rel notes 2000

Upload: ckaratzoglou

Post on 02-Jun-2018

217 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/11/2019 Rel Notes 2000

    1/10

    Microsoft Access 2000 Security Manager

    1.0 Introduction

    No security administration tool can replace or be used effectively orsafely without a fundamental knowledge of how Microsoft Access user-level security works. The following references will provide the user ofthe Security Manager with a good grounding in this knowledge:

    Microsoft Access ! Security "hite #aper $ %&'(!!!

    Microsoft Access Security )A% - %&*!++

    ,verview of ow to Secure a Microsoft Access atabase - %&/0&'/

    Microsoft Access 1 eveloper2s andbook. Microsoft #ress. &1

    Microsoft 3et atabase 4ngine #rogrammer5s 6uide7 0nd4d.Microsoft #ress. &1

    Access 1 eveloper2s andbook7 /rd4d. Sybe8. &1

    Microsoft Access security elp topics

    The Security Manager enables the database-security administrator to makeknowledgeable security decisions as the database and its workgroupevolve. 9y presenting all security settings in a single view7 theadministrator can set and display permission settings and assignownership with all the information necessary to make informed decisions.n addition7 complete management of user and group accounts is one clickaway. )inally7 the ability to create logs of the database2s entiresecurity state and then to set the database2s security to any of theselog-runs gives the administrator a means to e8periment with ;what-if;scenarios or to create multiple security states for differentsituations.

    )or e8ample7 an application might normally use one set of high-levelob"indows>?profilepath@>Application ata>Microsoft>Addins folder. epending on the versionof "indow you have7 the ?profile path@ may or may not e8ist fordifferent users. lick Closeto complete the Security Manager add-ininstallation.

  • 8/11/2019 Rel Notes 2000

    2/10

    The Security Manager has not been configured for multi-user7 networkeduse. )or organiBations that wish to install the add-in on variousworkstations throughout the organiBation7 the Sm0+++.mde can be placedon a network share and installed following the steps above.

    9ecause the Security Manager logs information about the security stateof the database and members of the session2s workgroup7 its user musthave Cead and "rite permissions on the file itself as well as Cead7"rite7 reate and elete permissions on the folder containing the add-in.

    NoteThe Security Manager uses A, for its functionality and thereforeincludes A, /.* in its module references. n Microsoft Access 0+++7 theA, /.* library is not included in the default list of modulereferences. The Security Manager looks for this library in its defaultinstallation location:

    :>#rogram )iles>ommon )iles>Microsoft Shared>ao>ao/*+.dll.

    f the file is installed on another drive7 the Security Manager will be

    unable to locate this reference7 and will not work.

    3.0 Security Accounts that Can Run the Security

    Manager

    The Security Manager simply checks whether the logon account is a memberof the current workgroup2s Admins group.

    9y default7 the Admins group is granted all permissions on all newdatabase ob

  • 8/11/2019 Rel Notes 2000

    3/10

    The following sections discuss the features of the Security Manager.

    4. Permissions Ta!

    4.. "sers, #roups, and Mem!erships

    Microsoft Access user-level security includes the concepts of e8plicitand implicit permissions. 48plicit permissions are those assigned toindividual user accounts7 whereas implicit permissions are thoseassigned to groups. Members of the groups inherit the permissionsgranted to the groups7 thereby granting the members implicitpermissions. "hen managing user- or group-account permissions7 it isessential to know what groups the user belongs to as well as the membersof any group. Dpon selecting either a user or group7 the account2smembership is displayed in theMem!ershiplist bo8.

    4..$ Permissions

    The Permissionscheck bo8es instantly assign and revoke their associatedpermissionsE there is no need to confirm their action. The SecurityManager follows the Microsoft Access permission conventions of grantingor revoking associated permissions whenever certain permissions aregranted and revoked. )or e8ample7 checking the "pdate %atapermissionfor a table will also check the &ead %ataand &ead %esignpermissions.Similarly7 revoking &ead %esignfor a form also revokesModi'( %esign.

    The Security Manager provides great fle8ibility when modifyingpermissions settings. The user can first specify a user or group7 andthen process permissions on various ob

  • 8/11/2019 Rel Notes 2000

    4/10

    4.. plicit or #roup Permissions

    "hen plicit or group permissionsoption is selected7 the user canassign or revoke an ob

  • 8/11/2019 Rel Notes 2000

    5/10

    beginning with ;Dsys;7 such as a DsysCegnfo table7 because these areuser-created ob

  • 8/11/2019 Rel Notes 2000

    6/10

    4.. %ispla(s

    4... Permission :alues

    #ermissions are stored as long integers within the document for eachdatabase ob

  • 8/11/2019 Rel Notes 2000

    7/10

    4.$.$ Mem!erships

    Assign)&emo0e Mem!ersenables the security administrator to assigngroups to members or assign members to groups. n the default state7 the"=&-#roupsoption button is selected. This enables Available 6roups tobe selected from theA0aila!le #roupslist bo8 for the current user in

    the "serslist bo8. f the #&O"P-"sersoption is selected7 the listbo8es switch positions so that the administrator can now assignAvailable Dsers to the group selected on the left.

    n addition7 the Security Manager emphasiBes the relationship ofavailability and current Memberships by removing the selected accountfrom theA0aila!le #roupsor "serslist. Thus7 as groups are assigned tousers For users are assigned to groupsG7 theA0aila!le #roupslistshrinks.

    Note No accounts are deleted during this processE they are simplydeleted from the membership availability list. Assignments and removalsfrom the Memberships list can be performed with theAssignand &emo0ebuttons7 or by double-clicking the account in either theA0aila!le#roups)"serslist or theMem!ershipslist.

    4. Logs Ta!

    The ability to log and write back the permissions state of the databaseis a feature not found in the Microsoft Access user-level securitymenus. Security administrators should find many uses for this feature7including e8perimenting with what-if scenarios7 backing up the databasesecurity state7 or creating logs of various security states for possiblefine-tuning of a Microsoft Access application at a customer site. Iogs7referred to as log-runs in the Security Manager7 are stored in the

    Sm0+++.mde. See Section *.+ for information about periodicallycompacting Sm0+++.mde.

    4.. New

    4ach time that a new log-run is created7 a set of records is added tothe Security Manager2s log table. 4ach log-run is identified by its nameand the date and time it was created. 9efore clickingNew7 the usershould provide a brief %escriptionto further identify the new log-run.

    After clickingNew7 the Security Manager will verify that you want tocreate the log-run. As the database2s security settings are being

    logged7 the status bar in the lower-left corner indicates the log-run2sprogress. )ollowing completion of the log-run7 a message will bedisplayed to indicate its completion.

    4..$ =et =ecurit(

    Setting the database2s security from a log-run re-assigns thepermissions for all user and group accounts on all ob

  • 8/11/2019 Rel Notes 2000

    8/10

    and types of ob

  • 8/11/2019 Rel Notes 2000

    9/10

    5.0 eleting and Renaming !"#ects $hile %sing the

    Security Manager

    n general7 the Security Manager should be closed and reopened if theuser is creating7 deleting7 or renaming new ob

  • 8/11/2019 Rel Notes 2000

    10/10

    themselves with this concept by referring to the sources listed at thebeginning of this document.