[AccessD] A97 User Security

Nicholson, Karen cyx5 at cdc.gov
Thu Dec 23 10:40:25 CST 2004


Well I am willing to bet the nimrods that created the databases here did
not secure them properly and I can blow off their blasted .mdw files
that were created for the sole purpose of job security.  Men do the
darndest things.  Think you feed them too much and make them fat, think
you should not starch their underwear.  Think if they lock you out you
can't get back in.  Hehehehe.

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Charlotte
Foust
Sent: Thursday, December 23, 2004 11:29 AM
To: Access Developers discussion and problem solving
Subject: RE: [AccessD] A97 User Security


If you create the shortcut properly, the database will use the specified
mdw.  We do this all the time, since we distribute commercial
applications with user security applied.  However, if the database was
actually secured properly, only an mdw that matches the permissions in
the database will allow you to open it.  All Access databases use an
mdw, since security is part of all of them, even if you never invoke it.
The default System.mdw is totally unsecured and everyone logs in as the
Admin user.  If a database is secured correctly, the Admin user has no
permissions and is no longer part of the Admins GROUP, so using an
unsecured mdw won't get you into the database.

Charlotte Foust


-----Original Message-----
From: Nicholson, Karen [mailto:cyx5 at cdc.gov] 
Sent: Thursday, December 23, 2004 5:56 AM
To: Access Developers discussion and problem solving
Subject: RE: [AccessD] A97 User Security


Maybe a stoopid question, but I do not like .mdw's - they drive me
crazy.  If one creates a shortcut to open the database with a reference
to a normal old .mdw file, will the database open with the specified
.mdw or will it still look for the nasty one created with the original
database?  I would like to take all .mdw's and blow them up.

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Mark A Matte
Sent: Thursday, December 23, 2004 8:39 AM
To: accessd at databaseadvisors.com
Subject: RE: [AccessD] A97 User Security


Thanks Jim.

Do you know if the www.lostpassword.com utility will work if I don't
have 
the original MDW?

Thanks,

Mark

>From: "Jim Dettman" <jimdettman at earthlink.net>
>Reply-To: Access Developers discussion and problem
>solving<accessd at databaseadvisors.com>
>To: "Access Developers discussion and problem 
>solving"<accessd at databaseadvisors.com>
>Subject: RE: [AccessD] A97 User Security
>Date: Wed, 22 Dec 2004 17:31:12 -0500
>
>Mark,
>
><<Thanks for the feedback...but there are no passwords on this db...>>
>
>  Understood.  There are various utilities out there, some work on the 
>database password while others work on the workgroup file.  You need
the
>later.
>
><<There are only 2 workgroups...Admins and Users...I belong to
both...but
>don't have permission to change anything.  I can't even view the
permission
>settings of the groups.  I'm guessing there was another workgroup...>>
>
>   Yes.
>
><<that has been removed?>>
>
><<Is this possible?>>
>
><<I've always used my own security...and
>never the built in...I'm not sure how they created it with no one
having 
>the
>authority to change anything?>>
>
>   You would if you had the workgroup file that had the correct SIDs.
In 
>in
>the past, I've setup some DB's with exactly this setup.  For
development, I
>have one MDW.  For the clients, they just use the standard MDW file.
>
>   This is possible because the user 'Admin' and the group 'users' have
the
>same SID (Security ID) no matter what MDW file you use.  The group
'admins'
>however, is different for each one.
>
>   So in your case, ownership of the objects belongs to someone that
was in 
>a
>different admins group, but the ability to run, view, etc was assigned
to
>the users group (which is the same no matter which MDW you use).
>
>   You need to break user level security and www.lostpassword.com does
have 
>a
>utility for that.
>
>Jim Dettman
>
>
>-----Original Message-----
>From: accessd-bounces at databaseadvisors.com
>[mailto:accessd-bounces at databaseadvisors.com]On Behalf Of Mark A Matte
>Sent: Wednesday, December 22, 2004 11:49 AM
>To: accessd at databaseadvisors.com
>Subject: RE: [AccessD] A97 User Security
>
>
>Thanks for the feedback...but there are no passwords on this db...I
have my
>own app that returns the database password...which the one mentioned
below
>does...in addition to the user level stuff.  The problem is there are
no
>passwords(database or user level) in this db...and thats what this tool

>said
>also.  But I still can't figure out how to modify permissions.
>
>Any ideas?
>
>Thanks,
>
>Mark
>
>
>
> >From: "Jim Dettman" <jimdettman at earthlink.net>
> >Reply-To: Access Developers discussion and problem 
> >solving<accessd at databaseadvisors.com>
> >To: "Access Developers discussion and problem 
> >solving"<accessd at databaseadvisors.com>
> >Subject: RE: [AccessD] A97 User Security
> >Date: Wed, 22 Dec 2004 07:19:12 -0500
> >
> >Mark,
> >
> >   Since it's user level security that's at play here, you'll need a 
> >utility. www.lostpassword.com  is one site that offers such a 
> >utility.  Do a
>Google
> >search on "access" "password" and you'll turn up a bunch.  There are
a 
>few
> >Russian sites that have them for free.
> >
> >Jim Dettman
> >
> >
> >-----Original Message-----
> >From: accessd-bounces at databaseadvisors.com
> >[mailto:accessd-bounces at databaseadvisors.com]On Behalf Of Mark A
Matte
> >Sent: Tuesday, December 21, 2004 3:16 PM
> >To: accessd at databaseadvisors.com
> >Subject: [AccessD] A97 User Security
> >
> >
> >Hello All,
> >
> >I'm pretty sure this is a lost cause...but I just received an A97 
> >db...there is no password...but I don't have permission to make any
> >changes(tables,queries...or even view the macros).  My guess is I
need to
> >know the UserGroup and PID that was used to change/create the
>permissions.
> >Is this correct...and are there any workarounds?
> >
> >Thanks,
> >
> >Mark
> >
> >
> >--
> >AccessD mailing list
> >AccessD at databaseadvisors.com 
> >http://databaseadvisors.com/mailman/listinfo/accessd
> >Website: http://www.databaseadvisors.com
> >
> >
> >--
> >AccessD mailing list
> >AccessD at databaseadvisors.com 
> >http://databaseadvisors.com/mailman/listinfo/accessd
> >Website: http://www.databaseadvisors.com
>
>
>--
>AccessD mailing list
>AccessD at databaseadvisors.com 
>http://databaseadvisors.com/mailman/listinfo/accessd
>Website: http://www.databaseadvisors.com
>
>
>--
>AccessD mailing list
>AccessD at databaseadvisors.com 
>http://databaseadvisors.com/mailman/listinfo/accessd
>Website: http://www.databaseadvisors.com


-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com
-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com
-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com



More information about the AccessD mailing list