Re: RWOP queries for back-end secuirty: easy/hard? slow/fast?

google@xxxxxxxxxxxxxx wrote in
news:1139625226.566539.156630@xxxxxxxxxxxxxxxxxxxxxxxxxxxx:

"I know nothing about this latter capability. Where are you
getting that information from?"

See my link in the same post. It was something Joan Wild stated,
but I've seen it elsewhere too. I just don't know how to do it,
as I thought a workgroup file only kept track of users/groups, not
pemissions.

The URL did not take me to the article in question, but to the
thread. I didn't feel like wading through it to find out what you
were talking about.

I've done so now, and see no basis for Joan's comment. I have a lot
of respect for Joan's expertise, but I have no idea how to set up an
MDW file in a way that prohibits the creation of new databases.
Indeed, my understanding of Jet security (perhaps imperfect) would
lead me to believe that it's not possible, as the MDW includes only
the account and group information, and none of the actual
permissions, which are all stored in particular MDB files. If the
user creates a new MDB (which cannot be prevented in an MDW), then
they are the owner of it and have full permission on all of its
objects.

All that said, I think you're off on a red herring, in any case. The
ability to create a new database does not give someone the ability
to import data they've got no permissions on. They could perhaps
link to those tables, but still not be able to see anything, unless
they are using software to crack Jet user-level security. If you're
willing to accept that (which I consider reasonable, as any security
system is crackable by someone with the interest and the time), then
I think you should stop worrying about this side issue.

Now, of course, if someone can explain how Joan's comment is
correct, then that's a different issue entirely.

--
David W. Fenton http://www.dfenton.com/
usenet at dfenton dot com http://www.dfenton.com/DFA/
.

Relevant Pages

  • Re: Administrator cant add users
    ... The Users Group is common to all mdw files, so normally doesn't have any permissions. ... It sounds as though someone just went in and started added usernames to the standard mdw that ships with Access. ... Are there any other Groups and/or Users when you look at Tools, Security, Accounts? ... If you start Access and create a new mdb, can you then use File, Get External Data and import all the objects from your mdb? ...
    (microsoft.public.access.security)
  • New to security have questions before plunging
    ... Ok I am very new to setting up security so please bear with me. ... When I create a MDW is there ever a possiblity when they open this then ... permissions, then have them place that in the same folder as the BE. ... Should I make 2 or 3 groups and each group have a separated password? ...
    (microsoft.public.access.security)
  • Re: Secured Database works exactly right on one computer, but on another not quite r
    ... It sounds as though you tinkered with permissions after running the wizard ... I assume you're talking permissions in the security...no, ... You can check this in Tools, security, permissions. ... Sounds like you might be using a different mdw file on the problem machine. ...
    (microsoft.public.access.security)
  • remove security from mdb
    ... how to remove security from an mdb? ... MDW is available, but no permissions. ...
    (microsoft.public.access.gettingstarted)
  • RE: What server hardening are you doing these days?
    ... permissions on their data, and Microsoft encourages ISVs to minimize ... I've been able to discuss ACLs and other security issues in Windows with ... Control or DAC (which is what you're referring to by the "stupid ...
    (Focus-Microsoft)
Loading