Still able to link to a secured DB

Re: Still able to link to a secured DB


"KathyK" <kathy.kashmaie r@nike.com> wrote in message
news:dfb209f0.0 310271505.7562d 06e@posting.goo gle.com...[color=blue]
> Hi and Thanks in advance!
>
> I am able to link to a MSAccess 2000 db that I secured. I have removed
> all permissions from the Admin user and actually the whole users group
> and admins group. I changed the database owner to a user I call owner.
> But, I can still link to this db from an unsecured database. Can you
> think of anything else to check?
>
> Thanks,
> Kathy[/color]

If you can get access from an unsecured database/workgroup (where you
are automatically logged on as the default user 'admin') it means that
'admin' has still got too many permissions. This comes about as all
'admin' accounts are identical regardless of database or workgroup.

Probably 'admin' is still a members of 'admins' in your new workgroup
file (you did create a new workgroup file didn't you?) and thus inherits
its permissions. You cannot remove implicit permissions from 'admins',
you must therefore be careful who is allowed to be a member of it, start
with the minimum, ie only your owner account. Also check that 'admin'
and 'users' have no permissions to the database itself as well the
objects in it. All accounts are members of 'users' so its permissions
are also critical.

If you still cannot see the problem get the security FAQ from M$ and
follow the recipe there carefully.

David

Re: Still able to link to a secured DB

I did create a new workgroup file. I created my own DBAdmin group and
only those people have all rights. I removed all rights from the admin
group and the user group and removed the admin user from the admin
group. The admin user is not a member of any group but the user group.
I changed the ownership of the database and all abjects.
I'm still stumped! I'm going to get the Faq, but any other thouyghts
would be helpful!
Kathy
"David Hare-Scott" <private@nowher e.com> wrote in message news:<RXhnb.167 610$bo1.26489@n ews-server.bigpond. net.au>...[color=blue]
> "KathyK" <kathy.kashmaie r@nike.com> wrote in message
> news:dfb209f0.0 310271505.7562d 06e@posting.goo gle.com...[color=green]
> > Hi and Thanks in advance!
> >
> > I am able to link to a MSAccess 2000 db that I secured. I have removed
> > all permissions from the Admin user and actually the whole users group
> > and admins group. I changed the database owner to a user I call owner.
> > But, I can still link to this db from an unsecured database. Can you
> > think of anything else to check?
> >
> > Thanks,
> > Kathy[/color]
>
> If you can get access from an unsecured database/workgroup (where you
> are automatically logged on as the default user 'admin') it means that
> 'admin' has still got too many permissions. This comes about as all
> 'admin' accounts are identical regardless of database or workgroup.
>
> Probably 'admin' is still a members of 'admins' in your new workgroup
> file (you did create a new workgroup file didn't you?) and thus inherits
> its permissions. You cannot remove implicit permissions from 'admins',
> you must therefore be careful who is allowed to be a member of it, start
> with the minimum, ie only your owner account. Also check that 'admin'
> and 'users' have no permissions to the database itself as well the
> objects in it. All accounts are members of 'users' so its permissions
> are also critical.
>
> If you still cannot see the problem get the security FAQ from M$ and
> follow the recipe there carefully.
>
> David[/color]

Re: Still able to link to a secured DB

How are you logging onto the workgroup? Is it being done by setting your
new workgroup as the default workgroup (using the workgroup administrator)
or using the Access command line switches?

Also did you secure the database using the user level security wizard?

Sorry to ask about things that you've probably already thought of but Jet
Security is rather like taming a wild bear - dangerous and messy while
learning but of immense satisfaction once you've got it cracked!

"KathyK" <kathy.kashmaie r@nike.com> wrote in message
news:dfb209f0.0 310280746.7d3a6 e91@posting.goo gle.com...[color=blue]
> I did create a new workgroup file. I created my own DBAdmin group and
> only those people have all rights. I removed all rights from the admin
> group and the user group and removed the admin user from the admin
> group. The admin user is not a member of any group but the user group.
> I changed the ownership of the database and all abjects.
> I'm still stumped! I'm going to get the Faq, but any other thouyghts
> would be helpful!
> Kathy
> "David Hare-Scott" <private@nowher e.com> wrote in message[/color]
news:<RXhnb.167 610$bo1.26489@n ews-server.bigpond. net.au>...[color=blue][color=green]
> > "KathyK" <kathy.kashmaie r@nike.com> wrote in message
> > news:dfb209f0.0 310271505.7562d 06e@posting.goo gle.com...[color=darkred]
> > > Hi and Thanks in advance!
> > >
> > > I am able to link to a MSAccess 2000 db that I secured. I have removed
> > > all permissions from the Admin user and actually the whole users group
> > > and admins group. I changed the database owner to a user I call owner.
> > > But, I can still link to this db from an unsecured database. Can you
> > > think of anything else to check?
> > >
> > > Thanks,
> > > Kathy[/color]
> >
> > If you can get access from an unsecured database/workgroup (where you
> > are automatically logged on as the default user 'admin') it means that
> > 'admin' has still got too many permissions. This comes about as all
> > 'admin' accounts are identical regardless of database or workgroup.
> >
> > Probably 'admin' is still a members of 'admins' in your new workgroup
> > file (you did create a new workgroup file didn't you?) and thus inherits
> > its permissions. You cannot remove implicit permissions from 'admins',
> > you must therefore be careful who is allowed to be a member of it, start
> > with the minimum, ie only your owner account. Also check that 'admin'
> > and 'users' have no permissions to the database itself as well the
> > objects in it. All accounts are members of 'users' so its permissions
> > are also critical.
> >
> > If you still cannot see the problem get the security FAQ from M$ and
> > follow the recipe there carefully.
> >
> > David[/color][/color]

Re: Still able to link to a secured DB


"Ben Eaton" <benjamin_eaton @hotmail.com> wrote in message
news:bnm4eg$5cb $1@news.wplus.n et...[color=blue]
> How are you logging onto the workgroup? Is it being done by setting[/color]
your[color=blue]
> new workgroup as the default workgroup (using the workgroup[/color]
administrator)[color=blue]
> or using the Access command line switches?
>
> Also did you secure the database using the user level security wizard?
>
> Sorry to ask about things that you've probably already thought of but[/color]
Jet[color=blue]
> Security is rather like taming a wild bear - dangerous and messy while
> learning but of immense satisfaction once you've got it cracked!
>[/color]

If the mdb is properly secured the result of attempting to open it using
the incorrect workgroup should be no access. If the custom groups and
accounts are visible then the correct workgroup ust be in use.

David

Re: Still able to link to a secured DB


"KathyK" <kathy.kashmaie r@nike.com> wrote in message
news:dfb209f0.0 310280746.7d3a6 e91@posting.goo gle.com...[color=blue]
> I did create a new workgroup file. I created my own DBAdmin group and
> only those people have all rights. I removed all rights from the admin
> group and the user group and removed the admin user from the admin
> group. The admin user is not a member of any group but the user group.
> I changed the ownership of the database and all abjects.
> I'm still stumped! I'm going to get the Faq, but any other thouyghts
> would be helpful!
> Kathy[/color]



You have missed something, one of the steps that you think you has done
has not in fact been done.

Try this test. Attempt to open the MDB using your custom workgroup and
logon as 'admin', you should have its password as you must give it one
to invoke the logon process. You should not be able to open it. If you
can then that account has permision to do so either explicitly or
implicitly though membership of a group that has permission. Go though
these things again as you have missed something. If all else fails
follow the FAQ recipe.


David

Re: Still able to link to a secured DB

If you are logging into a workgroup that has permissions to use those
tables, then you can most certainly link to those tables from another
database.

If you are able to link to the database when logged into a different
workgroup, then you have a problem.

However, if you have given a user access to the tables, and they are logged
intot he correct workgroup, then then they will be able to link to them. You
can prevent this, but it is certanly a bit of work. (you will have to read
the secirty FAQ).


--
Albert D. Kallal (MVP)
Edmonton, Alberta Canada
NoooSPAmkallal@ msn.com