[AccessD] Access security question

Jim Dettman jimdettman at earthlink.net
Mon Jun 6 16:50:52 CDT 2005 

Steve,

<<Or is it even possible for the application to handle Access security
like this. That is, can Access security work without a user explicitly
typing in a password?>>

  Yes it can.  Access security is always "on", it's just that you don't get
a password prompt if the admin user has a blank password (JET always
attempts a logon with username admin and a blank password when it first
tries to open a database).

<<Lets
say that the tables in the BE have Access security invoked. If the
FE/BE is distributed in MDE format with Access Runtime, can a user
with a full-bore package of Access start the application, break out of
it, and wind up with all the tables available to him for editing, etc?
This is provided that the security is administered by the software so
that the actual security password is not known by the user. Only user
names and application passwords would be known.>>

  Without Access user level security in place on the BE tables, yes.  To
prevent that, they need to be properly secured with user level security and
all the queries will need RWO (Run with owner permissions) set or you need
to open a workspace object with the correct username/password in code.

Jim.


-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com]On Behalf Of Steve Erbach
Sent: Monday, June 06, 2005 5:22 PM
To: Access Developers discussion and problem solving
Subject: [AccessD] Access security question


Dear Group,

I've converted an application to Access 2000 for a client. This
application is running on single user workstations at about a half
dozen places around the U.S. The question my client has is this:  Lets
say that the tables in the BE have Access security invoked. If the
FE/BE is distributed in MDE format with Access Runtime, can a user
with a full-bore package of Access start the application, break out of
it, and wind up with all the tables available to him for editing, etc?
This is provided that the security is administered by the software so
that the actual security password is not known by the user. Only user
names and application passwords would be known.

Or is it even possible for the application to handle Access security
like this. That is, can Access security work without a user explicitly
typing in a password?

Thank you.

Regards,

Steve Erbach
Scientific Marketing
Neenah, WI
www.swerbach.com
Security Page: www.swerbach.com/security
--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list