Fredd
asked on
Access database backend delete prevention
I have an Access application with the backend database in a folder on a shared drive. Users need r/w privileges to this folder to update the database as they do via the front end. The backend database is password protected. How do I prevent a user from simply deleting the database file itself?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Jim ... have you actually tested that ?
Yes, I do it whenever a client wants the DB secure.
The critical item is using the traverse folder only priv and adding a sub folder. With that, they can jump over the folder, but only if they know the full path.
If they try to list the folder, they get nothing. They could do a change directory, but again they would need to know the sub folders name. As long as the sub folder name is something they would never guess, it's safe.
The app however knows the full path, so does not have an issue and they have full rights on the directory where it resides, so everything works fine. The only real problem is not exposing the full path in the app.
As long as you do that, it works very well.
Jim.
The critical item is using the traverse folder only priv and adding a sub folder. With that, they can jump over the folder, but only if they know the full path.
If they try to list the folder, they get nothing. They could do a change directory, but again they would need to know the sub folders name. As long as the sub folder name is something they would never guess, it's safe.
The app however knows the full path, so does not have an issue and they have full rights on the directory where it resides, so everything works fine. The only real problem is not exposing the full path in the app.
As long as you do that, it works very well.
Jim.
cool. Seems the parent folder would need Full Rights also ?
Depends on the structure and what you store where. I usually do:
\MyApp
\Data
\Program
...
Which I then change to:
\MyApp
\Data
\xyz
\Program
....
xyz would have full "normal" rights (read, write, and delete files), Data would have traverse only. DB's would be in xyz.
Above that, users only have read, list, and execute.
Jim.
\MyApp
\Data
\Program
...
Which I then change to:
\MyApp
\Data
\xyz
\Program
....
xyz would have full "normal" rights (read, write, and delete files), Data would have traverse only. DB's would be in xyz.
Above that, users only have read, list, and execute.
Jim.
ASKER