Access 2000 Security Loophole? (2000)

Topic

New Reply

Did you copy everything into a new database after removing Admin’s permissions?

Reply | Quote

Replies

Has anyone else experienced this loophole?
edited by WendellB to activate link to MS Kbase article

I have been able to duplicate this security loophole on several PCs, all which have only Access 2000 on it (no eariler or later versions of Access). If I set up security exactly as written in MS Access Help and Q254372 (which I have taught to rooms of people for years so I know I am meticulously following these instructions) and then join back to the original, unchanged system.mdw file when I’m all done, I can still log in as the Admin user, who still has all permissions to all objects and even has administrative permissions to modify security in the database!

I am using the Workgroup Administrator with Access 2000 to create the MDW file, then using the Security menu to create users and groups and to remove the Admin user from the Admins group, and finally using the security wizard to remove all permissions of the Users group and remove the Admin’s ownership of the database objects (which is what MS Access Help says to do). I hypothesize that the Admin user is not really removed from the Admin’s group (or not really disabled). This apparent loophole does not exist in prior versions of Access. One theory to explain this behavior is that perhaps the SYSTEM.MDW Admins group is getting changed at the same time as I’m modifying MYSYSTEM.MDW.

If I use the Access 2000 Security Wizard for the entire operation (a procedure not mentioned in MS Access Help) including the first step which is to create a new MDW file, then there is no security loophole. The Admin user is truly locked out even if I join back to the original system.mdw.

This is pretty serious for people who are relying on the database to be secure and are counting on the official instructions from Microsoft to be the best way to proceed.
Thanks- Sally

Reply | Quote

As the article suggests, there are three things that will cause problems in attempting to secure a database:

• You were logged in as the Admin user when you created the database – therefore Admin is the owner of the database and can always login
• You failed to remove the default permissions from the User group – by default the group Users can do anything to a database object, including logging in.
• The default system.mdw file is being used for security purposes.
  [/list]I’ve done this a number of times, and it does work, but the problem is to make certain that you haven’t made even a small mistake somewhere in the 15 or 16 steps. Moral of the story – use the Security Wizard – it minimizes mistakes. BTW, use of the security wizard is mentioned in my help files, and is also referenced at the bottom of the KBase article. Hope this helps.

Reply | Quote

Thank you for your reply! It gave me enough to think about to realize that my problem was switching to the Security Wizard to do the last few steps (removing the Admin’s ownership, removing the User’s Group permissions). This used to work fine in Access 97, but no longer is okay in Access 2000. I’m not sure why this doesn’t work, though.

I am now convinced that using all the manual steps in Q254372 is good and using exclusively the Security Wizard (as stated in MS Access Help topic “Securing a Database using the User-Level Security Wizard”) is good, but switching from manual steps to Security Wizard is bad.

Reply | Quote

Perhaps you can answer a question I have. I have a secured database in Access 97. I created a new database in Access 97 and imported all of the objects from the secure database with the goal of creating an unsecured database copy. I did this while logged in as a ‘super’ user. I then switched to the system.mdw workgroup and was able to successfully open and play around with the unsecured version. I passed this unsecured version to a colleague who has Access 2000. When this person attempted to open the unsecured Access 97 database, an message box appeared that stated that the person could not convert the database because they did not have the necessary permissions. This person is using the installed version of Access 2000’s workgroup file. Why isn’t this person able to convert the database?

Reply | Quote

Open your copy and see who the owner of the objects is.

Reply | Quote

I am the owner/developer of the original, secured version and was logged in as such when I created the unsecured version. I did have another person, with Access97, successfully open the unsecured version while joined to the system.mdw workgroup.

Reply | Quote

The owner is . I presume I need to change it to Admin. I did so and had another colleague with Access2000 open it. He received the expected prompt about converting to Access 2000. Thank you for your assistance.

Reply | Quote

Sorry for the delay in responding to your question – I’ve been moving my office, and Internet access has been very sporadic. In any event it sounds as if others have given you the correct response. In summary, if you are not the owner of the database, the conversion routines complain and won’t let you proceed.

Reply | Quote

WendellB is correct, one should change the owner of a database and not leave Admin as the owner, for better security. For even better security, SQL Server is the way to go. But if you stick with a desktop database application, then by all means make sure you change the owner of the database, or create it with an account other than Admin to begin with.

FWIW

Reply | Quote

Thanks for your reply. I thought that the Access 2000 Security Wizard took care of that part (copying objects into new database) like the Access 97 Security Wizard does, but maybe it does not.
Sally

Reply | Quote