I have a database application that I need help securing. My question is that I will need to place the data on the server and the application on each machine. I need to secure the data the sits on the server. I just don't know how. I have already set a password but would like to do something else. Can someone help me please. I don't know what else to do. I don't know much about security.
View RepliesDear all,
people can easily bypass the startup 'security' by holding shift. In that way they can see and edit all the tables that are linked to the back-end. Same goes for mde files.
Is there an easy way to prevent users from being able to enter tables. Like a simple password protection without having to set up user accounts and user level security?
Kind regards,
Hans B.
I am in need of some assistance regarding SQL Server ODBC links and security. This is for a project at work...
1) I have an MDB that has linked tables through ODBC to a SQL Server 2000 database. This is how I chose to write this multi-user application (instead of the ADP method).
2) My IT department created a user ID that the application will use to connect to the database. They chose this method instead of having to create many user accounts with varying permissions. I have programmed permissions within the application.
3) After linking the tables through ODBC, it defaults to my Windows User ID for the connection. Because of this, I have used a connection string with the application's User ID/Password and perform a RefreshLink on all linked table definitions on startup to ensure valid connection.
This is successful, but my IT department is seeing that another user is attempting access to the SQL Server database--the username in the LDB/MDW file! This is what I don't understand. If I open the database without going through workgroup security, the word "Admin" is passed and the authentication fails. If my users would login through the MDW file, their user IDs would be passed and again, authentication will fail as they are not valid users (only the application ID would be valid).
What is really going on here? :confused: How can I prevent the "Microsoft Access User ID" from being passed through the ODBC link?
Here is a sample of the connection string I'm using:
Driver={SQL Server};Server=ServerName;PersistSecurityInfo=Yes; AnsiNPW=No;Database=DBName;Uid=Username;Pwd=Passwo rd;
I have to make it so user group cannot modify/update/delete data in tables, but con do the same in forms. Yet if I uncheck those in 'permissions' it's not possible to change anything forms either
For some reasons management doesn't want tables to be in diff database
I have inherited a 2003 db with unknown PIDs for the Group & User security.When trying to alter User details, I'm asked for a PID, so I'm trying to find the PID for the existing users.
I've gone to unhide the systems tables to get a dump of the data & hopefully find the PIDs but no luck so far.There is a Parent ID & if I run a query from the Users DB file, it appears as if it something like japanese writing ???
I've read and gone though quite a few of the scrips and examples for creating logins and security and i'm getting to the stage when i need to have good understanding of the different methods.
Some of the examples whilst create a user login do not really allow for security within the database whilst the build in security wizard would appear to offer that functionality.
I am thinking that I will use the Workgroup file and that method. My question is am i able to utilise the fact that if a person 'AdamA' logs onto the database which is built into the workgroup security file. am I then able to take 'AdamA' to populate a table which records actions by a user? (I can't seem to find any thread or book reference to doing this)
Is it possible to do this through vba. If security is setup for all the tables and a user goes in and creates a new table, can that table have security applied to it using code?
So maybe the creator of the table has read/write privileges but everyone else only has read only.
:confused: I can't access my database. I used many tools to scan my database password, and I had many results but I can't used any one.
This's my database. Can you help me?
Hi
I am experimenting in creating security of a database, and elements within.
I started by creating a user account with a password. I then made a few mistakes, so wanted to delete the mdb, and start again.
However, when I now try to create a new database, or even open a pre existing database, I am asked for the user and password created in the now-deleted mdb.
Apart from the fact that it shouldn't ask for the user name and pasword created in the first database, I am sure it doesn't accept the password I intered in creating the account.
The easy solution would be to delete the file where Access stores user accounts. Where is it, and is it protected, such that I can't delete it? And even if the user name and password still exists somewhere, it should only apply to the database in which it was created, shouldn't it?
Thanks
Robert
Hi all,
Just looking for a little advice on data protection. I have a split database which is accessed from the front end (forms only). All data is stored on the back end, which is hidden away from the user.
The database is password protected, and both sides use a login authentication to avoid unwanted access. However, the usernames and passwords are easily retrievable by opening the database a text document.
Any ideas on how to make this more secure?
Cheers
sys
I try to play Security.
After I created it, the shortcut is created on the screen.
Everytime needs to click the shortcut to login it.
But, when I go to database file, and then click it, it does not work, it will show the following message:
You do not have the necessary permissions to use the <name> object. Have your system administrator or the person who created this object establish the appropriate permissions for you. (Error 3033)
You do not have the necessary permissions for the specified object. To change your permission assignments, see your system administrator or the object's creator.
So, is it ony the shortcut to login it?
if delete the shortcut uncarefully, how to do it??
Thanks.
Hi,
Problem 1:
I setup a security, stored the security file and other files in the drive D:
it works.
after I move the files to the drive C:, then it doesn't work.
Why it doesn't work?
Problem 2:
After I created security, there are acc.mdb, acc.bak, and Secured files, right.
how can I add this link:
"C:Program FilesMicrosoft OfficeOffice10MSACCESS.EXE" "D:acc.mdb" /WRKGRP "D:Secured.mdw" in the target to the acc.mdb file.
Because when it doesn't work, and then I created a shortcut of the acc.mdb file, then add the above code. Then it works, it give out the prompt.
Does any method instead of this, better than this?
Please let me know, thanks.
Hi
When using security login, can we logout and then login to the database without shutting down the database and re-opening.
Such as using a button to logout and then another to login.
Dave
Can some one help me?
I am trying to set up a database in which the the table portion is password protected but the query section can be manipulated or updated as users see fit. Does anyone know how to do this?
Thanks, S
Hi,
I have now finished my system that will run on a windows network. I now need to get the security setup so different users can access different pages.
I have set a list of users and specified what forms/tables they can access. The problem is, how does access know who is accessing the pages? For example, i have set 2 users - Dave G & Dave S - I have given Dave G access to the admin forms as he is the admin and I have given Dave S access to the general data input forms.
How is this enforced? How does access know which person is opening the forms. Unless access asks the user to login using their user name set in access, I cannot see how it can manage what users can do what.
Thanks
I have locked down my welding data base and had some problems arise mabe someone eles has had this problem. All of the tables in other data base that are linked to the welding data base now will not allow me to utilize them I get the error message that I do not have rights too that information. Even though I have full access rights to the welding data base and can make changes at will.
Why can't I do any thing to the others? HELP!!!!!
First of all, i am pretty new to this....
We have a few access databases in a network. More and more people in our organization are using the databases so I am learning to create some user-level security.
We have access 2000.
Access links to a WIF to create user-level security.
But I think there is an easy way that anyone can get pass that.
Even if I have set all the groups and users privileges and restrictions, anyone can simply switch from one WIF to another WIF, then they would have changed all their privileges and restrictions.
Am I understanding this correctly?
If so, what can I do better secure the database.
Another question:
How can I prevent someone from simply copy/delete the access file from windows? I am afraid that someone, maybe a disgruntled employee or even myself making stupid mistakes, delete the whole access .mdb file, and I would loss everything.
I do backup the file, but even if I back it up every night, if something like this happens, i would have lost a whole day of work.
Your advice are highly appreciated.
Thank you all for your help.
Hi,
I followed the security wizard and everything worked fine. However, when I move the database to another computer or another folder, it prints this message:
'You don't have the necessary permission to use (path)...'
Is there anyway to avoid this please?
Thanks,
B
Access security is really very confusing, thought I had conquered it but I was wrong. I have been playing with a test DB. How on earth do you reset a password for a user? I just can't see where you go to assign a new password.
Managed to clear the password but then got stuck.
Cheers
RussG
Hi,
I have a question for user-level security and workgroup.
Suppose we setup user-level security and have a workgroup with storing all username, password, and groups,
if adminstrator want to change one user permission, let's say that change the user permission from update to read permission only, then the user should only have read permission, right. However, previously, the user copied the workgroup file himself before adminstrator change his permission, if he apply to his copied workgroup file, and log in the database, he can still have update permission.
So, how do I prevent the user using his copied workgroup file for the database?
How can I solve it?
Thanks.
Hi again
The security on my database so far is justthe standard everyone has a user name and a password, no one can alter the design of a form apart from me
I am just wondering if there is any way that I can prevent people viewing and altering tables, queries etc. It would be good if when the open the database the main form comes up so they can navigate from that and they are always taken back to this and they can never see the database window
Does this have anything to do with front end and back end databases?
Sorry its a bit vauge but hopefully you will know what I mean
thanks
I want to maintain my database work log i.e., who ever opens the database (not through application) and changing the table should be saved in work log. Any way to acheive this?
View 1 Replies View RelatedCan anyone help?
I want to secure a database with two types of access:
1. Those that can view all data and make changes
2. Those who can view selective data
I have tried the wizards, and find them difficult to follow.
Any ideas
Thanks
Steve
Can anyone help?
I want to secure a database with two types of access:
1. Those that can view all data and make changes
2. Those who can view selective data
I have tried the wizards, and find them difficult to follow.
Any ideas
Thanks
Steve
Since this message board doesn't have a security forum yet :) I will just post this here:
Does anyone know if there is a windows or system event I can check for to find out if something has been removed from a USB or parallel port? My program reads the code from the key at startup (there are USB and parallel versions of the key), and the program quits if the key is not found or the code is expired, but what if the user puts in the key, starts the program, and then removes the key? I thought of putting the keycode checking module on a timer that runs every minute or so, but that seems like a rather painful way of doing it. I thought maybe I could just run the code if a system change is detected . . . any ideas?
I am creating a database for use on a network. I have made a workgroup file for security purposes. I have made a shortcut that links to the workgroup file and database so it opens with the security passwords. However, if you open the shortcut properties, it shows where the database file itself is saved. A user could look at these properties, find out where the database is, go to that location, and open the database bypassing the security. How can I secure either the shortcut or database file itself so people cannot find out where the database is located and open without using the workgroup file security????
View 1 Replies View Related