[AccessD] Database Needs Password Protection

Heenan, Lambert Lambert.Heenan at chartisinsurance.com
Mon Apr 26 08:17:55 CDT 2010


Rocky,

What kind of restrictions do they want? If they simply want to prevent users from getting into the folder that holds the backend files then you can do all of that with Windows security (NT/2K/XP/Vista/7)and not a line of code needed.

You'll need cooperation from the client's network people but...

First thing you want is a windows user group into which all the users are added. This makes it much simpler when applying permissions to folders.

So. First make a folder on the server say 'Databases'

Next create a subfolder called 'Backends'.
Third create a subfolder in Backends which you can call 'Data'.

Now modify the permissions on 'Databases' granting the user group modify permissions and apply the permissions to the folder and all sub-folders. Also make sure that an administrator's ID and or the Database administrator's ID is granted full control of the folder tree.

Now you need to modify the permissions on the 'Backends' folder.  Open the properties sheet for the folder and select the 'Security' tab. Click the 'Advanced' button. Select the user group in the permissions listing, and click 'Edit'. In the resulting dialog box clear the check boxes for 'Traverse Folder / Execute File', 'List Folder /Read Data' and (most importantly) 'Delete Subfolders and Files'.

Click OK and OK.

The end result is that the user in the user group have modify permissions to the 'Data' folder , and that is where all the backends would reside, in their own sub-folders if desired. However, the users will only be able to look inside the folder 'Databases' where they will see that there is a folder called 'Data' inside it, but they will not be able to browse into 'Data' nor delete it. Is that sufficiently restricted access?

HTH

Lambert

-----Original Message-----
From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Rocky Smolin
Sent: Sunday, April 25, 2010 3:28 PM
To: 'Access Developers discussion and problem solving'
Subject: [AccessD] Database Needs Password Protection

Dear List:

In my manufacturing software users log in with a password that gives them 1) read only, 2) read write, 3) administrator access.  But the back end is wide open. So far this has not been a problem.  Everywhere the system is installed people 'play by the rules'.  

Now comes a client who wants access to the back end restricted.  So I'm trying to think of way to do that with the least disruption to the system which BTW supports multiple back ends - the user can open a different back end through an 'Open a Database' utility.

In the code, of course, I'd have to change all occurrence of 

set db = CurrentDb to 

Set db = DBEngine.OpenDatabase(gstrDB, False, False, ";pwd=" & gstrPWD)


where the password would be in gstrPWD.

Then I would have to add a utility accessible only by someone with admin rights, to 1) set, 2) remove, and 3) change the password on the currently linked back end.  Don't know what that code looks like but I suppose I can figure it out.

Question is - is this the shortest distance between the two points?  Or is there another approach which would be faster/better/easier?

 

MTIA

Rocky Smolin

Beach Access Software

858-259-4334

www.e-z-mrp.com <http://www.e-z-mrp.com/> 

www.bchacc.com <http://www.bchacc.com/> 

 

 

 





More information about the AccessD mailing list