Drew Wutka
DWUTKA at marlow.com
Thu Nov 13 14:43:26 CST 2003
I didn't say I touched the system.mdw. I just said I used it. The permissions for each object in the database is stored in the .mdb. Therefore, I strip the Admin account of all permissions except those that a normal user would have. I then have An Admin account (and usually an Admin Group) of my own making, that have all permissions setup. That way, when a user opens the .mdb, they are automatically logged in as Admin, with a blank password, against whatever is setup as their current .mdw. (which in most cases is System.mdw). They get no login, they require no special setup, and they only have generic user permissions. This works quite well in tandem with NT security, because NT security can then be used to only allow specific NT users to access an .mdb at all, so anyone with NT access automatically has generic user capabilities. To have more capabilities, then another .mdw is required. I also use the exact same User Account for my personal account, so it doesn't matter what .mdb I am working on, I can actually use any of the .mdw's out there, to get admin access. Drew -----Original Message----- From: Francisco H Tapia [mailto:my.lists at verizon.net] Sent: Thursday, November 13, 2003 1:14 PM To: Access Developers discussion and problem solving Subject: Re: [AccessD] workgroup file (Sec Poll spin-off) <shaking head in disbelief> No no no no no.... the system.mdw SHOULD NEVER BE TOUCHED. This is just bad practice... while it makes it incredibly convenient for a one database solution, when you begin adding new databases they automatically go and seek the permissions from the system.mdw, therefore all settings in that db are inherently applied to the new databases. Again this is all fine if you're doing this to one database for one organization and even while you're the current developer. But what happens when a new guy takes over or if you are given an mdb for another database. You'll see weird errors that you wouldn't should you not have messed w/ the original System.mdw. Additionally other developers following the Security FAQ will develop against their copy of the mdw. Of course I know you're the main / only? developer for access apps w/ your organization. But things can not always be so smooth. -- -Francisco Drew Wutka wrote: >Personally, my favorite setup is to use the system.mdw for users, and an >'admin' .mdw for development/maintenance. That way, the only 'special' >shortcuts I need is for administrators of the database. Of course that >method only works if you can clump all of the 'users' in one pile. If the >users need to be split up by their capabilities, you can't use that method. > >Drew > >-----Original Message----- >From: Erwin Craps [mailto:Erwin.Craps at ithelps.be] >Sent: Thursday, November 13, 2003 8:40 AM >To: Access Developers discussion and problem solving >Subject: RE: [AccessD] workgroup file (Sec Poll spin-off) > > >I believe I'm not with with you.... > >First, to set thing strait. It's only in our office for develepmont I'm >speaking. > >Second. >You mean you have a shorcut that starts msaccess.exe with /workgroup >xxx? >Problem with that is that you need a hard path to msaccess.exe and hard >paths is something I try to avoid. >I always use roaming profiles and hard paths can problematic. >I supose solutions are out there, but I already played alot with them >and they are often OS dependent. > >You know, Gustav, It's not that a big deal... >It's rarely I do a repair... > >And I don't use workgroups anymore at customer sites. >I use the network user name and match them with the users in the >database (user management based on tables/forms). >If a network user is unkown in the database it exits instantly (after a >msgbox). > > >Erwin > >-----Original Message----- >From: accessd-bounces at databaseadvisors.com >[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Gustav Brock >Sent: Thursday, November 13, 2003 3:21 PM >To: Access Developers discussion and problem solving >Subject: Re: [AccessD] POLL: Access Security > > >Hi Erwin > >In my opinion it is not a good idea to have a special mdw assigned as >the default. I have a shortcut for such an Access with the wkrgrp switch >opening a secured database. > >/gustav > > > > >>I know...I know... >>At least I supose you mean that you can give msaccess.exe an /wrkgrp >>command line option. Or use the /profile and a profile file. >> >> > > > >>I only use MDW for developing purposes indside the office and just >>want it always to be my company.mdw group... >> >> > > > >>Specifying company.mdw for default gets reset to system.mdw in the >>user profile folder.... Or is it in the program Files/common folder... >> >> > > > >>? >> >> > > > >>Don't bother, I just overcopy all system.mdw with company.mdw... >> >> > > > > >>Erwin >> >> > > > >>-----Original Message----- >>From: accessd-bounces at databaseadvisors.com >>[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Gustav >>Brock >>Sent: Thursday, November 13, 2003 1:56 PM >>To: Access Developers discussion and problem solving >>Subject: Re: [AccessD] POLL: Access Security >> >> > > > > >>Hi Erwin >> >> > > > >>You can supply your app with your own mdw, say erwin.mdw. Office won't >> >> > > > >>overwrite that. For that kind of apps we create shortcuts (menu >>entries) which makes it easy for the user to open the app with the >>needed command line. >> >> > > > >>/gustav >> >> > > > >>>.. I want to add that a office repair each time reset or overwrites >>>your MDW file). >>> >>> _______________________________________________ AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com