|
Question : SystemDB and MDW questions
|
|
I have a question regarding to the MDW file. The default of system.mdw is store in "c:\windows\system" directory. And in the RegistryEditor "\HKEY_LOCAL_MACHINES\Software\Microsoft\Jet\3.5\Engines" I can found out where the MDW file located. My question is:
Is that a way by using VBA to change the location of the MDW file to the Network directory whenever users run the MDB file from Network ? So, that I don't have to go to each user's machine to Join the MDW file from Network. What I did is that I write the VBA code:
DBEngine.SystemDB = "\\Network\database\db.mdw"
and then put it in Autoexec macros, but it seems won't change the location of MDW whenever the MDB file opened. Is that a way to do it or any problem with the VBA code. Thank you very much.
|
|
Answer : SystemDB and MDW questions
|
|
I guess I'm like blakeh1 at this point in time. Exactly what are you trying to do or protect?
Passwords are primarily used to allow ingress into Access. Once in Access the user has the permissions assigned to that passworded user id. Else all users are actually logged in as Admin and have all rights that the Admin user have.
There is some good information in the help files of Access which talk about WorkGroups and Passwords. Every time that I pass on a segment of those files to a member on EE, there will be someone fuzzing that I shouldn't have done that. So I can't win and you have to go look the information up.
The best thing that I can say is password security is not very good. If the information or the files are very sensitive, you are better off with user level security, which is what I was referring to in my first comment. You won't have to deal with any user MDW's as any user can use their own and still have access to the database. However, you can decide what level access they have depending on the security you set up.
Since the users are on a network, I'd let the network security decide who can have access to the database. They are already required to login with a username and password into the network so that is the first step. Inside the network, you can restrict any directory or file to certain users or user groups.
Before I can advise you further, you need to decide what you want the users to be able to see. With the MDW, you were only restricting which users could open Access with that workgroup setup.
To give you some suggestions: we have our database split into serveral databases. Programs (modules, forms, queries, etc.) have read permission for modules and no administration permisssions for anything. Queries are all with owner access. Data has no read permissions for anyone except the owner and we have disabled Shift entry into the db. When someone tries to enter directly, we warn them and kick them out. We also have some other databases like Reports - the canned reports are read only, the queries are read only, however a user can create their own reports using the canned ones as templates and can access any data via queries for read only.
The key to this whole scenario is making all queries With Owner Access and allowing no access to the tables except through these queries.
We go through quite a lot of security setups before the DB is released and the time element is from 2 to 4 hours to put a development DB into production. It may be worth while for you to set your system up like this but the first time through can be quite time consuming until you get it the way that you like it. We spent several thousands of dollars in security consulting fees to get ours the way that it is, but I don't have to fear anyone hacking into our MDW (it is an Access database, you know) and jeopardizing our security. I don't care if people can see the query design or not. They can't change it, nor can they see or change Forms, Macros, Reports, or Modules.
What more can I tell you?
Jim
|
|
|
|