|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
prevent users from opening the BEHi,
My application is split into FE, BE. The FE is saved as MDE and resides in the user's workstation while the BE is saved as MDB and resides in a Shared folder on the server mapped to a drive letter in all workstations. All the user have access to the Mapped Drive and the folder where the MDB resides. My question is, how can I prevent the users from opening the BE files on the server so as to keep the FE as the sole way to manipulate the data. Thanks "Omar" <O***@discussions.microsoft.com> wrote in message You need to apply user-level security. Have a look at the example on my news:D93A457E-D570-436B-9B93-519C4E8118C2@microsoft.com... > Hi, > My application is split into FE, BE. The FE is saved as MDE and resides in > the user's workstation while the BE is saved as MDB and resides in a > Shared > folder on the server mapped to a drive letter in all workstations. > All the user have access to the Mapped Drive and the folder where the MDB > resides. > My question is, how can I prevent the users from opening the BE files on > the server so as to keep the FE as the sole way to manipulate the data. > Thanks website, there's a link to the MS FAQ there too. Also, search this forum for Joan Wild's and Jeff Conrad's web sites. Keith. www.keithwilby.com Hi Again,
thanks for the reply. I did implemented the User-Level Security using the wizard, and the FE is protected that way. the BE wasn't joining the MDW, so after reading your post, I Opened the BE, and joined it to the MDW. Now, whenever i open it, the username and password dialogue box is displayed. I logged on using a username of one of the users whose access rights are limited to certain tables , but i managed to access other tables that he is supposed to have no access for. am i missing something in here? thanks Show quote "Keith Wilby" wrote: > "Omar" <O***@discussions.microsoft.com> wrote in message > news:D93A457E-D570-436B-9B93-519C4E8118C2@microsoft.com... > > Hi, > > My application is split into FE, BE. The FE is saved as MDE and resides in > > the user's workstation while the BE is saved as MDB and resides in a > > Shared > > folder on the server mapped to a drive letter in all workstations. > > All the user have access to the Mapped Drive and the folder where the MDB > > resides. > > My question is, how can I prevent the users from opening the BE files on > > the server so as to keep the FE as the sole way to manipulate the data. > > Thanks > > You need to apply user-level security. Have a look at the example on my > website, there's a link to the MS FAQ there too. Also, search this forum > for Joan Wild's and Jeff Conrad's web sites. > > Keith. > www.keithwilby.com > > Show quote
"Omar" <O***@discussions.microsoft.com> wrote in message By the sound of it yes. You need to create a new, blank database whilst news:E1269024-7DC9-4733-8D50-878F9C094CD5@microsoft.com... > Hi Again, > thanks for the reply. > I did implemented the User-Level Security using the wizard, and the FE is > protected that way. > the BE wasn't joining the MDW, so after reading your post, I Opened the > BE, > and joined it to the MDW. > Now, whenever i open it, the username and password dialogue box is > displayed. I logged on using a username of one of the users whose access > rights are limited to certain tables , but i managed to access other > tables > that he is supposed to have no access for. > am i missing something in here? > joined to your custom workgroup. Next you need to import your BE tables into it. Then you need to assign permissions as appropriate (I recommend using RWOP queries in your FE). Using the wizard doesn't give you any insight into how ULS works so I highly recommend you read and understand the FAQ if you want a properly secured app. Keith. www.keithwilby.com On Thu, 1 Nov 2007 13:34:23 -0000, "Keith Wilby" <h***@there.com> Depends on how secure you want it to be. The poor-mans version is towrote: create an AutoExec macro with two lines: Msgbox "Yo! You can't be here. Run the FE instead!" DoCmd Quit -Tom. Show quote >"Omar" <O***@discussions.microsoft.com> wrote in message >news:D93A457E-D570-436B-9B93-519C4E8118C2@microsoft.com... >> Hi, >> My application is split into FE, BE. The FE is saved as MDE and resides in >> the user's workstation while the BE is saved as MDB and resides in a >> Shared >> folder on the server mapped to a drive letter in all workstations. >> All the user have access to the Mapped Drive and the folder where the MDB >> resides. >> My question is, how can I prevent the users from opening the BE files on >> the server so as to keep the FE as the sole way to manipulate the data. >> Thanks > >You need to apply user-level security. Have a look at the example on my >website, there's a link to the MS FAQ there too. Also, search this forum >for Joan Wild's and Jeff Conrad's web sites. > >Keith. >www.keithwilby.com Wooowww...
Simple things can really be powerful things. I never thought about it... Thanks for the tip.. I will use that. Just curious, what is the rich-man version of it? I would apperciate any enlightement in this domain Regards Show quote "Tom van Stiphout" wrote: > On Thu, 1 Nov 2007 13:34:23 -0000, "Keith Wilby" <h***@there.com> > wrote: > > Depends on how secure you want it to be. The poor-mans version is to > create an AutoExec macro with two lines: > Msgbox "Yo! You can't be here. Run the FE instead!" > DoCmd Quit > > -Tom. > > > > >"Omar" <O***@discussions.microsoft.com> wrote in message > >news:D93A457E-D570-436B-9B93-519C4E8118C2@microsoft.com... > >> Hi, > >> My application is split into FE, BE. The FE is saved as MDE and resides in > >> the user's workstation while the BE is saved as MDB and resides in a > >> Shared > >> folder on the server mapped to a drive letter in all workstations. > >> All the user have access to the Mapped Drive and the folder where the MDB > >> resides. > >> My question is, how can I prevent the users from opening the BE files on > >> the server so as to keep the FE as the sole way to manipulate the data. > >> Thanks > > > >You need to apply user-level security. Have a look at the example on my > >website, there's a link to the MS FAQ there too. Also, search this forum > >for Joan Wild's and Jeff Conrad's web sites. > > > >Keith. > >www.keithwilby.com > On Thu, 1 Nov 2007 08:14:00 -0700, Omar
<O***@discussions.microsoft.com> wrote: Workgroup security, combined with RWOP queries in your front-end. Not for the faint of heart. Download, study, and fully understand the Access Security FAQ from microsoft.com if you want to explore this further. Upsizing to SQL Server also can give you much increased levels of security. -Tom. Show quote >Wooowww... > >Simple things can really be powerful things. I never thought about it... >Thanks for the tip.. I will use that. > >Just curious, what is the rich-man version of it? I would apperciate any >enlightement in this domain > >Regards > >"Tom van Stiphout" wrote: > >> On Thu, 1 Nov 2007 13:34:23 -0000, "Keith Wilby" <h***@there.com> >> wrote: >> >> Depends on how secure you want it to be. The poor-mans version is to >> create an AutoExec macro with two lines: >> Msgbox "Yo! You can't be here. Run the FE instead!" >> DoCmd Quit >> >> -Tom. >> >> >> >> >"Omar" <O***@discussions.microsoft.com> wrote in message >> >news:D93A457E-D570-436B-9B93-519C4E8118C2@microsoft.com... >> >> Hi, >> >> My application is split into FE, BE. The FE is saved as MDE and resides in >> >> the user's workstation while the BE is saved as MDB and resides in a >> >> Shared >> >> folder on the server mapped to a drive letter in all workstations. >> >> All the user have access to the Mapped Drive and the folder where the MDB >> >> resides. >> >> My question is, how can I prevent the users from opening the BE files on >> >> the server so as to keep the FE as the sole way to manipulate the data. >> >> Thanks >> > >> >You need to apply user-level security. Have a look at the example on my >> >website, there's a link to the MS FAQ there too. Also, search this forum >> >for Joan Wild's and Jeff Conrad's web sites. >> > >> >Keith. >> >www.keithwilby.com >> Thank you very much for your advice.
I studied the FAQ thoroughly and I figured out a wonderful solution (so far) to secure my BE ( I am using Access 2003). I am not an expert in Dbase programming, so I would like very much to get your opinion about what i did. 1-I logged on with my secured FE as one of the admins 2-I closed the database but not MS Access 3-I created a blank database and imported all the BE tables 4-before closing the newly created DB I took ownership of it 5-I ran the ULS wizard one more time, and chose "modify", and I just clicked on next in every screen (didn't want to do any thing actually via wizard except encoding the DB) 6- I quit the DB and MS Access. 7-I created a shortcut that points to the mdw file (now used for both FE and BE) 8-I reopened the new BE using the shortcut and created the form telling the user to get lost and added a command that can be visible or hidden based on the CurrentUser group using the IsUserInGroup function 9-this new button changes the value of the DisableShiftKeyByPass value each time it is clicked... et Voila... I have it secured. (so far) is there something i am missing? I appreciate any advice thanks Omar Show quote "Tom van Stiphout" wrote: > On Thu, 1 Nov 2007 08:14:00 -0700, Omar > <O***@discussions.microsoft.com> wrote: > > Workgroup security, combined with RWOP queries in your front-end. Not > for the faint of heart. Download, study, and fully understand the > Access Security FAQ from microsoft.com if you want to explore this > further. > Upsizing to SQL Server also can give you much increased levels of > security. > > -Tom. Show quote
"Omar" <O***@discussions.microsoft.com> wrote in message I think you have it covered there but I don't know why you bothered with the news:1776987C-377E-4254-A8FE-1BD9577F3726@microsoft.com... > Thank you very much for your advice. > I studied the FAQ thoroughly and I figured out a wonderful solution (so > far) > to secure my BE ( I am using Access 2003). > > I am not an expert in Dbase programming, so I would like very much to get > your opinion about what i did. > > 1-I logged on with my secured FE as one of the admins > 2-I closed the database but not MS Access > 3-I created a blank database and imported all the BE tables > 4-before closing the newly created DB I took ownership of it > 5-I ran the ULS wizard one more time, and chose "modify", and I just > clicked > on next in every screen (didn't want to do any thing actually via wizard > except encoding the DB) > 6- I quit the DB and MS Access. > 7-I created a shortcut that points to the mdw file (now used for both FE > and > BE) > 8-I reopened the new BE using the shortcut and created the form telling > the > user to get lost and added a command that can be visible or hidden based > on > the CurrentUser group using the IsUserInGroup function > 9-this new button changes the value of the DisableShiftKeyByPass value > each > time it is clicked... et Voila... I have it secured. (so far) > > is there something i am missing? I appreciate any advice > wizard. Have your users test it and try to break into it yourself. There's no substitute for testing! Keith. www.keithwilby.com Omar <O***@discussions.microsoft.com> wrote:
>Simple things can really be powerful things. I never thought about it... The upper lower class version is to use the startup options to hide>Thanks for the tip.. I will use that. > >Just curious, what is the rich-man version of it? I would apperciate any >enlightement in this domain the database window and display a form which basically states "B*gger off" and a close button which closes the database. Note though that Tom and my solution can be bypassed by using the shift key when starting up the database. Tony -- Tony Toews, Microsoft Access MVP Please respond only in the newsgroups so that others can read the entire thread of messages. Microsoft Access Links, Hints, Tips & Accounting Systems at http://www.granite.ab.ca/accsmstr.htm Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/ Show quote
"Tony Toews [MVP]" <tto***@telusplanet.net> wrote in message My favourite solution is to create a simple database launcher application in news:p92ni3d5jchkihau8pqn9lffckd3a6v6bd@4ax.com... > > The upper lower class version is to use the startup options to hide > the database window and display a form which basically states "B*gger > off" and a close button which closes the database. > > Note though that Tom and my solution can be bypassed by using the > shift key when starting up the database. > > Tony > -- > Tony Toews, Microsoft Access MVP > Please respond only in the newsgroups so that others can > read the entire thread of messages. > Microsoft Access Links, Hints, Tips & Accounting Systems at > http://www.granite.ab.ca/accsmstr.htm > Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/ VB6 which passes the user name and password credentials to MS Access in the command line. That way the user's don't need to know their user-level security details. Ed Metcalfe. Along with some of the other suggestions, one of the simplest ways to prevent
folks from opening the Back End is to put a database password on it. You will have to re-link your tables in order to prevent inaccessibility. The pwd coupled with the AutoExec macro, works very well for me. Also, with the "yo- you shouldn't be here" message. I create a form that looks like the same box that pops up for critical runtime errors, and display that with a message like "A critical error has occurred. Please contact the administrator!", then in the OnClose event of the form, Access Quits. -- Regards, Brent Spaulding | datAdrenaline | Access MVP Show quote "Omar" wrote: > Hi, > My application is split into FE, BE. The FE is saved as MDE and resides in > the user's workstation while the BE is saved as MDB and resides in a Shared > folder on the server mapped to a drive letter in all workstations. > All the user have access to the Mapped Drive and the folder where the MDB > resides. > My question is, how can I prevent the users from opening the BE files on > the server so as to keep the FE as the sole way to manipulate the data. > Thanks  |
|||||||||||||||||||||||
Other interesting topics