UtterAccess.com
X   Site Message
(Message will auto close in 2 seconds)

Welcome to UtterAccess! Please ( Login   or   Register )

Custom Search
 
   Reply to this topicStart new topic
> Security With Mdw, Access 2010    
 
   
jghogue
post Oct 11 2018, 07:38 AM
Post#1



Posts: 28
Joined: 14-January 16



Greetings All,

I have an Mdb that is using mdw for security. If I change Group Security in the Mdb, is the change made in the mdw or only in the mdb? If it is only contained in the mdb, then I would have to update the user's copy to apply the change.

What about any user level changes? Same question, is it stored in the mdb only or in the mdw?

Thanks.

jghogue
Go to the top of the page
 
jwild
post Oct 12 2018, 08:55 AM
Post#2


UtterAccess VIP
Posts: 865
Joined: 28-September 05
From: Ontario, Canada


The mdw contains the usernames, group names, and the users' memberships in the groups.
The mdb contains the permissions that the groups/users have on each object.
So it depends on what you mean by 'change Group Security' and 'user level changes'

If you change the permission on an object, then yes, you have to update everyone's copy of the FE.
If you add/remove a user in some group, that is in the mdw, which is usually not distributed to everyone's computer.

Finally, you are using 2010; Access security was deprecated after version 2003.

--------------------
Joan Wild
Go to the top of the page
 
jghogue
post Oct 15 2018, 06:46 AM
Post#3



Posts: 28
Joined: 14-January 16



Thanks, Joan

I knew there would be limited people that could answer this question. My client has 266 users that may or may not run 45 separate applications (sigh). I was hoping to avoid distributing new FEs.

So, just to clarify, if you choose Users and Group Accounts under Manage Users and Permissions, you are changing the mdw app. If you choose User and group permissions, you are changing the mdb. Am I correct?

Again, thanks for your response.

jghogue
This post has been edited by jghogue: Oct 15 2018, 06:48 AM
Go to the top of the page
 
JonSmith
post Oct 15 2018, 07:37 AM
Post#4



Posts: 4,024
Joined: 19-October 10



.mdw's were removed such a long time ago I would be extremely careful about prolonging their use. Before long you might end up in a situation where you cannot administer them at all and everyone gets locked out.

You need to advice your client the risk associated with this and that they need to upgrade to the latest Access security methods (which is none tongue.gif) and distribute new FE's.
Go to the top of the page
 
jwild
post Oct 15 2018, 08:02 AM
Post#5


UtterAccess VIP
Posts: 865
Joined: 28-September 05
From: Ontario, Canada


QUOTE
So, just to clarify, if you choose...


Yes

--------------------
Joan Wild
Go to the top of the page
 
JodyMac12
post Jan 23 2019, 10:25 AM
Post#6



Posts: 56
Joined: 29-March 06
From: central Kentucky


I know this is a fairly old post, but my problem is related to it, as I use an mdw security file in conjunction with an MS Access 2007 accdb database. I've read that people don't recommend using mdw security, but it works for our purposes, and I'd like to keep using it. At any rate, I was using the same mdw file when I converted my old mdb database to accdb (frankly, I'm not really sure why i converted from mdb to accdb, except that we are using office 2007 for everything else. fwiw, i have no plans to move to any of the newer office versions if I can avoid it.)

The deal now is, I am adding a new employee, and I want them to have more restrictions than other users as to what they can do in the database. While I am able to access and edit the mdw file to include the new employee, I don't know how to do it while the accdb file is also open. So I can place restrictions for the new employee related to new tables, queries, forms, etc, but I don't seem to be able to place those same restrictions on existing tables, queries, forms, etc. within the database.

do I need to convert the accdb database back to mdb and then edit the mdw file?

If I do that, should I even bother converting it back to the accbd format after making the changes I want to make while it is in mdb format?

Thanks in advance for any help you can give me...

JM


--------------------
the dude abides
Go to the top of the page
 
JonSmith
post Jan 23 2019, 11:05 AM
Post#7



Posts: 4,024
Joined: 19-October 10



As before, my advice is to stop being stubborn and accept that this is a dead technology. Sooner or later you will be completely locked out of your application / data.
Just remove the .mdw, update the .accdb and build your own security methods.
Go to the top of the page
 
JodyMac12
post Jan 23 2019, 11:51 AM
Post#8



Posts: 56
Joined: 29-March 06
From: central Kentucky


Let's be frank here, Jon, I'm not capable of building my own security methods...and as an aside, I doubt I'll ever stop being stubborn.

I also definitely don't understand your concern that I will eventually be locked out of my own data...I have back-up copies of the mdw files, so even if I messed up the one I was trying to modify, couldn't I just the delete that one and insert an older, unmodified copy from my back ups?

Thanks for the reply...

JM

--------------------
the dude abides
Go to the top of the page
 
isladogs
post Jan 23 2019, 12:10 PM
Post#9



Posts: 1,036
Joined: 4-June 18
From: Somerset, UK


I think Jon meant that at some point MS could just remove support for workgroup security as they did for ADPs, Web databases, pivot charts etc.
How likely that is I don't know, but the reality is that MDW files offer minimal security and can be hacked relatively easily.

It isn't difficult to add far greater security in ACCDB files than you can ever get with MDB/MDW.
For further info, have a look at these articles
Compare security-MDB vs ACCDB
Improve Security in Access databases

--------------------
Go to the top of the page
 
JodyMac12
post Jan 23 2019, 12:55 PM
Post#10



Posts: 56
Joined: 29-March 06
From: central Kentucky


Thanks for the input and links, Colin -

I did look at them, but the reason I want to use user/group level security is not to prevent hackers - i just want to restrict what data authorized users can add or delete. My main concern is just preventing the new employee from deleting data by accident.

I am not an IT professional, and I do not aspire to be one. Maybe I have no business posting on a site like this, but even if you IP pros can't recommend using the mdw system because it is insecure as [censored] - can someone at least tell me if my original question is a possible (if insecure) solution:

If I convert the existing accdb database back to mdb, would I not then be able to edit the mdw file and therefore the permissions on the existing tables, queries, etc.?

in my first post, I then further asked if I should even bother converting it back to the accdb format, but based on what it say in the article "Compare Access File Security : MDB/MDE vs ACCDB/ACCDE", it seems like it would be a good idea to then reconvert the modified mdb file back to accdb, to make it harder for hackers at least...

Thanks again, Colin...


--------------------
the dude abides
Go to the top of the page
 
JodyMac12
post Jan 23 2019, 12:59 PM
Post#11



Posts: 56
Joined: 29-March 06
From: central Kentucky


He11 gets censored? isn't that in the Bible? iconfused.gif

--------------------
the dude abides
Go to the top of the page
 
isladogs
post Jan 23 2019, 01:47 PM
Post#12



Posts: 1,036
Joined: 4-June 18
From: Somerset, UK


QUOTE
If I convert the existing accdb database back to mdb, would I not then be able to edit the mdw file and therefore the permissions on the existing tables, queries, etc.?

It many years since I used them but surely you can edit the MDW whether or not the main db is an MDB file. The easiest thing to do is just try it.

QUOTE
in my first post, I then further asked if I should even bother converting it back to the accdb format, but based on what it say in the article "Compare Access File Security : MDB/MDE vs ACCDB/ACCDE", it seems like it would be a good idea to then reconvert the modified mdb file back to accdb, to make it harder for hackers at least...


In my opinion, you should do so ... but bear in mind I wrote both articles.
However you should at the very least encrypt the BE with a password & convert the FE to an ACCDE file

--------------------
Go to the top of the page
 


Custom Search


RSSSearch   Top   Lo-Fi    17th February 2019 - 02:56 PM