|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
folder security nightmare to allow .ldb file deletionI read the following...
"If you plan to share a database, the .mdb file should be located in a folder where users have read, write, create, and delete privileges." (from http://support.microsoft.com/kb/q208778/ Introduction to .ldb files in Access 2000) My worst nightmare has finally occured: someone deleted the .mdb file being shared. (Lucky for backups.) How do you prevent mischief and/or clutsyness from playing havoc with the folder in whcih the shared database file is located if you have to leave its permissions wide open for it. Am I doing something wrong? Gerald Petron You need to beat up the user that did this.
OK, that may not go over well; you could remove the delete permission on the folder. The ldb won't get deleted, and you may occasionally have to delete it (signed in as a user who does have permission to delete it), if you have problems. Another option is to hide the folder, so that users can't get to it so easily. You use \\servername\share$ rather than \\servername\share to hide it. They could still get to it using Windows Explorer, but they'd have to know the path (so don't tell them) -- Joan Wild Microsoft Access MVP Show quote "Jerry Petron" <Jerry Pet***@discussions.microsoft.com> wrote in message news:AF640B2B-765E-4D29-A5F3-91000BF9DBF7@microsoft.com... >I read the following... > > "If you plan to share a database, the .mdb file should be located in a > folder where users have read, write, create, and delete privileges." > > (from http://support.microsoft.com/kb/q208778/ Introduction to .ldb files in > Access 2000) > > My worst nightmare has finally occured: someone deleted the .mdb file being > shared. (Lucky for backups.) > > How do you prevent mischief and/or clutsyness from playing havoc with the > folder in whcih the shared database file is located if you have to leave its > permissions wide open for it. > > Am I doing something wrong? > > Gerald Petron > Of course, the file permissions will be changed every time you compact the
database. Depending on the user permissions, MichKa has a solution to that issue at http://www.trigeminal.com/codes.asp?ItemID=25#25 -- Doug Steele, Microsoft Access MVP http://I.Am/DougSteele (no private e-mails, please) "Joan Wild" <jwild@nospamtyenet.com> wrote in message You need to beat up the user that did this.news:uopDAUDEIHA.748@TK2MSFTNGP04.phx.gbl... OK, that may not go over well; you could remove the delete permission on the folder. The ldb won't get deleted, and you may occasionally have to delete it (signed in as a user who does have permission to delete it), if you have problems. Another option is to hide the folder, so that users can't get to it so easily. You use \\servername\share$ rather than \\servername\share to hide it. They could still get to it using Windows Explorer, but they'd have to know the path (so don't tell them) -- Joan Wild Microsoft Access MVP Show quote "Jerry Petron" <Jerry Pet***@discussions.microsoft.com> wrote in message news:AF640B2B-765E-4D29-A5F3-91000BF9DBF7@microsoft.com... >I read the following... > > "If you plan to share a database, the .mdb file should be located in a > folder where users have read, write, create, and delete privileges." > > (from http://support.microsoft.com/kb/q208778/ Introduction to .ldb files > in > Access 2000) > > My worst nightmare has finally occured: someone deleted the .mdb file > being > shared. (Lucky for backups.) > > How do you prevent mischief and/or clutsyness from playing havoc with the > folder in whcih the shared database file is located if you have to leave > its > permissions wide open for it. > > Am I doing something wrong? > > Gerald Petron > I thought the file would inherit permissions from the folder?
-- Joan Wild Microsoft Access MVP Show quote "Douglas J. Steele" <NOSPAM_djsteele@NOSPAM_canada.com> wrote in message news:ODLR2tDEIHA.3916@TK2MSFTNGP02.phx.gbl... > Of course, the file permissions will be changed every time you compact the > database. > > Depending on the user permissions, MichKa has a solution to that issue at > http://www.trigeminal.com/codes.asp?ItemID=25#25 > > -- > Doug Steele, Microsoft Access MVP > http://I.Am/DougSteele > (no private e-mails, please) > > > "Joan Wild" <jwild@nospamtyenet.com> wrote in message > news:uopDAUDEIHA.748@TK2MSFTNGP04.phx.gbl... > You need to beat up the user that did this. > > OK, that may not go over well; you could remove the delete permission on the > folder. The ldb won't get deleted, and you may occasionally have to delete > it (signed in as a user who does have permission to delete it), if you have > problems. > > Another option is to hide the folder, so that users can't get to it so > easily. You use > \\servername\share$ rather than \\servername\share to hide it. They could > still get to it using Windows Explorer, but they'd have to know the path (so > don't tell them) > > -- > Joan Wild > Microsoft Access MVP > "Jerry Petron" <Jerry Pet***@discussions.microsoft.com> wrote in message > news:AF640B2B-765E-4D29-A5F3-91000BF9DBF7@microsoft.com... >>I read the following... >> >> "If you plan to share a database, the .mdb file should be located in a >> folder where users have read, write, create, and delete privileges." >> >> (from http://support.microsoft.com/kb/q208778/ Introduction to .ldb files >> in >> Access 2000) >> >> My worst nightmare has finally occured: someone deleted the .mdb file >> being >> shared. (Lucky for backups.) >> >> How do you prevent mischief and/or clutsyness from playing havoc with the >> folder in whcih the shared database file is located if you have to leave >> its >> permissions wide open for it. >> >> Am I doing something wrong? >> >> Gerald Petron >> > > "Joan Wild" <jwild@nospamtyenet.com> wrote in Only in a file system copy operation. news:epnXYyNEIHA.3636@TK2MSFTNGP03.phx.gbl: > I thought the file would inherit permissions from the folder? One trick might be to automate your compact such that you compact to a file in a different folder with no delete permissions, and then *move* the file back to the original location. Move operations retain permissions, while copy inherits. I don't know if that would work -- just an idea. Sorry: I missed the fact that you were suggesting that delete permission be
removed from the folder. I thought you were suggesting that it be removed only from the file. -- Doug Steele, Microsoft Access MVP http://I.Am/DougSteele (no private e-mails, please) "Joan Wild" <jwild@nospamtyenet.com> wrote in message I thought the file would inherit permissions from the folder?news:epnXYyNEIHA.3636@TK2MSFTNGP03.phx.gbl... -- Joan Wild Microsoft Access MVP Show quote "Douglas J. Steele" <NOSPAM_djsteele@NOSPAM_canada.com> wrote in message news:ODLR2tDEIHA.3916@TK2MSFTNGP02.phx.gbl... > Of course, the file permissions will be changed every time you compact the > database. > > Depending on the user permissions, MichKa has a solution to that issue at > http://www.trigeminal.com/codes.asp?ItemID=25#25 > > -- > Doug Steele, Microsoft Access MVP > http://I.Am/DougSteele > (no private e-mails, please) > > > "Joan Wild" <jwild@nospamtyenet.com> wrote in message > news:uopDAUDEIHA.748@TK2MSFTNGP04.phx.gbl... > You need to beat up the user that did this. > > OK, that may not go over well; you could remove the delete permission on > the > folder. The ldb won't get deleted, and you may occasionally have to > delete > it (signed in as a user who does have permission to delete it), if you > have > problems. > > Another option is to hide the folder, so that users can't get to it so > easily. You use > \\servername\share$ rather than \\servername\share to hide it. They could > still get to it using Windows Explorer, but they'd have to know the path > (so > don't tell them) > > -- > Joan Wild > Microsoft Access MVP > "Jerry Petron" <Jerry Pet***@discussions.microsoft.com> wrote in message > news:AF640B2B-765E-4D29-A5F3-91000BF9DBF7@microsoft.com... >>I read the following... >> >> "If you plan to share a database, the .mdb file should be located in a >> folder where users have read, write, create, and delete privileges." >> >> (from http://support.microsoft.com/kb/q208778/ Introduction to .ldb files >> in >> Access 2000) >> >> My worst nightmare has finally occured: someone deleted the .mdb file >> being >> shared. (Lucky for backups.) >> >> How do you prevent mischief and/or clutsyness from playing havoc with the >> folder in whcih the shared database file is located if you have to leave >> its >> permissions wide open for it. >> >> Am I doing something wrong? >> >> Gerald Petron >> > > SOLUTION! (2 steps)
1. We removed the "delete" privelege from the folder. 2. We have another database linked to just one of the tables of the shared database on a 24hour-7days/week basis that does only one thing: KEEPS THE ..ldb FILE THERE ALL THE TIME. Now, anybody can log in, and when they log out, they're never the last one becuase of the continous 24-7 link. Thanks everybody. Jerry Petron Show quote "Douglas J. Steele" wrote: > Sorry: I missed the fact that you were suggesting that delete permission be > removed from the folder. I thought you were suggesting that it be removed > only from the file. > > -- > Doug Steele, Microsoft Access MVP > http://I.Am/DougSteele > (no private e-mails, please) > > > "Joan Wild" <jwild@nospamtyenet.com> wrote in message > news:epnXYyNEIHA.3636@TK2MSFTNGP03.phx.gbl... > I thought the file would inherit permissions from the folder? > > -- > Joan Wild > Microsoft Access MVP > "Douglas J. Steele" <NOSPAM_djsteele@NOSPAM_canada.com> wrote in message > news:ODLR2tDEIHA.3916@TK2MSFTNGP02.phx.gbl... > > Of course, the file permissions will be changed every time you compact the > > database. > > > > Depending on the user permissions, MichKa has a solution to that issue at > > http://www.trigeminal.com/codes.asp?ItemID=25#25 > > > > -- > > Doug Steele, Microsoft Access MVP > > http://I.Am/DougSteele > > (no private e-mails, please) > > > > > > "Joan Wild" <jwild@nospamtyenet.com> wrote in message > > news:uopDAUDEIHA.748@TK2MSFTNGP04.phx.gbl... > > You need to beat up the user that did this. > > > > OK, that may not go over well; you could remove the delete permission on > > the > > folder. The ldb won't get deleted, and you may occasionally have to > > delete > > it (signed in as a user who does have permission to delete it), if you > > have > > problems. > > > > Another option is to hide the folder, so that users can't get to it so > > easily. You use > > \\servername\share$ rather than \\servername\share to hide it. They could > > still get to it using Windows Explorer, but they'd have to know the path > > (so > > don't tell them) > > > > -- > > Joan Wild > > Microsoft Access MVP > > "Jerry Petron" <Jerry Pet***@discussions.microsoft.com> wrote in message > > news:AF640B2B-765E-4D29-A5F3-91000BF9DBF7@microsoft.com... > >>I read the following... > >> > >> "If you plan to share a database, the .mdb file should be located in a > >> folder where users have read, write, create, and delete privileges." > >> > >> (from http://support.microsoft.com/kb/q208778/ Introduction to .ldb files > >> in > >> Access 2000) > >> > >> My worst nightmare has finally occured: someone deleted the .mdb file > >> being > >> shared. (Lucky for backups.) > >> > >> How do you prevent mischief and/or clutsyness from playing havoc with the > >> folder in whcih the shared database file is located if you have to leave > >> its > >> permissions wide open for it. > >> > >> Am I doing something wrong? > >> > >> Gerald Petron > >> > > > > > > >  |
|||||||||||||||||||||||
Other interesting topics