 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
MS Access Forum / Security / August 2007More ULS Problems
Ladies and Gentlemen: I’m having a problem with ULS similar to the one discussed in one of the blows below (ULS Flaw?). I’m running MS Access 2003 on Windows XP. I’ve already created all the groups and users, and have assigned all the permissions; all under a new workgroup. Lastly I ran the ULS Wizard which created the .bak file and gave me the nice summery report at the end. I checked the ownerships, to include that of the database itself, and none of the objects are owned my Admin. That said, I can still sign in to a different workgroup (i.e. the original system.mdw file) and can access the file without any challenge. Did I miss a step in securing the file? Is there a way to verify that the file is actually secured? Please help. A-Mart >Ladies and Gentlemen: > [quoted text clipped - 10 lines] >step in securing the file? Is there a way to verify that the file is >actually secured? Please help. Yes, you obviously missed a step, since with a correctly secured database you would not be able to log in with a different workgoup. I suggest using the .bak file (which is basically your original file) and trying this again, expect using either (a) the Security wizard to do the entire security process or (b) doing the entire process yourself by following Joan Wild's process: http://www.jmwild.com/Accesssecurity.htm (see the step by step instructions). Don't forget to make a copy of your file first, just in case. Scott McDaniel scott@takemeout_infotrakker.com www.infotrakker.com At this stage, you should be able to logon as (say)(a user who you say should not have permissions)(or any other way probably), and go through the User and Group permissions and FIND OUT which user or group has such permissions when they should not have. Starting with Database Permissions and going through other objects as well. One of the criticisms of Security Wizard, apart from potential bugs in the wizard vs ULS (which may or may not be true), is that it shields you from a full understanding of ULS. I believe, in the longer term, you MUST be capable of going through the users and groups, and many objects of course, to see where an errant permission lies. One school of thought, is that "wizards" just try to hide this understanding from you! The obvious thing, is that NO permissions should be assigned to any standard user or group supplied in a default Access program. I agree that some "step" must have been missed. And that the SecFAQ seems to list the Sec Wizard as a step. But I do not agree that the Wizard should be used at all!!! (for evidence, your own post) HTH Chris (I have never used the security wizard, probably because I didn't know about it when I started!) (for a free alternate security analyser, same info as in-built but arguably more presentable, see this tool -which is nothing to do with me- : http://www.grahamwideman.com/gw/tech/access/permexpl/index.htm ) (closing bracket) > Ladies and Gentlemen: > [quoted text clipped - 12 lines] > > A-Mart I really hate to keep pestering, but, after printing out the step-by-step instructions and doing exactly what they said, I can still open the “secure” file by joining the default workgroup (system.mdw). The shortcut works fine since it automatically joins you to the right workgroup, but opening the root file is another story. The step-by-step instructions suggested that I shouldn’t be able to open that file at all, but that’s not the case. What did I miss? Thanks for the prompt response, btw. A-Mart > At this stage, you should be able to logon as (say)(a user who you say should > not have permissions)(or any other way probably), and go through the User and [quoted text clipped - 45 lines] > > > > A-Mart > I really hate to keep pestering, but, after printing out the > step-by-step instructions and doing exactly what they said, I can [quoted text clipped - 4 lines] > able to open that file at all, but that's not the case. What did I > miss? Thanks for the prompt response, btw. There's a very simple concept that expalins that. When you open a file with a workgroup that does not require a login, then you are doing so as the user 'Admin', member of the group 'Users'. In a properly secured file neither of those entities should have any permissions or own any of the objects (including the database object). If you can open your file with a workgroup that does not prompt you to log in then either 'Admin' or 'Users' has some permissions or owns the database. There can be no other explanation.  SignatureRick Brandt, Microsoft Access MVP Email (as appropriate) to... RBrandt at Hunter dot com I finally got it to work (had to do the whole thing over again). I read in one of the earlier blogs that there is a way to do this without using the ULS Wizard. I've never had good experience with MS Wizards, and I avoid them like the plague. I'd rather learn how to do it manually if at all possible. Again, thanks for all the help and advise! A-Mart > > I really hate to keep pestering, but, after printing out the > > step-by-step instructions and doing exactly what they said, I can [quoted text clipped - 15 lines] > then either 'Admin' or 'Users' has some permissions or owns the database. There > can be no other explanation. This suggests there may be a bug with the Wizard. But I wouldn't know, since (as stated) I have never used the wizard. If there IS a bug with the wizard then: a) it is bad that MS hasn't fixed it? b) it is bad that it's a listed step in the SecFAQ last time I checked (cant be bothered right now) From my brief reading of the previous thread "ULS Flaw?" (until it exited-right off my screen due to it's length), I got the impression that it sounded like a WIZARD BUG (???) This sort of stuff, Bugs in Wizards, IF true, surely newbies could do without? Especially since wizards are hopefully there specifically to assist newbies? Oh I give up, I'm getting myself into a circular loop... ;-) Chris > I finally got it to work (had to do the whole thing over again). I read in > one of the earlier blogs that there is a way to do this without using the ULS [quoted text clipped - 3 lines] > > A-Mart > Ladies and Gentlemen: > [quoted text clipped - 14 lines] > > A-Mart |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.