2003 on Windows XP. I've > > already created all the groups and users, and have assigned all the > > permissions; all under a new workgroup. Lastly I ran the ULS Wizard which > > created the .bak file and gave me the nice summery report at the end. I > > checked the ownerships, to include that of the database itself, and none of > > the objects are owned my Admin. > > > > That said, I can still sign in to a different workgroup (i.e. the original > > system.mdw file) and can access the file without any challenge. Did I miss > a > > step in securing the file? Is there a way to verify that the file is > > actually secured? Please help. > > > > > > A-Mart > > > > > Alex T. Martínez wrote:
> I really hate to keep pestering, but, after printing out the There's a very simple concept that expalins that. When you open a file with a > step-by-step instructions and doing exactly what they said, I can > still open the "secure" file by joining the default workgroup > (system.mdw). The shortcut works fine since it automatically joins > you to the right workgroup, but opening the root file is another > story. The step-by-step instructions suggested that I shouldn't be > able to open that file at all, but that's not the case. What did I > miss? Thanks for the prompt response, btw. workgroup that does not require a login, then you are doing so as the user 'Admin', member of the group 'Users'. In a properly secured file neither of those entities should have any permissions or own any of the objects (including the database object). If you can open your file with a workgroup that does not prompt you to log in then either 'Admin' or 'Users' has some permissions or owns the database. There can be no other explanation. -- Rick Brandt, Microsoft Access MVP Email (as appropriate) to... RBrandt at Hunter dot com I finally got it to work (had to do the whole thing over again). I read in
one of the earlier blogs that there is a way to do this without using the ULS Wizard. I've never had good experience with MS Wizards, and I avoid them like the plague. I'd rather learn how to do it manually if at all possible. Again, thanks for all the help and advise! A-Mart Show quote "Rick Brandt" wrote: > Alex T. MartÃnez wrote: > > I really hate to keep pestering, but, after printing out the > > step-by-step instructions and doing exactly what they said, I can > > still open the "secure" file by joining the default workgroup > > (system.mdw). The shortcut works fine since it automatically joins > > you to the right workgroup, but opening the root file is another > > story. The step-by-step instructions suggested that I shouldn't be > > able to open that file at all, but that's not the case. What did I > > miss? Thanks for the prompt response, btw. > > There's a very simple concept that expalins that. When you open a file with a > workgroup that does not require a login, then you are doing so as the user > 'Admin', member of the group 'Users'. > > In a properly secured file neither of those entities should have any permissions > or own any of the objects (including the database object). > > If you can open your file with a workgroup that does not prompt you to log in > then either 'Admin' or 'Users' has some permissions or owns the database. There > can be no other explanation. > > -- > Rick Brandt, Microsoft Access MVP > Email (as appropriate) to... > RBrandt at Hunter dot com > > > > This suggests there may be a bug with the Wizard. But I wouldn't know, since
(as stated) I have never used the wizard. If there IS a bug with the wizard then: a) it is bad that MS hasn't fixed it? b) it is bad that it's a listed step in the SecFAQ last time I checked (cant be bothered right now) From my brief reading of the previous thread "ULS Flaw?" (until it exited-right off my screen due to it's length), I got the impression that it sounded like a WIZARD BUG (???) This sort of stuff, Bugs in Wizards, IF true, surely newbies could do without? Especially since wizards are hopefully there specifically to assist newbies? Oh I give up, I'm getting myself into a circular loop... ;-) Chris Show quote "Alex T. Martínez" <AlexTMart***@discussions.microsoft.com> wrote in message news:CCACAB31-6364-43FE-8B9E-169F63EF24F7@microsoft.com... > I finally got it to work (had to do the whole thing over again). I read in > one of the earlier blogs that there is a way to do this without using the ULS > Wizard. I've never had good experience with MS Wizards, and I avoid them > like the plague. I'd rather learn how to do it manually if at all possible. > Again, thanks for all the help and advise! > > > A-Mart >  |
|||||||||||||||||||||||
Other interesting topics