MS Access Multiuser - Back-end security without Workgroup

Author

Back-end security without Workgroup - is this possible?

Michael

2005-12-28, 3:24 am

Hi there,
I develop multi user applications with front-end/back-end deployment.
Although the front-end is compiled and the back-end in a hidden folder on the
server I am concerned that a user might open it and change data (on purpose
or an accident).

I don't use the access workgroup/user security feature since I use a custom
user entry verification incl access rights feature.

The question is how can I secure the back-end database so that people -
aprat from sys admin - cannot open it?

Any thoughts are very appreciated...

Thanks in advance...

Cheers
Michael

Rick Brandt

2005-12-28, 9:24 am

"Michael" <Michael@discussions.microsoft.com> wrote in message
news:C81E4364-CCE7-4C11-AA27- 2F4623C02C0B@microso
ft.com...
> Hi there,
> I develop multi user applications with front-end/back-end deployment.
> Although the front-end is compiled and the back-end in a hidden folder on the
> server I am concerned that a user might open it and change data (on purpose
> or an accident).
>
> I don't use the access workgroup/user security feature since I use a custom
> user entry verification incl access rights feature.
>
> The question is how can I secure the back-end database so that people -
> aprat from sys admin - cannot open it?
>
> Any thoughts are very appreciated...

You can't. User Level Security is the only way to lock down a table from a user
and even that can be hacked.

If it is critical to protect data from *users* then the data should not be in an
MDB file.

--
I don't check the Email account attached
to this message. Send instead to...
RBrandt at Hunter dot com

learningMikey

2005-12-28, 8:26 pm

The other way to protect the data is to have the backend databased password
protected. Then open the front-end database, relink the table and this time
the front end database will ask for the password, provide the password which
will be embedded itself in the relinking process so end users don't have
reenter them. This way you can protect your back end data. I have used
similar approach and it work perfectly fine.

Mike

"Rick Brandt" wrote:

>
> "Michael" <Michael@discussions.microsoft.com> wrote in message
> news:C81E4364-CCE7-4C11-AA27- 2F4623C02C0B@microso
ft.com...
>
> You can't. User Level Security is the only way to lock down a table from a user
> and even that can be hacked.
>
> If it is critical to protect data from *users* then the data should not be in an
> MDB file.
>
> --
> I don't check the Email account attached
> to this message. Send instead to...
> RBrandt at Hunter dot com
>
>
>

Albert D.Kallal

2005-12-28, 8:26 pm

Actaully, I just put in a autoexec macro in the back end.

So, I make a macro called AutoExec. In the macro, I put the following code:

Action Parms
Msgbox message:You do not have permissions to run this file
Beep: Yes
Type: Critical
Title: Can not run

Quit: Options:Exit

As an alterative, you an make a nice little form in the back end, and set
the startup options to run that form that displays a message, and then when
they click ok...you do a application.quit.

And, to disable the "shift key", simply grab my shift key utility here to
turn off the shift key by-pass

http://www.members.shaw.ca/AlbertKa...s/msaccess.html

Users try and open the back end all the time..but get a nasty message...and
then move one....

Lame...but works quite well....

--
Albert D. Kallal (Access MVP)
Edmonton, Alberta Canada
pleaseNOOSpamKallal@
msn.com
http://www.members.shaw.ca/AlbertKallal

Larry Linson

2005-12-29, 3:24 am

"learningMikey" < learningMikey@discus
sions.microsoft.com> wrote in message
news:FEC18821-F77F-4443-9C87- 82FC52FC2980@microso
ft.com...
> The other way to protect the data is to have the backend databased
> password
> protected. Then open the front-end database, relink the table and this
> time
> the front end database will ask for the password, provide the password
> which
> will be embedded itself in the relinking process so end users don't have
> reenter them. This way you can protect your back end data. I have used
> similar approach and it work perfectly fine.

Then, I would assume that you have never had anyone seriously try to break
your "overall database password" security -- there are "password recovery"
packages available, ranging in price from free to about US$40 that will
retrieve the password. That is just about as close to useless as it can be
for protecting data.

As Rick has already pointed out, even the more stringent user/group level
security can be compromised.

Larry Linson
Microsoft Access MVP

2006-01-01, 7:23 am

You can remove open permission from the database: they
don't need open permission to use linked tables.

And they don't 'need a workgroup' if you remove open
permission. You might need a workgroup, if you ever
want to open the database again, but the whole point
is you need a workgroup to /have/ permission - you
never need a workgroup to /not/ have permission.

The next step is to also remove read permission's, and
user Read With Owner Permission queries. Again, users
don't 'need a workgroup' to not be able to read tables.

And RWOP queries don't 'need a workgroup' either.
The owner ID is stored with the RWOP query, so
Access doesn't need to look it up.

(david)

"Michael" <Michael@discussions.microsoft.com> wrote in message
news:C81E4364-CCE7-4C11-AA27- 2F4623C02C0B@microso
ft.com...
> Hi there,
> I develop multi user applications with front-end/back-end deployment.
> Although the front-end is compiled and the back-end in a hidden folder on
the
> server I am concerned that a user might open it and change data (on
purpose
> or an accident).
>
> I don't use the access workgroup/user security feature since I use a
custom
> user entry verification incl access rights feature.
>
> The question is how can I secure the back-end database so that people -
> aprat from sys admin - cannot open it?
>
> Any thoughts are very appreciated...
>
> Thanks in advance...
>
> Cheers
> Michael
>

Sponsored Links