Solved

Securing .mdb and .mdw Files On A Network Share Location

Posted on 2009-05-14
5
614 Views
Last Modified: 2013-12-04
We have user-level security setup on our frontend and backend .mdb files.

However, the backend is located on a network share location so all users can link to the database when they start their local copy of the frontend (which they also copy from a network location).

I want to know:

1) Is their is anything more I can do to stop users copying / deleting / moving the frontend and backend .mdb and .mdw files?

2) If so, what permissions would I need to set on the server?


I'm just getting 2nd opinion as in the book I've been reading, "Alison Balter's Mastering Microsoft Office Access 2003 by Alison Aalter, p.53) it says:

"An additional weakness is that the network share where the Access .mdb and .mdw files are located also needs to have read, write, and delete permissions, which means you can't prevent users from deleting or copying the .mdb and .mdw files. The only alternative is to create an n-tier application where the middle-tier objects alone have access to the physical files. However, this means that you need to write the application "unbound," since the users will no longer be directly connected to the database. When you get to that point, you'll probably be considering SQL Server or another database platform that is capable of scaling to support more users and larger volumes of data."

0
Comment
Question by:CuriousOne1
  • 3
  • 2
5 Comments
 
LVL 84

Accepted Solution

by:
Scott McDaniel (Microsoft Access MVP - EE MVE ) earned 500 total points
ID: 24391379
No. As the book said, users must have read, write and delete permissions on that folder, which means any user who has permissions to access the database will also have permissions to copy the files in that folder. You could architect an app in the manner the book describes, but you're looking at a lot of work, and if you're going to do this, you'll be a lot better off moving to a true server database.

You can name the database with a non-standard name (like gwpdxg.ocx or something), and name the files and such something that would be non-ituitive. That's about as far as you can really go.
0
 

Author Comment

by:CuriousOne1
ID: 24391460
Okay, I guess the contingency plan will be to maintain periodic backups.

- Data .mdb file is backed up every hour for a week (auto when user starts the application - if not already backed up for the present hour).

- workgroup file is backed up monthly

- frontend files are backed up monthly and after each upgrade.

- data file backup up monthly also.

What about securing the backup folder then?

I'm just thinking, the application automatically copies the data .mdb file to the the backup folder location, so if I was to secure it, I'd still need copy permissions for users.
0
 
LVL 84

Assisted Solution

by:Scott McDaniel (Microsoft Access MVP - EE MVE )
Scott McDaniel (Microsoft Access MVP - EE MVE ) earned 500 total points
ID: 24391479
Yes, if your app automatically does this, then users would need at least write permissions on that folder (and probably others as well).
0
 

Author Comment

by:CuriousOne1
ID: 24391512
So the network folder needs the following permissions because:

- read: to allow users to read the data in the backend .mdb file?
- write: to allow users to write to the data .mdb file?
- delete: to allow JET to auto delete the locking file created when a users connects to the data .mdb file?
0
 

Author Comment

by:CuriousOne1
ID: 24392234
Thanks LSM, I'll assume I've got it right.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
OfficeMate Freezes on login or does not load after login credentials are input.
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now