f



Security Wizard but Not Secure

Hello people.

I have a database that:
* was not secured originally
* I applied the user-level security wizard to
* has the Admin user demoted to the Users group
* had the User's group with no permissions
* the Admin user doesn't own any objects

When I open this with my shortcut and new mdw file everything works as
expected.
When I open this with standard Access security.mdw, my database is
still wide open.

Any ideas what step I missed?

Thanks

0
5/16/2006 12:05:12 PM
comp.databases.ms-access 42670 articles. 0 followers. Post Follow

1 Replies
762 Views

Similar Articles

[PageSpeed] 55

<drink.the.koolaid@gmail.com> wrote in message 
news:1147781112.258494.175040@i39g2000cwa.googlegroups.com...
> Hello people.
>
> I have a database that:
> * was not secured originally
> * I applied the user-level security wizard to
> * has the Admin user demoted to the Users group
> * had the User's group with no permissions
> * the Admin user doesn't own any objects
>
> When I open this with my shortcut and new mdw file everything works as
> expected.
> When I open this with standard Access security.mdw, my database is
> still wide open.
>
> Any ideas what step I missed?
>

Possibly more than one, it's easily done.  Have you removed the "Users" 
group's permission to the *database* object?  The problem with the wizard is 
that you don't learn anything about user-level security which is 
self-defeating IMO.  Have you read the security FAQ (link on my web site)?

Regards,
Keith.
www.keithwilby.com 


0
here9 (1031)
5/16/2006 12:59:12 PM
Reply:

Similar Artilces:

Access Security without using the Security Wizard
Hi, I have created an access db that I would like to secure. The database will exist on a shared drive and be used at a number of different locations hence the reason to secure the database. The users of the database also use other databases therefore I want to secure this database without using the wizard so it does not effect their other databases. So far I have created a "frmLogin" used for logging into the database which gives the user access to two forms "frmNewRecord" and "frmSearch" >From the "frmSearch" the user can access "frmEditRecord". What I would like to do now is: 1. Track when a user creates a new record. I have created text box within the "frmNewRecord" named "Created_by" how can I have this populated automatically by the user who created it? 2. I'd also like to track when a user edits an existing record within "frmEditRecord". I have created a text box named "Last_Updated_by". How can I have this text box automatically updated by the user who last edited this record? 3. I would like to prevent the user's from accessing the design of the forms, tables and queries. Plus I'd like to restrict them accessing the tables & queries which support these forms. Plus the sub forms within these forms. I already have set the db up so when it opens the "frmLogin" opens up. However if they hold the shift key down they can bypass straight to tables...

how secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the login page. Are there any security risks/holes that I should know about? Thanks in advance, Aaron PS I do have access to Tomcat, but have been unable to figure out how to set it up (this is my first time setting up security for a site) - so if anyone has any tips/links that information would be most appreciated. Thanks again. ...

How secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the login page. Are ...

Problem with MS Access 97 database security
All, I recently started at a company that has a number of older MS Access 97 database applications that support production and order fulfillment. There is one database with which I have the following problems: 1) no one can make modifications to the database except by logging in using the database creator's userid and password on the workstation used by that person, who has of course left the company. Anyone else who tries to access the database, even the system administrator, gets the message "You dont have the nececssary permissions to use the xxxxxxxxx object.Have your system administrator or the person who created the object establish the appropriate permissions for you." 2) We logged in and "added" another person with the same permissions as the creator for all database objects, except we did not change the database object "ownerships", and the problem still persists. I suspect that the ownerships are the problem. Is this so? 3) I dont know anything about the restriction to a particular machine. Can anyone enlighten me on this issue? TIA JL <jliebman@kjlsoftware.com> wrote in message news:1176986756.146353.213270@e65g2000hsc.googlegroups.com... > All, > > I recently started at a company that has a number of older MS Access > 97 database applications that support production and order > fulfillment. There is one database with which I have the following > problems: > > 1) no one can make modifications ...

Problem with MS Access 97 database security #2
All, I recently started at a company that has a number of older MS Access 97 database applications that support production and order fulfillment. There is one database with which I have the following problems: 1) no one can make modifications to the database except by logging in using the database creator's userid and password on the workstation used by that person, who has of course left the company. Anyone else who tries to access the database, even the system administrator, gets the message "You dont have the nececssary permissions to use the xxxxxxxxx object.Have your system administrator or the person who created the object establish the appropriate permissions for you." 2) We logged in and "added" another person with the same permissions as the creator for all database objects, except we did not change the database object "ownerships", and the problem still persists. I suspect that the ownerships are the problem. Is this so? 3) I dont know anything about the restriction to a particular machine. Can anyone enlighten me on this issue? TIA JL ...

com.ms.security, com.ms.security.PermissionID.FILEIO and error in compiling
I need to permit to an Applet to read and write HD files. All ok with java 1.2, 1.3, 1.4 and 1.5 of Sun. But when, before signing a verson of my applet written for Internet Explorer without Java SUN (Microsoft 1.1.4 JVM), I try to insert this: try { Class s=Class.forName("com.ms.security.PolicyEngine"); if (s!=null) {s.assertPermission(com.ms.security.PermissionID.FILEIO);} } catch(Throwable e) {System.out.println("Error: "+e);} The result, is, while I compile my applet, the following error: package com.ms.security does not exist s.assertPermission(com...

Security in Access 97
I want than only few users are able to use a certain controll (tab) in a form. Is that possible in the security system we have in Access 97 or do I have to program everything in VBA. Helge (Norway) ...

Excel database query does not work after securing an Access database
Hi all, I'd appreciate if someone could give me a hint to this little annoying problem: I have a simple database that I want to be able to query from Excel. When I use the "new database query" wizard on an unsecured version of my database, everything works fine. I am able to read the tables and queries, I can build customized queries in Excel from the Access tables/queries. Now, the moment I secure my database I loose all connectiviity between Excel and Access. The wizard won't even connect to the database. When I add permission to "open/read database" object through "Users and Groups Permission" in Access, I am able to connect to the database and see all the tables/queries, but it does not show the fields. I thought that in theory if I add permissions to "read design" and "read data" to my tables and queries for the regular users that should solve the problem, but it doesn't. I am obviously missing something somewhere, but what? I searched the web but could not find anyting. I am using Windows XP Pro SP2 and Access 2003 and Excel 2003. Any advice???? Michael I'm actually just facing this problem as well myself, and have no answer. I have a secure database that's split front and backend. I've had split secure databases before where I have been able to query via excel, but for some reason, this one won't let me. ...

Access Database Security
I have a client using an mde created in 1999 by someone else, for which I don't have the original source. There is a workgroup file that accompanies the mde file. I have the user and password information required by the workgroup file. In 2004 the client requested changes. Without the source, I couldn't make the change to the mde file itself, so I wrote a small mdb that attaches tables and provides a form to fulfill the client's new requirements. I created a shortcut for the new mdb that includes the workgroup info, and for 2 years everything has worked fine. Suddenly, the client is getting permission errors whenever he attempts to access his data. He can open my tool mdb, but not the tables attached to it. As it works fine when re-installed on my desktop, I figured his copy of the workgroup file had been corrupted or overwritten. I sent him a replacement, but it didn't help. Any ideas on where the permission errors might be coming from would be greatly appreciated. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Permissions are kept in the .mdb/e file. The user name and passwords are kept in the .mdw file. Check the .mde file's Security settings (if you can). Also, if new queries have been created make sure they have the RWOP (Run With Owner Option) property set to yes (checked). Then make sure the proper user/groups have the proper permissions on those queries. -- MGFoster:::mgf00 <at> earthlink <decimal-point> net Oa...

Securing an Access Database.
If you secure an MSACCESS Database using a Workgroup Information File WIF and then setting up permissions removing the Admin user from the its default group, repalce it with another named user, transfer all the ownership of objects to the new user. Then run the database security wizard. If after this the mdb file is placed on a different users PC which is still using the defauult system.mdw file should they still be able to open the database with full rights and permissions ? D wrote: > If you secure an MSACCESS Database using a Workgroup Information File > WIF and then setting up permissions removing the Admin user from the > its default group, repalce it with another named user, transfer all > the ownership of objects to the new user. Then run the database > security wizard. If after this the mdb file is placed on a different > users PC which is still using the defauult system.mdw file should they > still be able to open the database with full rights and permissions ? No. If they can you missed a step. -- Rick Brandt, Microsoft Access MVP Email (as appropriate) to... RBrandt at Hunter dot com Hi, David. > If after this the mdb file is placed on a different > users PC which is still using the defauult system.mdw file should they > still be able to open the database with full rights and permissions ? In many cases, yes, but only if certain vital steps were missed. To give you an idea of which steps were missed, even af...

Security problems in F-Secure Client Security?
Hello, as I have been testing F-Secure Policy Manager/Console (PM) and F-Secure Client Security (CS) I have found three very serious problems: In all cases the system envirionment has always been the same, Windows 2000 with latest service pack und latest fixes. A: F-Secure's Policy Manager 5.61 and Client Security 5.54 can't communicate together as CS doesn't find the management server anymore after installation :( This worked better with CS 5.50 and 5.52. B: The internet shield of CS can be bypassed, even when policy has been instructed to deny automatically and to forbid the client to use individual settings. Imagine that in a sensitive production environment, a real horror :( C: Under certain circumstances clients cannot scan for viruses anymore if the logged in user doesn't belong to the adminnistrator group. My question to you all is: Did you find same or similar problems, and if yes, did F-Secure agree that these are problems which may cause damage and whether you got any final solution from F-Secure? I have sent several notes and diags to them, well I can say support has tried to help, but there didn't come any real solution. Well, would be fine to get all your helpful feedback. Michael ...

Secure your digital information assets with Secure Auditor Secure Windows with Secure Auditor
hey guys! If you want to identify vulnerabilities in your windows than try this new tool Secure Auditor. It does Windows scanning, auditing, password cracking, event log viewing, port scanning, Windows hardware and software inventory management etc. Download this link and make your system hacking proof. http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button Just install it and see the magic. No security hole and no false positive. By the way it also audit Oracle database, MSSQL databases and Cisco Routers. ...

Secure your digital information assets with Secure Auditor. Secure Windows with Secure Auditor
hey guys If you want to identify vulnerabilities in your windows than try this new tool Secure Auditor. It does Windows scanning, auditing, password cracking, event log viewing, port scanning, Windows hardware and software inventory management etc. Download this link and make your system hacking proof. http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button Just install it and see the magic. No security hole and no false positive. By the way it also audit Oracle database, MSSQL databases and Cisco Routers. ...

Scheduling a secured access app with macro security
Environment: Acess 2003 with security via MDW file. A person would like their app to be run via the scheduler in the nighttime. This seems fairly straight forward. But there is a glitch. The people have macro security set to medium. So when the username and password are passed, the application does not immediately open but then warns the user that the app could be dangerous to open. For me, I simply set the macro security to low for my development work. However, I don't know if IT would accept or reject me doing so. This app is a main app in use at the company and should be trusted. However, they don't have Vista so there is no "trusted" zone capability. Is there any reason for the users not to have the macro security set to low? When I watch the users log in to the app, the security message is simply is another dialog box to press the button on via a mouse. The security dialog box, useful perhaps the first time entering the app, is now simply another step to enter the app. I doubt the users even look at the message in the dialog box, simply press the button to get access into the system. So, my question. If IT rejects a low security setting, how do you get beyond the macro security dialog box in a scheduling script? Would you recommend using Sendkeys to pass a right arrow/Enter in the scheduling script to execute the dialog box? Macro security is global. If one sets macro security to low, then ALL apps use that setting. If...

MS 2000 Secured Database
Hi. I have created a secured database which lots of my colleagues use. However when I want to make changes I can't because invariably there is somebody using it. Is there a way of either kicking everybody out or finding out who is using it, so I can go and beat them up so they get out. cheers Stephen Stephen, Your database should be split into a front end and a back end. The back end will have just the tables, the front end will have everything else, and will be linked to the tables in the back end. Each user will have a copy of the FE on his or her computer. When you make changes, m...

Securing Access 2000 Database
What is the best way to secure a multi-user access database? Here is the issue. Customer is wanting to allow ALL users into the database, but they only want 2 users to be able to DELETE records. I have split the database into 2 files: * Data File (Tables) * Program File (Linked Tables to Data File, queries, Forms, Reports...) User double clicks on Program File for normal use. Suggestions? I tried to implement the Security Work-group file and added the groups and got everything setup that I wanted and it worked, but then when I went to another PC to test, I was not able to login to the Database (something about Security right, I think it is trying to autologin as "admin" and it doe s not have that user in the Work-group file) Am I doing something wrong? Do I have the right approach? Please Advise. (First time trying to secure a database for multi-user system) thanks, Jeff -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Did you place the WorkGroup file (.mdw) on the other PC? It needs to be w/ all front-ends (file w/ queries, forms & reports). -- MGFoster:::mgf00 <at> earthlink <decimal-point> net Oakland, CA (USA) ** Respond only to this newsgroup. I DO NOT respond to emails ** -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBSbGo2oechKqOuFEgEQK0wwCcCFDp6dHbzaNaq0fobBylxkjf1UcAnAqN IlBdHRaRaPasC3mRG0JdIgeN =/Ohw -----END PGP SIGNATURE----- harris@compu-type.net wrote: > What is the best w...

MS Access Security FAQ
On Page 3: "1. What are the steps to secure a database? [...] You may elect not to use the Security Wizard and to secure the database manually by following these steps. [Steps 1 thru 6] 7. Open the database that you want to secure and run the Security Wizard." Why would the steps to NOT use the Security Wizard include a step to USE the Security Wizard? Any help appreciated. -- croy ...

Secure Access 2000 database
I have a database that contains complaint information in regards to Law Enforcement. They need to have this database secure and out of reach for all but two users. (including me, they say). In other words, the data they place in this table is higly sensitive and no one other then a few users must have access to it. If there are design changes, they would like to give me access to make the changes and they lock it down again. Suggestions on accomplishing this, including 3rd party tools, would be great. I have read a bit about encryption and it doesn't appear to be able to accomplish their ...

Oracle DataBase and Applications Security Baseline or Security Checklist
Is there anybody out there with a Oracle DataBase 8.1.7 and Applications 11.5.8 Security Baseline or Security Checklist. Where can I get one???? Thanks in advance David In article <2lrn7tFfl47qU13@uni-berlin.de>, Dave Mendez <dhmendez@mail.cinvestav.mx> writes >Is there anybody out there with a Oracle DataBase 8.1.7 and Applications >11.5.8 Security Baseline or Security Checklist. Where can I get one???? >Thanks in advance >David > Hi, go to my website http://www.petefinnigan.com/orasec.htm - there is a section entitled "checklists" on that page - there are links to two good Oracle security check lists on there. These are database specific. If you want stuff on applications then try www.integrigy.com - Stephen Kost knows a lot about Oracle applications security and has some papers on his site. hth kind regards Pete -- Pete Finnigan email:pete@petefinnigan.com Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. ...

security problem with ms-access?
hi list, since a couple of weeks we face a special "security" problem. neraly every ms-access database that is located on our net-drives cannot be opened. when clicking the document's icon, first, the warning message arises "open document - security message" - "Really open *.mdb ....?", second, when clicking "start" ms-access starts, but the mdb-file cannot be opened. message: "ms-access could not open the file ... The file is located outside the intranet or on a website that is considered to be insecure. ms-access therefore will not open the document because of possible security problems" (translation from the german dialogs - somediffeences to the original english dailog can be assumed) when copying the file to a local hard disk, it works again. butthat's not the idea of an intra-enterprise database, is it? any ideas how to come over that ???? thanx in advance norbert ps. some of these mdb-files are replicated ... norbert On Tue, 3 Jun 2008 04:58:00 -0700 (PDT), novak <norbert.neuwirth@oif.ac.at> wrote: Did you deploy the applications on each workstation, per best practices? -Tom. >hi list, > >since a couple of weeks we face a special "security" problem. neraly >every ms-access database that is located on our net-drives cannot be >opened. > >when clicking the document's icon, first, the warning message arises >"open document - security message" - &qu...

MS Access Application security
Hi i have read about the user level security in MS access. But i would like to find out how it is possible to secure a database application. I have a leave (or vacation) record system. My data is in DB1.MDB and the rest of the objects reside in DB2.MDB. I would like to use WinXP login ID to determine the user and use this to make sure the staff is allowed to update / request his own record and not others. I am able to determine the user ID in the VBScript. But i do not know how can i enforce it. The only purpose is to retain WinXP userid and to give user specific privilege to update the DB only.My purpose is primarily to avoid creating another set of pwd for the users to remember. For some advice please. Thank you. Boon Yiang <chuaby@hotmail.com> wrote in message news:1163054555.876620.143560@h54g2000cwb.googlegroups.com... > Hi > > i have read about the user level security in MS access. But i would > like to find out how it is possible to secure a database application. I > have a leave (or vacation) record system. > > My data is in DB1.MDB and the rest of the objects reside in DB2.MDB. I > would like to use WinXP login ID to determine the user and use this to > make sure the staff is allowed to update / request his own record and > not others. I am able to determine the user ID in the VBScript. But i > do not know how can i enforce it. The only purpose is to retain WinXP > userid and to give user specific privilege to update th...

Security Issue
I have a created a secured database by following the security faq on the Microsoft website. I am opening my secured database logged in as one of the users that I created using a new mdw that does not contain the Admin user in the Admins group. Now I am closing this secured database but not quitting ACCESS. At this point, I am using the File menu to open another secured database (that uses a different mdw) and gain "full" control over its object!!! I am using ACCESS 2000. Is this normal behaviour? If this is not the desired behaviour how can I prevent it from happening? Is the o...

MS Access Security Troubleshooting Guide
Existing Access Database Troubleshooting I am new to access database and inherited an access application and all users who were previously able to use this access file simulataneously are now locked out exclusively . Some have not been able to get on at all. Obviously, this is the problem, and as far as I know, no changes have been made to access backend or front end. I have no historical data as to whether or not the access db was secured previously,..) This access db is on a network share, and i have no knowledge if it's verifying against a .mdw file on the network or on a computer somewhere on a network. How would one determine where the access database looks to to verify if a users are in a certain workgroup? I've gone through most of the menu options on the access database and couldn't find one that would show me where it references for it's workgroup information model it uses. If I were to recreate a new workgroup information file with this accesss dataabase, should I be concerned about overriding any other configuration that access may reference from a previously created file (if one existed, and if somehow, it's referencing an existing file..? or would this corrupt the access database.. ?) I have downloaded the FAQ Security Access and reading through it to understand what I need to do to recreate a workgroup file. However, I do not know what to anticipate breaking if I recreated one, ... and just wanted to see if any thoughts could be shared on...

Access database table security
I need to deliver an Access accdb, tables for viewing data only, no front end. Is it possible to make the tables read-only so the user can only look at data but not edit? On Friday, March 15, 2013 10:22:16 AM UTC-5, bededo...@gmail.com wrote: > I need to deliver an Access accdb, tables for viewing data only, no front end. Is it possible to make the tables read-only so the user can only look at data but not edit? Send it as a PDF, lock it down, is an option. Maybe export to Excel and lock it down. Have it installed in an ReadOnly folder. Have your users open the database using a desktop icon with the command line setting it to read only On Friday, March 15, 2013 10:59:48 AM UTC-5, Patrick Finucane wrote: > On Friday, March 15, 2013 10:22:16 AM UTC-5, bededo...@gmail.com wrote: >=20 > > I need to deliver an Access accdb, tables for viewing data only, no fro= nt end. Is it possible to make the tables read-only so the user can only lo= ok at data but not edit? >=20 >=20 >=20 > Send it as a PDF, lock it down, is an option. Maybe export to Excel and = lock it down. Have it installed in an ReadOnly folder. Have your users op= en the database using a desktop icon with the command line setting it to re= ad only Thank you. I was afraid of as much. I know we can do tricks through a UI = to make data seem secure, but that does not help me in this case. The end = user will need to look at the data and query the data. We just do...

Web resources about - Security Wizard but Not Secure - comp.databases.ms-access

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Committee on National Security Systems - Wikipedia, the free encyclopedia
The National Security Telecommunications and Information Systems Security Committee (NSTISSC) was established under National Security Directive ...

Apple hires former Microsoft, Amazon executive to head corporate security
... executive to oversee its corporate digital defenses, according to Reuters . George Stathakopoulos was vice president of information security ...

Nexus Devices getting a Second March 2016 Security Update
When it comes to security updates, once a month is usually pretty outstanding. Especially when it comes to comparing Nexus or unlocked devices ...

Apple’s top security expert to testify in court this Tuesday
Next Monday, Apple will once take command of the tech news cycle when it introduces a range of new hardware , including a brand new 4-inch iPhone ...

Ted Cruz Announces National Security Team, Including Frank Gaffney, Michael Ledeen, Elliott Abrams
Senator Ted Cruz (R-TX) announced his team of national security advisers on Thursday. The group includes a wide range of views, especially on ...

Only 1 woman on UN Security Council _ from the United States
... — The number of women diplomats at the United Nations has always been low and for the last 70 years only a few have gotten seats on the Security ...

Q&A: Symantec CEO On Split, New Security-Focused Channel Vision And Apple Vs. FBI *
Symantec has had a busy year, completing its split, landing a massive strategic investment, and continuing to roll out new products and partner ...

Resources last updated: 3/21/2016 3:53:58 AM