Learn Microsoft Access Advanced Programming Techniques, Tips and Tricks.

Users Group and Permissions


Making a Database Truly Secure

When you create a new Workgroup Information File, as part of the Microsoft Access Security implementation, it is important that the following two steps you follow immediately after creating the new Workgroup Information File (.mdw) file on priority basis:

  1. Create a new Administrator UserID (say myAdmin or whatever name you like) for you and join yourself as a member of the Admins Group Account.
  2. Remove the default Admin User Account from the Admins Group. If this is not done then your database is not secured and anybody can open and use it when MS-Office Software is re-installed.

From now on you must use the new UserID myAdmin to login as Administrator of the Databases that uses this new common Workgroup Information File.

One more thing, the databases that you create after login with the new User Name myAdmin, this User Account will be the Owner of those Databases and other Objects within it.

Remember the Owner of the Database has full authority on all Objects including Administrative Authority (like a member of the Admins Group) to assign permissions to Database Objects and to transfer Ownership of Objects to other Users as well. When the ownership of a particular Object is given to an ordinary User, he has full authority on that object to Run, Modify or Delete that object.

Assign Object-wise Access Rights to User-Group.

You must implement Object-wise access rights to User Groups before you install your Project for public use. This is done manually from Tools - ->Security - ->User and Group Permissions . . .

This procedure also has a first priority step, like the above two steps I have mentioned about the Workgroup Information File. That is to remove All Permissions of all Objects for the Users Group Account. Without this step whatever permission settings you assign to the Objects (Forms, Report and so on) will have no effect and Users will have full authority for Design Changes or whatever they want to do with them.

This is done manually and takes some time to go through all groups of Objects to remove all permissions of Users Group Account. Since, this step is required for all new Projects I thought it is better to automate it and here it is for you to try it out. This program is written purely on my own experience with the VBA based procedures and you may use it at your own risk

Automated Removal of Object-level Permissions.

  1. Copy and paste the following Program into a Standard Module and save it.
    Public Function DefaultUsersGrp(ByVal DatabasePathName As String) As Boolean
    'Author : a.p.r. pillai
    'Date     : March-2010
    'Purpose: Remove All Permissions from Users Group Security Account
    'All Rights Reserved by www.msaccesstips.com
    Dim wsp As Workspace, db As Database, ctr As Container
    Dim GroupName As String, doc As Document
    Dim L4 As String
    Const DB_FULLNO = &H60000
    Const OBJS_FULLNO = &H2FE01
    'Remove All Permissions on Containers & documents
    'for USERS Group
    On Error GoTo DefaultUsersGrp_Err
    Set wsp = DBEngine.Workspaces(0)
    Set db = wsp.OpenDatabase(DatabasePathName)
    GroupName = "Users"
    Set ctr = db.Containers("Databases")
    Set doc = ctr.Documents("MSysDb")
    doc.UserName = GroupNamedoc.Permissions = DB_FULLNO
    Set ctr = db.Containers("Tables")
    GoSub SetPermission
    Set ctr = db.Containers("Forms")
    GoSub SetPermission
    Set ctr = db.Containers("Reports")
    GoSub SetPermission
    Set ctr = db.Containers("Scripts")
    GoSub SetPermission
    Set ctr = db.Containers("Modules")
    GoSub SetPermission
    DefaultUsers_Grp = False
       Set db = Nothing
       Set wsp = Nothing
    Exit Function
    For Each doc In ctr.Documents
        doc.UserName = GroupName
        If ctr.Name = "Tables" Then
            L4 = Left$(docName, 4)
            If L4 = "MSys" Or L4 = "~sq_" Then
              GoTo nextloopxxx
            End If
        End If
        doc.Permissions = OBJS_FULLNO
    MsgBox Err & ": " & Err.Description
    DefaultUsersGrp = True
    Resume DefaultUsersGrp_Exit
    End Function

    Points to Note.

  2. Remember this Program is run for an external Database that you would like to remove All Permissions of all Objects for the Users Group Account.
  3. Before you run this Program, open the Database that you are targeting and check the current permission settings of all Objects for the Users Group Account. Try the program on a copy of the original Database you are targeting.
  4. Open the Database with the above Code, if you have closed it.
  5. Press Alt+F11 to display the VBA Editing Window and press Ctrl+G to display the Debug Window.
  6. Type the following and press Enter Key:

    DefaultUsersGrp "C:\My Documents\myTest.mdb"

  7. Replace the database Pathname in quotes with your own database name.

    You may run the Program from a Command Button Click Event Procedure from a Form.

  8. Open your Test Database and check the current status of the permissions settings of Users Group Account. The check marks from all the permission options you will find disappeared.

No comments:

Post a Comment

Comments subject to moderation before publishing.


Subscribe in a reader
Your email address:

Delivered by FeedBurner


Popular Posts

Blog Archive

Powered by Blogger.

Follow by Email


Forms Functions How Tos MS-Access Security Reports Class Module msaccess forms Animations msaccess animation Utilities msaccess controls Access and Internet MS-Access Scurity MS-Access and Internet Array External Links Queries msaccess reports Downloads msaccess tips Accesstips Objects Collection Object Property Event Menus and Toolbars Controls MsaccessLinks Process Controls WithEvents Art Work VBA msaccess How Tos Combo Boxes Dictionary Object Graph Charts List Boxes Query msaccessQuery Calculation Command Buttons Form Report Command Button Data Emails and Alerts RaiseEvent Custom Functions Custom Wizards DOS Commands Data Type Object Reference ms-access functions msaccess functions msaccess graphs msaccess reporttricks Item Key msaccessprocess security advanced Access Security Add Auto-Number Field Type Fields Form Instances Macros Menus Recordset SubForm Top Values Variables msaccess email msaccess menus progressmeter Access2007 Copy Excel Expression Join Methods Microsoft Numbering System Records Security Split Table Time Difference Utility Workgroup Wrapper Classes database function ms-access msaccess wizards reference text tutorial vba code Access Emails and Alerts Access Fields Access How Tos Access Mail Merge Access2003 Accounting Year Action Animation Attachment Binary Numbers Bookmarks Budgeting ChDir Color Palette Conditional Formatting Data Filtering Database Records Defining Pages Diagram Disk Dynamic Lookup Error Handler Export External Filter Formatting Groups Hexadecimal Numbers Import Labels List Logo Macro Mail Merge Main Form Memo Monitoring Octal Numbers Operating System Paste Primary-Key Product Rank Reading Remove Rich Text Sequence SetFocus Summary Tab-Page Tables Union Query User Users Water-Mark Word automatically commands hyperlinks iSeries Date iif msaccess msaccess alerts pdf files restore switch toolbar updating upload