When you create a new
Workgroup Information File, as part of the
Microsoft Access Security implementation, it is important that the following two steps you follow immediately after creating the new Workgroup Information File (
.mdw) file on priority basis:
- Create a new Administrator UserID (say myAdmin or whatever name you like) for you and join yourself as a member of the Admins Group Account.
- Remove the default Admin User Account from the Admins Group. If this is not done then your database is not secured and anybody can open and use it when MS-Office Software is re-installed.
From now on you must use the new UserID
myAdmin to login as Administrator of the Databases that uses this new common Workgroup Information File.
One more thing, the databases that you create after login with the new User Name
myAdmin, this User Account will be the
Owner of those Databases and other Objects within it.
Remember the
Owner of the
Database has full authority on all Objects including Administrative Authority (like a member of the
Admins Group) to assign permissions to Database Objects and to transfer Ownership of Objects to other Users as well. When the ownership of a particular Object is given to an ordinary User, he has full authority on that object to
Run, Modify or
Delete that object.
You must implement Object-wise access rights to
User Groups before you install your Project for public use. This is done manually from
Tools - ->Security - ->User and Group Permissions…This procedure also has a first priority step, like the above two steps I have mentioned about the Workgroup Information File. That is to remove
All Permissions of
all Objects for the
Users Group Account. Without this step whatever permission settings you assign to the Objects (Forms, Report and so on) will have no effect and Users will have full authority for Design Changes or whatever they want to do with them.
This is done manually and takes some time to go through all groups of Objects to remove all permissions of
Users Group Account. Since, this step is required for all new Projects I thought it is better to automate it and here it is for you to try it out. This program is written purely on my own experience with the VBA based procedures and you may use it at your own risk
- Copy and paste the following Program into a Standard Module and save it.
Public Function DefaultUsersGrp(ByVal DatabasePathName As String) As Boolean
'----------------------------------------------------------------------------
'Author : a.p.r. pillai
'Date : March-2010
'Purpose: Remove All Permissions from Users Group Security Account
'All Rights Reserved by www.msaccesstips.com
'----------------------------------------------------------------------------
Dim wsp As Workspace, db As Database, ctr As Container
Dim GroupName As String, doc As Document
Dim L4 As String
Const DB_FULLNO = &H60000
Const OBJS_FULLNO = &H2FE01
'Remove All Permissions on Containers & documents
'for USERS Group
On Error GoTo DefaultUsersGrp_Err
Set wsp = DBEngine.Workspaces(0)
Set db = wsp.OpenDatabase(DatabasePathName)
wsp.Groups.Refresh
GroupName = "Users"
Set ctr = db.Containers("Databases")
Set doc = ctr.Documents("MSysDb")
doc.UserName = GroupName
doc.Permissions = DB_FULLNO
Set ctr = db.Containers("Tables")
GoSub SetPermission
Set ctr = db.Containers("Forms")
GoSub SetPermission
Set ctr = db.Containers("Reports")
GoSub SetPermission
Set ctr = db.Containers("Scripts")
GoSub SetPermission
Set ctr = db.Containers("Modules")
GoSub SetPermission
DefaultUsers_Grp = False
DefaultUsers_Grp_Exit:
Set db = Nothing
Set wsp = Nothing
Exit Function
SetPermission:
For Each doc In ctr.Documents
doc.UserName = GroupName
If ctr.Name = "Tables" Then
L4 = Left$(docName, 4)
If L4 = "MSys" Or L4 = "~sq_" Then
GoTo nextloopxxx
End If
End If
doc.Permissions = OBJS_FULLNO
nextloopxxx:
Next
Return
DefaultUsersGrp_Err:
MsgBox Err & ": " & Err.Description
DefaultUsersGrp = True
Resume DefaultUsersGrp_Exit
End Function
- Remember this Program is run for an external Database that you would like to remove All Permissions of all Objects for the Users Group Account.
- Before you run this Program, open the Database that you are targeting and check the current permission settings of all Objects for the Users Group Account. Try the program on a copy of the original Database you are targeting.
- Open the Database with the above Code, if you have closed it.
- Press Alt+F11 to display the VBA Editing Window and press Ctrl+G to display the Debug Window.
- Type the following and press Enter Key:
DefaultUsersGrp "C:\My Documents\myTest.mdb"
- Replace the database Pathname in quotes with your own database name.
You may run the Program from a Command Button Click Event Procedure from a Form.
- Open your Test Database and check the current status of the permissions settings of Users Group Account. The check marks from all the permission options you will find disappeared.
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.