Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Protecting Access database files using NTFS permission

Posted on 2006-06-27
8
Medium Priority
?
872 Views
Last Modified: 2008-01-09
I'm looking to protect an Access database using OS-based file permissions rather than placing the data into an SQL server.

I have split my Access application in two parts: program code MDB and database tables MDB.  Can I place the database MDB onto a Windows Server folder and restrict the ability to delete the file?

If so, what file permissions should I apply?

If not, what do you recommend?
0
Comment
Question by:ebrodeur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
8 Comments
 
LVL 65

Expert Comment

by:rockiroads
ID: 17000358
What about sharing?

What if u placed the file in a folder then shared that folder?
I believe in Windows, u can specify what users have access to that share

U can also set on folders and/or files

You can assign multiple permissions to a user account by assigning permissions for a resource to an individual user account and to each group of which the user is a member.

A user's effective permissions for a resource are the sum of the NTFS permissions that you assign to the individual user account and to all of the groups to which the user belongs. If a user has Read permission for a folder and is a member of a group with Write permission for the same folder, the user has both Read and Write permission for that folder.

By default, permissions that you assign to the parent folder are inherited by and propagated to the subfolders and files that are contained in the parent folder

Files and subfolders can inherit permissions from their parent folder. Whatever permissions you assign to the parent folder can also apply to subfolders and files that are contained within the parent folder, depending on the inheritance option set for a given object. When you assign NTFS permissions to give access to a folder, you assign permissions for the folder and for any existing files and sub folders, as well as any new files and subfolders that are created in the folder.

You can prevent permissions that are assigned to a parent folder from being inherited by subfolders and files that are contained within the folder by setting an inheritance option set for a given object. That is, the subfolders and files will not inherit permissions that have been assigned to the parent folder containing them.

If you prevent permissions inheritance for a folder, that folder becomes the top parent folder. Permissions assigned to this folder will be inherited by the subfolders and files that it contains.


NTFS Folder Permissions
-----------------------------

Full Control
 Change permissions, take ownership, and delete subfolders and files, plus perform actions permitted by all other NTFS folder permissions
 
Modify
 Delete the folder plus perform actions permitted by the Write permission and the Read & Execute permission
 
Read & Execute
 Move through folders to reach other files and folders, even if the users do not have permission for those folders, and perform actions permitted by the Read permission and the List Folder Contents permission
 
List Folder Contents
 See the names of files and subfolders in the folder
 
Read
 See files and subfolders in the folder and view folder ownership, permissions, and attributes (such as Read-only, Hidden, Archive, and System)
 
Write
 Create new files and subfolders within the folder, change folder attributes, and view folder ownership and permissions
 

NTFS File Permissions
-------------------------

Full Control
 Change permissions and take ownership, plus perform the actions permitted by all other NTFS file permissions
 
Modify
 Modify and delete the file plus perform the actions permitted by the Write permission and the Read & Execute permission
 
Read & Execute
 Run applications plus perform the actions permitted by the Read permission
 
Read
 Read the file, and view file attributes, ownership, and permissions
 
Write
 Overwrite the file, change file attributes, and view file ownership and permissions
 



 
This talks about a webserver - its just for tips http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/986fda49-1e9f-4320-8fbb-81c9685fd58b.mspx?mfr=true

0
 
LVL 65

Expert Comment

by:rockiroads
ID: 17000414
0
 

Author Comment

by:ebrodeur
ID: 17011121
I understand how to apply NTFS permissions.

What I want to accomplish is allowing the user to Write to the folder containing the MDB but not Delete it.  I doubt Access will work properly without Modify (read/write/delete) permissions.

Before I spent any time trying it I thought I'd ask the community and see what responses came back.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:ebrodeur
ID: 17012257
On a whim I researched LDB files and found an EE topic which referrs to MS KB article 136128, "ACC: Introduction to .ldb Files (95/97)".  The bottom of the article states:

Required Folder Permissions
If you plan to share a database, the .mdb file should be located in a folder where users have read, write, create, and delete (or full control) permissions. Even if you want users to have different file permissions (for example, some read-only and some read-write), all users sharing a database must have read, write, and create permissions to the folder. You can, however, assign read-only permissions to the .mdb file for individual users while still allowing full permissions to the folder.

I performed the above steps and it does exactly what I need.  I applied Modify permissions to the folder and Read/Execute/Write permissions to the MDB files.  This allows Access the freedom to manage LDB files while disallowing users from deleting the MDB files.

This question can be closed and points refunded.
0
 
LVL 65

Expert Comment

by:rockiroads
ID: 17041637
Can u post a question in community support to close this down
0
 
LVL 65

Expert Comment

by:rockiroads
ID: 17067249
No objections from me
0
 
LVL 5

Accepted Solution

by:
Netminder earned 0 total points
ID: 17105763
Closed, 250 points refunded.
Netminder
Site Admin
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Access custom database properties are useful for storing miscellaneous bits of information in a format that persists through database closing and reopening.  This article shows how to create and use them.
Explore the ways to Unlock VBA Project Password Excel 2010 & 2013 documents. Go through the article and perform the steps carefully to remove VBA Excel .xls file.
With Microsoft Access, learn how to start a database in different ways and produce different start-up actions allowing you to use a single database to perform multiple tasks. Specify a start-up form through options: Specify an Autoexec macro: Us…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question