• Implementing levels of security (XP)

    Home » Forums » AskWoody support » Productivity software by function » MS Access and database help » Implementing levels of security (XP)

    Author
    Topic
    WSkwvh
    AskWoody Lounger
    February 13, 2004 at 10:51 pm #400781

    I don’t mean to be dense but I read Wendell’s great summary of securing an Access database as well as the links from his site:
    207793 – Security FAQ Available in Download Center
    235961 – Security Manager Add-In Available in Download Center
    254372

    Reply | Quote
    Viewing 1 reply thread
    Author
    Replies
    • WBell
      AskWoody_MVP
      February 14, 2004 at 1:54 am #784287

      I believe the answer is that a user who belongs to the Admin account can modify security settings, including resetting a user password, but I can’t find that written down in the material I have at hand. In Access 2002, as long as the user is pointed at the .MDW file, you can edit security settings without having a database open, so you could give a clerical type the task of managing users, including adding new users. It is generally recommended that you remove all priviledges from both the Admin account and the Admins group if you really want to secure a database anyhow, so there wouldn’t be any harm in putting the users in the Admins group, though I believe they could also change other people’s group membership, which would create a potential risk. You would probably be better off to write some code to give a specific user the ability to reset the password, and not give them any other capabilities.

      Reply | Quote
      • WSkwvh
        AskWoody Lounger
        February 14, 2004 at 10:13 am #784347

        Wendell,

        Thanks for the followup.
        You wrote:
        “It is generally recommended that you remove all priviledges from both the Admin account and the Admins group if you really want to secure a database anyhow, so there wouldn’t be any harm in putting the users in the Admins group,”

        If I remove all priviledges from Admin account, would I then create another account with Admin priviledges that “CAN” modify objects?
        You would probably be better off to write some code to give a specific user the ability to reset the password, and not give them any other capabilities.

        When you say “You would probably be better off to write some code “, would that include creating some table to store users and passwords, or would I still be using Access’ security?

        Thanks again.

        Reply | Quote
        • WBell
          AskWoody_MVP
          February 14, 2004 at 9:10 pm #784528

          When securing a database, you create a MyAdmin of some sort, and then create the secure database with them as the owner. You then create a MyAdmins group and give that group all of the usual admins permissions. (The names are just example names.) Thus MyAdmin can make design changes, do deletes of objects and so on, but someone who is using the default Admin account cannot get into the database or make changes of any kind, depending on how restrictive you make that user’s permissions. But you need to remove permissions from the Admins group as well, since Admin belongs to that group.

          As to using code, you would still be using the User Security feature – just working with it in code. It’s a rather complex subject, so let me refer you to the Access Developer’s Handbook – I believe it is covered in the second volume for Access 2002, but you may want to check if you have to buy it. It should be a part of your reference library anyhow if you wish to do serious Access development. Finally, putting passwords in an Access table is not secure, and is easily defeated, so not a good idea.

          Reply | Quote
        • WBell
          AskWoody_MVP
          February 14, 2004 at 9:10 pm #784529

          When securing a database, you create a MyAdmin of some sort, and then create the secure database with them as the owner. You then create a MyAdmins group and give that group all of the usual admins permissions. (The names are just example names.) Thus MyAdmin can make design changes, do deletes of objects and so on, but someone who is using the default Admin account cannot get into the database or make changes of any kind, depending on how restrictive you make that user’s permissions. But you need to remove permissions from the Admins group as well, since Admin belongs to that group.

          As to using code, you would still be using the User Security feature – just working with it in code. It’s a rather complex subject, so let me refer you to the Access Developer’s Handbook – I believe it is covered in the second volume for Access 2002, but you may want to check if you have to buy it. It should be a part of your reference library anyhow if you wish to do serious Access development. Finally, putting passwords in an Access table is not secure, and is easily defeated, so not a good idea.

          Reply | Quote
      • WSkwvh
        AskWoody Lounger
        February 14, 2004 at 10:13 am #784348

        Wendell,

        Thanks for the followup.
        You wrote:
        “It is generally recommended that you remove all priviledges from both the Admin account and the Admins group if you really want to secure a database anyhow, so there wouldn’t be any harm in putting the users in the Admins group,”

        If I remove all priviledges from Admin account, would I then create another account with Admin priviledges that “CAN” modify objects?
        You would probably be better off to write some code to give a specific user the ability to reset the password, and not give them any other capabilities.

        When you say “You would probably be better off to write some code “, would that include creating some table to store users and passwords, or would I still be using Access’ security?

        Thanks again.

        Reply | Quote
    • WBell
      AskWoody_MVP
      February 14, 2004 at 1:54 am #784288

      I believe the answer is that a user who belongs to the Admin account can modify security settings, including resetting a user password, but I can’t find that written down in the material I have at hand. In Access 2002, as long as the user is pointed at the .MDW file, you can edit security settings without having a database open, so you could give a clerical type the task of managing users, including adding new users. It is generally recommended that you remove all priviledges from both the Admin account and the Admins group if you really want to secure a database anyhow, so there wouldn’t be any harm in putting the users in the Admins group, though I believe they could also change other people’s group membership, which would create a potential risk. You would probably be better off to write some code to give a specific user the ability to reset the password, and not give them any other capabilities.

      Reply | Quote
    Viewing 1 reply thread
    Reply To: Implementing levels of security (XP)

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    June 2025
    S M T W T F S
    1234567
    891011121314
    15161718192021
    22232425262728
    2930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.