f



Access Security without using the Security Wizard

Hi,

I have created an access db that I would like to secure.

The database will exist on a shared drive and be used at a number of
different locations hence the reason to secure the database.

The users of the database also use other databases therefore I want to
secure this database without using the wizard so it does not effect
their other databases.

So far I have created a "frmLogin" used for logging into the database
which gives the user access to two forms
"frmNewRecord" and "frmSearch"

>From the "frmSearch" the user can access "frmEditRecord".

What I would like to do now is:
1. Track when a user creates a new record. I have created text box
within the "frmNewRecord" named "Created_by" how can I have this
populated automatically by the user who created it?

2. I'd also like to track when a user edits an existing record within
"frmEditRecord". I have created a text box named "Last_Updated_by".
How can I have this text box automatically updated by the user who
last edited this record?

3. I would like to prevent the user's from accessing the design of the
forms, tables and queries.

Plus I'd like to restrict them accessing the tables & queries which
support these forms. Plus the sub forms within these forms.

I already have set the db up so when it opens the "frmLogin" opens up.
However if they hold the shift key down they can bypass straight to
tables etc behind.

What is the best way to do this?

Can I split the database?

Thank you very much in advance.

Jess

0
10/25/2007 5:05:12 AM
comp.databases.ms-access 42670 articles. 0 followers. Post Follow

9 Replies
449 Views

Similar Articles

[PageSpeed] 59

See help on the AllowBypassKey property.

To track who created a record when, and who updated it last and when, add 4 
fields to each table. Then assign the appropriate values to them in 
Form_BeforeUpdate in each form.

The code below illustrates how to do that, assuming fields named:
    EnteredOn     Date/Time
    EnteredBy     Text
    UpdatedOn    Date/Time
    UpdatedBy    Text
and optionally if you want to record who marked a record inactive an when:
    InactiveOn     Date/Time
    InactiveBy     Text

You call it in Form_BeforeUpdate with:
    Call SampRecord(Me)

It records the name the user signed into Windows with, calling this 
function:
    http://www.mvps.org/access/api/api0008.htm

Replace the error logger with your own, or use this one:
    http://allenbrowne.com/ser-23a.html

Create an MDE to prevent users creating/modifying forms/report/code.

You can still split the database.

Public Function StampRecord(frm As Form) As Boolean
On Error GoTo Err_StampRecord
    'Purpose:   Stamp the user and date/time into the record.
    'Return:    True if successful.
    'Argument:  frm         = the bound form to be stamped.
    'Assumes:   Fields named EnteredOn, EnteredBy, UpdatedOn, and UpdatedBy.
    '           If there is an Inactive field, assumes InactiveOn and 
InactiveBy.
    'Usage:     In Form_BeforeUpdate:
    '               Call StampRecord(Me, True)
    Dim strForm As String
    Dim strUser As String

    strForm = frm.Name      'For error handler.
    strUser = fOSUserName()

    If frm.NewRecord Then
        frm!EnteredOn = Now()
        frm!EnteredBy = strUser
    Else
        frm!UpdatedOn = Now()
        frm!UpdatedBy = strUser
    End If

    If HasInactive(frm) Then
        With frm!Inactive
            If .Value = .OldValue Then
                'do nothing
            Else
                If .Value Then
                    frm!InactiveOn = Now()
                    frm!InactiveBy = strUser
                Else
                    frm!InactiveOn = Null
                    frm!InactiveBy = Null
                End If
            End If
        End With
    End If

Exit_StampRecord:
    Exit Function

Err_StampRecord:
    Call LogError(Err.Number, Err.Description, conMod & "StampRecord()", 
"Form = " & strForm)
    Resume Exit_StampRecord
End Function
Private Function HasInactive(frm As Form) As Boolean
    'Purpose: Return True if the form's Record Source includes a yes/no 
field named Inactive.
    Dim iType As Integer
    On Error Resume Next
    iType = frm.Recordset!Inactive.Type
    If (iType = dbBoolean) Or (iType = dbInteger) Or (iType = dbLong) Then
        HasInactive = True
    End If
End Function

-- 
Allen Browne - Microsoft MVP.  Perth, Western Australia
Tips for Access users - http://allenbrowne.com/tips.html
Reply to group, rather than allenbrowne at mvps dot org.

"thebarefootnation" <thebarefootnation@googlemail.com> wrote in message 
news:1193288712.067842.271810@e9g2000prf.googlegroups.com...
> Hi,
>
> I have created an access db that I would like to secure.
>
> The database will exist on a shared drive and be used at a number of
> different locations hence the reason to secure the database.
>
> The users of the database also use other databases therefore I want to
> secure this database without using the wizard so it does not effect
> their other databases.
>
> So far I have created a "frmLogin" used for logging into the database
> which gives the user access to two forms
> "frmNewRecord" and "frmSearch"
>
>>From the "frmSearch" the user can access "frmEditRecord".
>
> What I would like to do now is:
> 1. Track when a user creates a new record. I have created text box
> within the "frmNewRecord" named "Created_by" how can I have this
> populated automatically by the user who created it?
>
> 2. I'd also like to track when a user edits an existing record within
> "frmEditRecord". I have created a text box named "Last_Updated_by".
> How can I have this text box automatically updated by the user who
> last edited this record?
>
> 3. I would like to prevent the user's from accessing the design of the
> forms, tables and queries.
>
> Plus I'd like to restrict them accessing the tables & queries which
> support these forms. Plus the sub forms within these forms.
>
> I already have set the db up so when it opens the "frmLogin" opens up.
> However if they hold the shift key down they can bypass straight to
> tables etc behind.
>
> What is the best way to do this?
>
> Can I split the database?
>
> Thank you very much in advance.
>
> Jess
> 

0
AllenBrowne (3681)
10/25/2007 5:30:28 AM
I don't need to track the recording of active or inactive.

I already have the extra columns in my tblMain where the data will be
stored. They are named:
CREATED_BY
CREATED_ON_DATE
LAST_UPDATED_BY
LAST_UPDATED_DATE

I don't fully understand this part of the
>     strForm = frm.Name      'For error handler.
>     strUser = fOSUserName()

Is the frm.Name = the name of the login form?

Is strUser = to the module code reference to above?

Thanks
Jess



On Oct 25, 3:30 pm, "Allen Browne" <AllenBro...@SeeSig.Invalid> wrote:
> See help on the AllowBypassKey property.
>
> To track who created a record when, and who updated it last and when, add 4
> fields to each table. Then assign the appropriate values to them in
> Form_BeforeUpdate in each form.
>
> The code below illustrates how to do that, assuming fields named:
>     EnteredOn     Date/Time
>     EnteredBy     Text
>     UpdatedOn    Date/Time
>     UpdatedBy    Text
> and optionally if you want to record who marked a record inactive an when:
>     InactiveOn     Date/Time
>     InactiveBy     Text
>
> You call it in Form_BeforeUpdate with:
>     Call SampRecord(Me)
>
> It records the name the user signed into Windows with, calling this
> function:
>    http://www.mvps.org/access/api/api0008.htm
>
> Replace the error logger with your own, or use this one:
>    http://allenbrowne.com/ser-23a.html
>
> Create an MDE to prevent users creating/modifying forms/report/code.
>
> You can still split the database.
>
> Public Function StampRecord(frm As Form) As Boolean
> On Error GoTo Err_StampRecord
>     'Purpose:   Stamp the user and date/time into the record.
>     'Return:    True if successful.
>     'Argument:  frm         = the bound form to be stamped.
>     'Assumes:   Fields named EnteredOn, EnteredBy, UpdatedOn, and UpdatedBy.
>     '           If there is an Inactive field, assumes InactiveOn and
> InactiveBy.
>     'Usage:     In Form_BeforeUpdate:
>     '               Call StampRecord(Me, True)
>     Dim strForm As String
>     Dim strUser As String
>
>     strForm = frm.Name      'For error handler.
>     strUser = fOSUserName()
>
>     If frm.NewRecord Then
>         frm!EnteredOn = Now()
>         frm!EnteredBy = strUser
>     Else
>         frm!UpdatedOn = Now()
>         frm!UpdatedBy = strUser
>     End If
>
>     If HasInactive(frm) Then
>         With frm!Inactive
>             If .Value = .OldValue Then
>                 'do nothing
>             Else
>                 If .Value Then
>                     frm!InactiveOn = Now()
>                     frm!InactiveBy = strUser
>                 Else
>                     frm!InactiveOn = Null
>                     frm!InactiveBy = Null
>                 End If
>             End If
>         End With
>     End If
>
> Exit_StampRecord:
>     Exit Function
>
> Err_StampRecord:
>     Call LogError(Err.Number, Err.Description, conMod & "StampRecord()",
> "Form = " & strForm)
>     Resume Exit_StampRecord
> End Function
> Private Function HasInactive(frm As Form) As Boolean
>     'Purpose: Return True if the form's Record Source includes a yes/no
> field named Inactive.
>     Dim iType As Integer
>     On Error Resume Next
>     iType = frm.Recordset!Inactive.Type
>     If (iType = dbBoolean) Or (iType = dbInteger) Or (iType = dbLong) Then
>         HasInactive = True
>     End If
> End Function
>
> --
> Allen Browne - Microsoft MVP.  Perth, Western Australia
> Tips for Access users -http://allenbrowne.com/tips.html
> Reply to group, rather than allenbrowne at mvps dot org.
>
> "thebarefootnation" <thebarefootnat...@googlemail.com> wrote in message
>
> news:1193288712.067842.271810@e9g2000prf.googlegroups.com...
>
>
>
> > Hi,
>
> > I have created an access db that I would like to secure.
>
> > The database will exist on a shared drive and be used at a number of
> > different locations hence the reason to secure the database.
>
> > The users of the database also use other databases therefore I want to
> > secure this database without using the wizard so it does not effect
> > their other databases.
>
> > So far I have created a "frmLogin" used for logging into the database
> > which gives the user access to two forms
> > "frmNewRecord" and "frmSearch"
>
> >>From the "frmSearch" the user can access "frmEditRecord".
>
> > What I would like to do now is:
> > 1. Track when a user creates a new record. I have created text box
> > within the "frmNewRecord" named "Created_by" how can I have this
> > populated automatically by the user who created it?
>
> > 2. I'd also like to track when a user edits an existing record within
> > "frmEditRecord". I have created a text box named "Last_Updated_by".
> > How can I have this text box automatically updated by the user who
> > last edited this record?
>
> > 3. I would like to prevent the user's from accessing the design of the
> > forms, tables and queries.
>
> > Plus I'd like to restrict them accessing the tables & queries which
> > support these forms. Plus the sub forms within these forms.
>
> > I already have set the db up so when it opens the "frmLogin" opens up.
> > However if they hold the shift key down they can bypass straight to
> > tables etc behind.
>
> > What is the best way to do this?
>
> > Can I split the database?
>
> > Thank you very much in advance.
>
> > Jess- Hide quoted text -
>
> - Show quoted text -


0
10/25/2007 6:24:52 AM
"thebarefootnation" wrote

  > I don't fully understand this part of the
  >>     strForm = frm.Name      'For error handler.
  >>     strUser = fOSUserName()
  >
  > Is the frm.Name = the name of the login form?

It would be the name of the form passed to the function as the argument 
"frm" in

    Public Function StampRecord(frm As Form) As Boolean

 > Is strUser = to the module code reference to above?

fOSUserName is the name of a function, not the name of a module.  Access 
functions return a value... that particular one returns the name of the 
Windows login of the current user, IIRC. Access sub procedures execute code 
and can pass data in their arguments but don't return a value just by 
specifying the name of the sub, as do functions.




0
bouncer (4168)
10/25/2007 7:01:33 PM
As I have created a login form to get into the database I'd prefer to
bring back the User Name from this form, not from the Windows login.

My login form is called "frmLogin" and the User reference text box is
"UserID".

Can anyone help me with the code to pull the UserID from "frmLogin"
into the textbox "CREATED_BY" in the form "frmNewRecord".

Thanks in advance




On Oct 26, 5:01 am, "Larry Linson" <boun...@localhost.not> wrote:
> "thebarefootnation" wrote
>
>   > I don't fully understand this part of the
>   >>     strForm = frm.Name      'For error handler.
>   >>     strUser = fOSUserName()
>   >
>   > Is the frm.Name = the name of the login form?
>
> It would be the name of the form passed to the function as the argument
> "frm" in
>
>     Public Function StampRecord(frm As Form) As Boolean
>
>  > Is strUser = to the module code reference to above?
>
> fOSUserName is the name of a function, not the name of a module.  Access
> functions return a value... that particular one returns the name of the
> Windows login of the current user, IIRC. Access sub procedures execute code
> and can pass data in their arguments but don't return a value just by
> specifying the name of the sub, as do functions.


0
10/25/2007 11:30:01 PM
thebarefootnation <thebarefootnation@googlemail.com> wrote in
news:1193355001.644803.226130@e9g2000prf.googlegroups.com: 

> As I have created a login form to get into the database I'd prefer to
> bring back the User Name from this form, not from the Windows login.
> 
> My login form is called "frmLogin" and the User reference text box is
> "UserID".
> 
> Can anyone help me with the code to pull the UserID from "frmLogin"
> into the textbox "CREATED_BY" in the form "frmNewRecord".
> 
> Thanks in advance

I'll tell you that if you'll tell me how to adjust the fuel injectors on my   
Toyota VTI engine. And, oh yeah, I'll need to know how to open the car hood 
too?
I asked my wimpy twin, Lyle, but he just said, "Since by asking the 
question you've established that you are not an accomplished automotive 
engineer, and since Toyota probably knows what it's doing, and since you 
paid quite a lot for this Toyota expertise, you should just use the car in 
the way Toyota intended."
So, I'm pretty well stuck.

kyle
0
kylefair (1)
10/26/2007 12:34:46 AM
"thebarefootnation" <thebarefootnation@googlemail.com> wrote

 > As I have created a login form to get into the database
 > I'd prefer to bring back the User Name from this form,
 > not from the Windows login.
 >
 > My login form is called "frmLogin" and the User
 > reference text box is "UserID".
 >
 > Can anyone help me with the code to pull the UserID from
 > "frmLogin" into the textbox "CREATED_BY" in the form
 > "frmNewRecord".

Heh, heh... That kyle... he's always giving his brother Lyle a hard time.

If you want some guidance on Roll-Your-Own (RYO) security, you first have to 
agree to read and understand the following:  (1) The Access Security Wizard 
is about as close to worthless as any feature of Access could be, because it 
often misleads people into thinking that their databases are secure. (2) 
Access own security, described in detail in the "Access Security FAQ" of 39 
pages that you can download from Microsoft is also fallible (but, if you 
carefully read, study, and follow the steps, it will be as secure as you are 
going to make an Access database).  Don't count on it if your application or 
data is worth more than about US$140-150 because that is what it will cost 
to obtain code to crack it. (3) This is the key item: Any RYO security you 
create will be significantly less secure than either of these, crackable 
without expense, without third-party tools, by Access developers with only 
modest talent.  If you have honest users who don't want to "get at" 
information in your DB that they shouldn't, it can serve, at best, to keep 
them from accidentally stumbling into objects where they have no need to be.

That said, presumably you are going to check the userid entered from your 
form against a table of valid userids, and also the user's password?  If 
not, you'd better rethink the whole idea. Then you have to store, or save, 
the current user's id somewhere where you can retrieve it.  (1) One 
convenient place would be a public variable in a standard module, but those 
may be (at least usually are) lost if you have an unhandled error... thus, 
if you choose this approach, you also need to shut down the application 
immediately if the variable in which you have saved your userid turns up 
empty or null.  (2) Another way is to create a property of the database and 
save it to and use it from there.  (3) Perhaps even easier and somewhat 
safer is to store it in a field on a form that you have hidden one way or 
another.

Whichever way you choose, just remember that most any plain ol' everyday 
Access developer with a medium level of knowledge, will be able to break 
your security scheme in hardly any time at all.

And, by the time you get through with all the implementation and levels of 
obfuscation that you (wrongly) convince yourself will actually make it 
secure, you could have downloaded the Access Security FAQ, studied, 
re-studied, and learned it, and applied it... so at least it might cost a 
database thief or a data thief $150 to steal your stuff.

If you really need to protect your data, put it in a server DB and apply the 
server DB's security.  If you want to protect your database application, be 
aware that, an experienced Access developer can watch it run, and re-create 
it faster than you did in the first place, because you've already done all 
the "heavy lifting" of determining and laying out for them what information 
needs to be dealt with, where, and by whom, to solve the business problem.

 Larry Linson
 Microsoft Access MVP



0
bouncer (4168)
10/26/2007 2:24:45 AM
If you still have frmLogin open, and it has the correct name in text box 
Text0, then in the BeforeUpdate event of frmNewRecord you would use:
    Me.CREATED_BY = Forms!frmLogin!Text0

-- 
Allen Browne - Microsoft MVP.  Perth, Western Australia
Tips for Access users - http://allenbrowne.com/tips.html
Reply to group, rather than allenbrowne at mvps dot org.

"thebarefootnation" <thebarefootnation@googlemail.com> wrote in message 
news:1193355001.644803.226130@e9g2000prf.googlegroups.com...
> As I have created a login form to get into the database I'd prefer to
> bring back the User Name from this form, not from the Windows login.
>
> My login form is called "frmLogin" and the User reference text box is
> "UserID".
>
> Can anyone help me with the code to pull the UserID from "frmLogin"
> into the textbox "CREATED_BY" in the form "frmNewRecord".
>
> Thanks in advance
>
>
>
>
> On Oct 26, 5:01 am, "Larry Linson" <boun...@localhost.not> wrote:
>> "thebarefootnation" wrote
>>
>>   > I don't fully understand this part of the
>>   >>     strForm = frm.Name      'For error handler.
>>   >>     strUser = fOSUserName()
>>   >
>>   > Is the frm.Name = the name of the login form?
>>
>> It would be the name of the form passed to the function as the argument
>> "frm" in
>>
>>     Public Function StampRecord(frm As Form) As Boolean
>>
>>  > Is strUser = to the module code reference to above?
>>
>> fOSUserName is the name of a function, not the name of a module.  Access
>> functions return a value... that particular one returns the name of the
>> Windows login of the current user, IIRC. Access sub procedures execute 
>> code
>> and can pass data in their arguments but don't return a value just by
>> specifying the name of the sub, as do functions. 

0
AllenBrowne (3681)
10/27/2007 8:22:23 AM
On Oct 27, 7:22 pm, "Allen Browne" <AllenBro...@SeeSig.Invalid> wrote:
> If you still have frmLogin open, and it has the correct name in text box
> Text0, then in the BeforeUpdate event of frmNewRecord you would use:
>     Me.CREATED_BY = Forms!frmLogin!Text0
>
> --
> Allen Browne - Microsoft MVP.  Perth, Western Australia
> Tips for Access users -http://allenbrowne.com/tips.html
> Reply to group, rather than allenbrowne at mvps dot org.
>
> "thebarefootnation" <thebarefootnat...@googlemail.com> wrote in message
>
> news:1193355001.644803.226130@e9g2000prf.googlegroups.com...
>
>
>
> > As I have created a login form to get into the database I'd prefer to
> > bring back the User Name from this form, not from the Windows login.
>
> > My login form is called "frmLogin" and the User reference text box is
> > "UserID".
>
> > Can anyone help me with the code to pull the UserID from "frmLogin"
> > into the textbox "CREATED_BY" in the form "frmNewRecord".
>
> > Thanks in advance
>
> > On Oct 26, 5:01 am, "Larry Linson" <boun...@localhost.not> wrote:
> >> "thebarefootnation" wrote
>
> >>   > I don't fully understand this part of the
> >>   >>     strForm = frm.Name      'For error handler.
> >>   >>     strUser = fOSUserName()
>
> >>   > Is the frm.Name = the name of the login form?
>
> >> It would be the name of the form passed to the function as the argument
> >> "frm" in
>
> >>     Public Function StampRecord(frm As Form) As Boolean
>
> >>  > Is strUser = to the module code reference to above?
>
> >> fOSUserName is the name of a function, not the name of a module.  Access
> >> functions return a value... that particular one returns the name of the
> >> Windows login of the current user, IIRC. Access sub procedures execute
> >> code
> >> and can pass data in their arguments but don't return a value just by
> >> specifying the name of the sub, as do functions.- Hide quoted text -
>
> - Show quoted text -

Thanks that's worked only problem is.

In my frmlogin I reference the combo box (UserID) to a table
(tblUserList) which has a primary key.

In order to bring in the name in the combo box I use the following
reference

SELECT tblUserList.ID, tblUserList.UserID FROM tblUserList ORDER BY
tblUserList.ID;

Then in the column count I select column 2, hence to only bring the
name through.

Any idea on how to do the same in the code bringing that name into the
CREATED_BY text box?




0
11/1/2007 6:12:10 AM
On Nov 1, 2:12 am, thebarefootnation
<thebarefootnat...@googlemail.com> wrote:
> On Oct 27, 7:22 pm, "Allen Browne" <AllenBro...@SeeSig.Invalid> wrote:
>
>
>
> > If you still have frmLogin open, and it has the correct name in text box
> > Text0, then in the BeforeUpdate event of frmNewRecord you would use:
> >     Me.CREATED_BY = Forms!frmLogin!Text0
>
> > --
> > Allen Browne - Microsoft MVP.  Perth, Western Australia
> > Tips for Access users -http://allenbrowne.com/tips.html
> > Reply to group, rather than allenbrowne at mvps dot org.
>
> > "thebarefootnation" <thebarefootnat...@googlemail.com> wrote in message
>
> >news:1193355001.644803.226130@e9g2000prf.googlegroups.com...
>
> > > As I have created a login form to get into the database I'd prefer to
> > > bring back the User Name from this form, not from the Windows login.
>
> > > My login form is called "frmLogin" and the User reference text box is
> > > "UserID".
>
> > > Can anyone help me with the code to pull the UserID from "frmLogin"
> > > into the textbox "CREATED_BY" in the form "frmNewRecord".
>
> > > Thanks in advance
>
> > > On Oct 26, 5:01 am, "Larry Linson" <boun...@localhost.not> wrote:
> > >> "thebarefootnation" wrote
>
> > >>   > I don't fully understand this part of the
> > >>   >>     strForm = frm.Name      'For error handler.
> > >>   >>     strUser = fOSUserName()
>
> > >>   > Is the frm.Name = the name of the login form?
>
> > >> It would be the name of the form passed to the function as the argument
> > >> "frm" in
>
> > >>     Public Function StampRecord(frm As Form) As Boolean
>
> > >>  > Is strUser = to the module code reference to above?
>
> > >> fOSUserName is the name of a function, not the name of a module.  Access
> > >> functions return a value... that particular one returns the name of the
> > >> Windows login of the current user, IIRC. Access sub procedures execute
> > >> code
> > >> and can pass data in their arguments but don't return a value just by
> > >> specifying the name of the sub, as do functions.- Hide quoted text -
>
> > - Show quoted text -
>
> Thanks that's worked only problem is.
>
> In my frmlogin I reference the combo box (UserID) to a table
> (tblUserList) which has a primary key.
>
> In order to bring in the name in the combo box I use the following
> reference
>
> SELECT tblUserList.ID, tblUserList.UserID FROM tblUserList ORDER BY
> tblUserList.ID;
>
> Then in the column count I select column 2, hence to only bring the
> name through.
>
> Any idea on how to do the same in the code bringing that name into the
> CREATED_BY text box?

If I understand you, and I probably don't, assuming frmLogin has a
module, it would be simple to create a
Public Function fCreated_By$()
On Error Resume Next
fCreatedBy=Form_frmLogin.UserID.Column(1)
End Function
When the user was done logging in, frmLogin could be hidden, and you
could amend your code to close the database on any vital activity that
tried to proceed without its existence.
So when another form was opened, the form load event code could enter
the UserName into the CREATED_BY textbox, or its default value could
be set to fCreated_By(). Probably you'd want to store the CREATED_BY
ID in the CREATED_BY field and establish a relationship with
referential integrity.
Of course, this wouldn't secure your DB diddley-squat. The rankest
amateur could create a new db, link to your tables and do whatever to
them. And the next to rankest amateur could bypass any of your opening
Forms or AllowByPass Keys properties. And one step up from there, most
reasonably perceptive users could use a hex-editor to read or modify
any string data in the db.
And the person who claimed he/she had created "security" for the db
would be responsible.
If I had to create my own security for an Access/Jet db I might have a
shot, if I took a month or so. That's because I didn't have to ask
questions about how to get the CREATED_BY textbox populated. But with
that knowledge comes the realization that regardless of how blindingly
brilliant I am I am not likely to beat the determined hacker, and I
might even overlook some simple stratagem that would let my Aunt Alice
in; I am not likely to exceed the blinding brilliance of Microsoft's
Access security creators.
If I really wanted to accomplish what I think you want to accomplish I
would convert my tables to SQL-Server Express which has some functions
that may be helpful to that purpose, and which can control the
permissions of each user to very small doses, and which keeps a log
file of every time you say shift in your chair while accessing it
data.
BTW, Access security, the made in Redmond kind, is so safe that it
would take a determined Googler at least five minutes to find whatever
was needed to bypass it, maybe six with a dial-up connection.

0
11/1/2007 7:16:48 AM
Reply:

Similar Artilces:

Accessing MS ACCESS database using Data Environment
HI, I have developped a program in Visual Basic 6.0 using MS Access database. I have created all my reports through Data Environment where I have entered the location of my database file (for e.g c:\project\app\test.mdb) in the Connection properties. I have installed my application on another PC using Package & Deployment wizard. When viewing the reports on the other PC, I have to enter everytime the new location of the database. How can I solve this problem, please? nadia wrote: > HI, > I have developped a program in Visual Basic 6.0 using MS Access database. >...

accessing ms access via ODBC without Microsoft Access
Hi, If I have a computer without Microsoft Access installed but with an ODBC connection to a .mdb file - can I still access the 'database' via ODBC? thanks Tim <timasmith@hotmail.com> wrote in message news:1145206985.433826.106120@i40g2000cwc.googlegroups.com... > Hi, > > If I have a computer without Microsoft Access installed but with an > ODBC connection to a .mdb file - can I still access the 'database' via > ODBC? Yes, provided you are running a program prepared in a language that supports ODBC and have installed an ODBC driver on that user'...

Access Database Security
I have a client using an mde created in 1999 by someone else, for which I don't have the original source. There is a workgroup file that accompanies the mde file. I have the user and password information required by the workgroup file. In 2004 the client requested changes. Without the source, I couldn't make the change to the mde file itself, so I wrote a small mdb that attaches tables and provides a form to fulfill the client's new requirements. I created a shortcut for the new mdb that includes the workgroup info, and for 2 years everything has worked fine. Suddenly, the client is getting permission errors whenever he attempts to access his data. He can open my tool mdb, but not the tables attached to it. As it works fine when re-installed on my desktop, I figured his copy of the workgroup file had been corrupted or overwritten. I sent him a replacement, but it didn't help. Any ideas on where the permission errors might be coming from would be greatly appreciated. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Permissions are kept in the .mdb/e file. The user name and passwords are kept in the .mdw file. Check the .mde file's Security settings (if you can). Also, if new queries have been created make sure they have the RWOP (Run With Owner Option) property set to yes (checked). Then make sure the proper user/groups have the proper permissions on those queries. -- MGFoster:::mgf00 <at> earthlink <decimal-point> net Oa...

Securing an Access Database.
If you secure an MSACCESS Database using a Workgroup Information File WIF and then setting up permissions removing the Admin user from the its default group, repalce it with another named user, transfer all the ownership of objects to the new user. Then run the database security wizard. If after this the mdb file is placed on a different users PC which is still using the defauult system.mdw file should they still be able to open the database with full rights and permissions ? D wrote: > If you secure an MSACCESS Database using a Workgroup Information File > WIF and then setting up ...

Create MS/ACCESS database app for non-ms/access users
Is it possible to create an MS/ACCESS database application and package it for users who do not have MS/ACCESS loaded in their PCs? I was told that this is possible, but I don't know what software is needed. Do you know? If so, please answer this post. Thanks. SueB *** Sent via Developersdex http://www.developersdex.com *** Don't just participate in USENET...get rewarded for it! Per Sue Bricker: >Is it possible to create an MS/ACCESS database application and package >it for users who do not have MS/ACCESS loaded in their PCs? > >I was told that this is possible, but...

Security in Access 97
I want than only few users are able to use a certain controll (tab) in a form. Is that possible in the security system we have in Access 97 or do I have to program everything in VBA. Helge (Norway) ...

Excel database query does not work after securing an Access database
Hi all, I'd appreciate if someone could give me a hint to this little annoying problem: I have a simple database that I want to be able to query from Excel. When I use the "new database query" wizard on an unsecured version of my database, everything works fine. I am able to read the tables and queries, I can build customized queries in Excel from the Access tables/queries. Now, the moment I secure my database I loose all connectiviity between Excel and Access. The wizard won't even connect to the database. When I add permission to "open/read database" object through "Users and Groups Permission" in Access, I am able to connect to the database and see all the tables/queries, but it does not show the fields. I thought that in theory if I add permissions to "read design" and "read data" to my tables and queries for the regular users that should solve the problem, but it doesn't. I am obviously missing something somewhere, but what? I searched the web but could not find anyting. I am using Windows XP Pro SP2 and Access 2003 and Excel 2003. Any advice???? Michael I'm actually just facing this problem as well myself, and have no answer. I have a secure database that's split front and backend. I've had split secure databases before where I have been able to query via excel, but for some reason, this one won't let me. ...

Scheduling a secured access app with macro security
Environment: Acess 2003 with security via MDW file. A person would like their app to be run via the scheduler in the nighttime. This seems fairly straight forward. But there is a glitch. The people have macro security set to medium. So when the username and password are passed, the application does not immediately open but then warns the user that the app could be dangerous to open. For me, I simply set the macro security to low for my development work. However, I don't know if IT would accept or reject me doing so. This app is a main app in use at the company and should be trusted. However, they don't have Vista so there is no "trusted" zone capability. Is there any reason for the users not to have the macro security set to low? When I watch the users log in to the app, the security message is simply is another dialog box to press the button on via a mouse. The security dialog box, useful perhaps the first time entering the app, is now simply another step to enter the app. I doubt the users even look at the message in the dialog box, simply press the button to get access into the system. So, my question. If IT rejects a low security setting, how do you get beyond the macro security dialog box in a scheduling script? Would you recommend using Sendkeys to pass a right arrow/Enter in the scheduling script to execute the dialog box? Macro security is global. If one sets macro security to low, then ALL apps use that setting. If...

Access MS-ACCESS database on server from client????
I m currently developing a java based application and want to know how can i make client access database located on the server? "HeMan_Speaks" <Lunar20092010@gmail.com> wrote in message news:d71ce567-0434-48b8-b1d2-bb191706ab45@w8g2000prd.googlegroups.com... >I m currently developing a java based application and want to know how > can i make client access database located on the server? I think you're going to have to expand a little bit more in your question here, as is not 100% quite clear what you're trying to do. You might want to make a little bit of a distinction between MS access, the development system that allows you to write code, build forms, and build reports, and that of the database engine that you choose to use with MS access. When you build an application MS access, you then choose your database engine, that might be oracle, SQL server, or perhaps more often leave the default jet database. So when you say make a client access application, are you talking about a piece of software that you plan to install and each computer? The fact that your introducing the issue of java further complicates your question. Perhaps your question is simply you have some java code running on a server, and with to open a mdb file (an access database file). In this situation you're not really using MS access at all here (you using what is called the jet database engine to read that mdb file). For all the trouble in this type of sce...

Access needs to be installed for me to use MS Access
Hi, Is it required for MS Access to be installed on machines on which I need to deploy windows app which uses MS Access as its backend. If no then how do I access and wrie to access database? Thanks, Vikas. <vikassah@gmail.com> wrote in message news:1166161668.556801.183030@n67g2000cwd.googlegroups.com... > Hi, > > Is it required for MS Access to be installed on machines on which I > need to deploy windows app which uses MS Access as its backend. If no > then how do I access and wrie to access database? If Access, or the Access runtime (from the developer extensio...

Accessing MS-Access from OpenRoad using ActiveX
Hi I'm wanting to conect to an MS-Access MDB file from an OpenRoad program using ActiveX. Can someone tell me the files I need to use/register for Windows XP? Any other help or suggestions would be most appreciated. Darren dharvey911@hotmail.com ...

request for explanation on access an database in ms access
This is the code that I found on the internet for accessing an ms access database: import java.sql.*; class Test { public static void main(String[] args) { try { Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); // set this to a MS Access DB you have on your machine String filename = "d:/java/mdbTEST.mdb"; String database = "jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};DBQ="; database+= filename.trim() + ";DriverID=22;READONLY=true}"; // add on to the end // now we can get the connection from the DriverManager Connection con = DriverManager.getConnection( database ,"",""); } catch (Exception e) { System.out.println("Error: " + e); } } } What I don't understand is the declaration of database. What I did was putting the database in the same dir as the sourcecode and use "jdbc:odbc:CafeJolt.mdb". But this doesn't work. And the above code does, why is that??? Actually it's not Java question. It's ODBC question. You have to have ODBC connection. Depending of Windows it's usually something like this (for my Windows 2000): Start->Sttings->Control Panel->Administartive Tools->Data Sources(ODBC)-> User DSN -> [Add]-> Driver to Microsoft Access(*.mdb) === And here, finally you can choose file name. ...

MATLAB command to access MS Access database
Hi! Is there a MATLAB command which gives access to a .mdb MS Access database or do I need a special driver? Thanks, Andree Hi Andree Ellert, you can use activeXcontrol to interact with MS-Access database. access = actxserver('Access.Application'); returns the handle for Access. set(access, 'Visible', 1); will show the opened Access window. use get(access) and set(access) commands to find the methods available to call. -Vadivelu M =========== http://www.mathworks.com/access/helpdesk/help/toolbox/database/datatool.shtml "Andree Ellert" <ellert@gmx.net/////\\\\\> wrote in message news:eed9874.-1@webx.raydaftYaTP... > Hi! > > Is there a MATLAB command which gives access to a .mdb MS Access > database or do I need a special driver? > > Thanks, > > Andree Andree Ellert wrote: > > > Hi! > > Is there a MATLAB command which gives access to a .mdb MS Access > database or do I need a special driver? > > Thanks, > > Andree <http://www.mathworks.com/matlabcentral/fileexchange/loadFile.do?objectId=4045&objectType=file> -Hardik ...

Security Wizard but Not Secure
Hello people. I have a database that: * was not secured originally * I applied the user-level security wizard to * has the Admin user demoted to the Users group * had the User's group with no permissions * the Admin user doesn't own any objects When I open this with my shortcut and new mdw file everything works as expected. When I open this with standard Access security.mdw, my database is still wide open. Any ideas what step I missed? Thanks <drink.the.koolaid@gmail.com> wrote in message news:1147781112.258494.175040@i39g2000cwa.googlegroups.com... > Hello people. >...

Secure Access 2000 database
I have a database that contains complaint information in regards to Law Enforcement. They need to have this database secure and out of reach for all but two users. (including me, they say). In other words, the data they place in this table is higly sensitive and no one other then a few users must have access to it. If there are design changes, they would like to give me access to make the changes and they lock it down again. Suggestions on accomplishing this, including 3rd party tools, would be great. I have read a bit about encryption and it doesn't appear to be able to accomplish their ...

Securing Access 2000 Database
What is the best way to secure a multi-user access database? Here is the issue. Customer is wanting to allow ALL users into the database, but they only want 2 users to be able to DELETE records. I have split the database into 2 files: * Data File (Tables) * Program File (Linked Tables to Data File, queries, Forms, Reports...) User double clicks on Program File for normal use. Suggestions? I tried to implement the Security Work-group file and added the groups and got everything setup that I wanted and it worked, but then when I went to another PC to test, I was not able to login to the Database (something about Security right, I think it is trying to autologin as "admin" and it doe s not have that user in the Work-group file) Am I doing something wrong? Do I have the right approach? Please Advise. (First time trying to secure a database for multi-user system) thanks, Jeff -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Did you place the WorkGroup file (.mdw) on the other PC? It needs to be w/ all front-ends (file w/ queries, forms & reports). -- MGFoster:::mgf00 <at> earthlink <decimal-point> net Oakland, CA (USA) ** Respond only to this newsgroup. I DO NOT respond to emails ** -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBSbGo2oechKqOuFEgEQK0wwCcCFDp6dHbzaNaq0fobBylxkjf1UcAnAqN IlBdHRaRaPasC3mRG0JdIgeN =/Ohw -----END PGP SIGNATURE----- harris@compu-type.net wrote: > What is the best w...

security problem with ms-access?
hi list, since a couple of weeks we face a special "security" problem. neraly every ms-access database that is located on our net-drives cannot be opened. when clicking the document's icon, first, the warning message arises "open document - security message" - "Really open *.mdb ....?", second, when clicking "start" ms-access starts, but the mdb-file cannot be opened. message: "ms-access could not open the file ... The file is located outside the intranet or on a website that is considered to be insecure. ms-access therefore will not open the document because of possible security problems" (translation from the german dialogs - somediffeences to the original english dailog can be assumed) when copying the file to a local hard disk, it works again. butthat's not the idea of an intra-enterprise database, is it? any ideas how to come over that ???? thanx in advance norbert ps. some of these mdb-files are replicated ... norbert On Tue, 3 Jun 2008 04:58:00 -0700 (PDT), novak <norbert.neuwirth@oif.ac.at> wrote: Did you deploy the applications on each workstation, per best practices? -Tom. >hi list, > >since a couple of weeks we face a special "security" problem. neraly >every ms-access database that is located on our net-drives cannot be >opened. > >when clicking the document's icon, first, the warning message arises >"open document - security message" - &qu...

MS Access Security FAQ
On Page 3: "1. What are the steps to secure a database? [...] You may elect not to use the Security Wizard and to secure the database manually by following these steps. [Steps 1 thru 6] 7. Open the database that you want to secure and run the Security Wizard." Why would the steps to NOT use the Security Wizard include a step to USE the Security Wizard? Any help appreciated. -- croy ...

Best way to access a remote MS ACCESS database
What is the best way, via the internet, to access a remote Microsoft Access database? I was thinking of using VPN, but I thought that I would check here to see if there is a better way. Any suggestions? Thanks Do you mean remotely controlling an Access database, or linking tables over the internet? The first is doable, the second is a recipe for disaster. Remote Control: If your remote OS is Windows XP, you can use Remote Desktop (although only 1 person can access the PC at a time; this will change in the upcoming Service Pack for XP, but that may not help you now). Otherwise, GoToMyPC offers similar services, as does Terminal Server (a component of a Windows Server machine), PCAnywhere, et al. Linking to remote tables: You will almost certainly encounter severe problems with corruption, and your performance will almost certainly be so poor as to be unworkable. I attempted this once, with a web server in Canada and my machine in Augusta, GA. Even tiny data requests on a very well optimized data structure took waaaay too long to process ... it's simply not workable, IMO. Other alternatives would be covert the app to a web-based and place your data on a web server. Access/Jet isn't really designed for those workloads, but running a small site with minimal transactions and users can be done. Otherwsie, consider switching to a more robust data platform like MySQL, SQL Server, etc. -- Scott McDaniel CS Computer Software Visual Bas...

Accessing a MS Access database across two servers
Hi The technical support guys at my company have set up my system so that the server containing the MS Access database is on one server, while the pages that should access the database are on another server. When the pages and database are on the same server, I usually just connect through ODBC. The problem is that I don't know how to set up an ODBC connection to link from one server to a database in another. Anyone know what I am getting at and know of a possible solution, or a link to a site which may help. thanks in advance Brendan "Singularity" <Brendan.Collins@Sin...

How secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the login page. Are ...

how secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the login page. Are there any security risks/holes that I should know about? Thanks in advance, Aaron PS I do have access to Tomcat, but have been unable to figure out how to set it up (this is my first time setting up security for a site) - so if anyone has any tips/links that information would be most appreciated. Thanks again. ...

Using Iseries Access ODBC Driver with MS ACCESS 2003
When Trying attaching databases into MsAccess2003 using Iseries Access ODBC Driver (I'm in OS400 v5r2) I get an error message according to which the duration of connection is too long and so I can't attach the database although I got the list of the tables in the library I specified. Can anyone help me ? Thanks in advance. The timeout to dispay de data is small. You need to increase this timeout. The problem can occur when the tables are very very very (but very) big. "Bertrand Bard" <bbard@dehon.com> escribi� en el mensaje news:d01a5cc.0404280030.58f11d3e@posting.go...

Using Access to 'access' an sql database on a webserver
Is this possible? I know about a bit about ODBC and found how to import an ODBC database stored on the computer, however I am after accessing an SQL database stored on a webserver. I'd like to keep it up to date, but that could probably be done with a macro. At the moment I'm just considoring possible options, so just need to know if it can be done, how easy and a rough idea of how. Any help would be much appreciated! Flic On 6 Oct 2006 03:59:25 -0700, "Flic" <FelicityP@gmail.com> wrote: I typically create an ADP, then connect to such db specifying the IP address...

Web resources about - Access Security without using the Security Wizard - comp.databases.ms-access

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Committee on National Security Systems - Wikipedia, the free encyclopedia
The National Security Telecommunications and Information Systems Security Committee (NSTISSC) was established under National Security Directive ...

Apple hires former Microsoft, Amazon executive to head corporate security
... executive to oversee its corporate digital defenses, according to Reuters . George Stathakopoulos was vice president of information security ...

Nexus Devices getting a Second March 2016 Security Update
When it comes to security updates, once a month is usually pretty outstanding. Especially when it comes to comparing Nexus or unlocked devices ...

Apple’s top security expert to testify in court this Tuesday
Next Monday, Apple will once take command of the tech news cycle when it introduces a range of new hardware , including a brand new 4-inch iPhone ...

Ted Cruz Announces National Security Team, Including Frank Gaffney, Michael Ledeen, Elliott Abrams
Senator Ted Cruz (R-TX) announced his team of national security advisers on Thursday. The group includes a wide range of views, especially on ...

Only 1 woman on UN Security Council _ from the United States
... — The number of women diplomats at the United Nations has always been low and for the last 70 years only a few have gotten seats on the Security ...

Q&A: Symantec CEO On Split, New Security-Focused Channel Vision And Apple Vs. FBI *
Symantec has had a busy year, completing its split, landing a massive strategic investment, and continuing to roll out new products and partner ...

Resources last updated: 3/20/2016 9:49:18 PM