Protection at file of the working group mdw

When creation of application database often appears need to delimit the right of the users for work with data. Except this, restriction of the access to the base, executes, on essences, else and function of protection given from unauthorized access. After all not authorized user will impossible open the base even for reading (at least once, in theories). In this article I shall tell about standard protection database at file of the working group special file with extension mdw.

When installation of protection, first go it is necessary to assign itself question: as from who You are going to to protect? This is because attempts to create непрошибаемую protection are uniquely doomed to failure. Additionally, often misgivings on cause of the desire who or break open Your base are powerfully exaggerated. Usually at development project, requiring raised level to reliability and safety use not Access, but others, more suitabling for such deal vault given for instance SQL Server. Standard protection Access fits in For all rest events at file of the working group.

The Working group group users is identified in Access, working with the base.

In file of the working group are written account writing the users and groups, falling into working group. The Passwords of the users is also kept in file of the working group. Account record in working group can be nominated right of the access to database and her(its) object (the table, request, the forms, report and макросам). The Rights of the access are saved in protected database.

When user in the first once starts Microsoft Access after installing Microsoft Office, Access automatically creates the file of the working group, which is identified on specified by user of the name and name to organizations. The Relative location of the file of the working group is written in the following parameters of the roll:

HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Access\Jet\4.0\Engines\SystemDB

и

HKEY_USERS\.DEFAULT\Software\Microsoft\Office\10.0\Access\Jet\4.0\Engines\SystemDB

Possible in the same way look, where lies the standard file of the working group through Service Protection working group Manager Relationship Review here see System.mdw. Will Make sure in that that Access his(its) creates when start (if his(its) no) possible much simply - delete him(it) and close Access. Once again open Access and create new am empty the base. Now see the Service Protection System.mdw again appeared.

That is to say, on essences, standard system of protection Access is always included. Before activation by user of the procedure of the connection for working group, Access under the first start or when making the new base checks presence of the file of the working group, and if his(its) no, that creates him(it) and automatically connects to him all users by means of built-in account writing the user Admin with empty password. The Window for entering логина and password herewith is not removed, but therefore s the impression that base nothing is not protected . This faithfully to the extent that that door not заперта, but is only closed any can her(its) open.

Possible and most create own mdw. For this жмем Service Protection working group Manager Create. The dialogue window Information is Opened about owner worker gruppy. In field Name and Organization will enter the working group name and if you want, organizations. In field Code groups will enter the unique identifier of the group, consisting of letters and numerals. This identifier can include before 20 symbols. As identifier of protection is recommended use the set a symbol, which сложнее to guess to provide hereunder greater degree защищенности working group.

Press the button OK. Will Appear the dialogue window, allowing assign the name of the new file of the working group. Will Enter the full filename with extension mdw, or press the button a Review to choose the file, in which will is saved new file, and indicate the filename. If You do not indicate the filename, that Access itself his(its) придумает this will certainly System1.mdw. Press the button OK. Will Appear the dialogue window, allowing check entered information. Press OK. Created mdw automatically joins to Access that is to say now all bases on given machine will be started through it.

About this often forget the beginning developers : that created by them file of the working group possible to connect to concrete base not only, but also for all applications Access. For this it is enough to indicate him(it) through Service Protection working group Manager Relationship Review .mdw. Now all bases will be opened only after passing авторизации through created mdw that is to say every time come водить username and password though the base can be and is not protected. This sometimes provides in dismay beginning экспериментаторов: "наиграшись" with working group Manager and their own mdw to want to return all "as was", but here is as? Dispose of this simply: indicate standard mdw said way (C:\Documents and Settings\Администратор\Application Data\Microsoft\Access\System.mdw). But possible do more simply - move somewhere created by you mdw Access his(its) will lose and when start will ask: Access can not find mdw. Use the file of the working group by default? Say Yes and create new standard mdw with full rights for all users and with disconnected by dialogue window of the entering логина/password. But here there is one moment: new mdw will already System1.mdw after all old System.mdw nowhere делся. In next time under like action will appear accordingly System2.mdw and t. d. All this copies one and same standard file of the working group. To not to produce them ad infinitum, are connected to parent - System.mdw, rest delete.

But here is that window авторизации was removed only on concrete protected base, her(its) it is necessary to start through special label with parameter of the command line. For this create the label of the base given, жмем on it right button Characteristic Vkladka Label and in field Object:

"C:\Program Files\Microsoft Office\Office10\MSACCESS.EXE" "Full way to protected to base"/WRKGRP "Full way to file of the working group - mdw"

Here occurs consequent performing the commands: is first started DBMS Access - MSACCESS.EXE (for Office 2003 it is necessary Office10 to change on Office11), is then started base with instruction of the way to corresponding to user file of the working group. If the first and the last command are missed then to the base is connected mdw used by default.

Previously than proceed with protection of the base by means of file of the working group, follows be defined: shall protect both parts of application (the file with data and file object) or only file with data? Protect interface makes sense if You want to limit the access of the users to макросам and request (forbid their editing). About the forms and reports speech does not go, after all it goes without saying that base will is presented user in format mde. But if this is not a problem, for instance, all requests is prescribed in characteristic of the forms and reports that it is enough will install protection on server part only. In this case the base will more simply administer.

The special master use For installation of protection. We Open the file given Server.mdb. Then Service Protection Master. It Is Opened dialogue window, where is first go offered choose: create or change the current file of the working group. We it is necessary to Create . ZHmem hereinafter. In opened window in field Filename automatically registers the way to file of the working group by default, in the same directory, as Server.mdb. We shall Pay attention to field Code of the working group . This is an unique identifier of the group from accidentally typed alphanumeric combination.

His without fall it is necessary to save!

This is because at loss or damage of the file of the working group access to the base will become not possible (about хакерских of the methods промолчу). At the end of all procedure master will offer You to create the report about done functioning - amongst other there and will this code. Also we shall leave the mark to create the label for protected bases . In previous part of article was spoken about this label. The Speech went about that to start the base through it, rather then connect created mdw to all project Access. Once, uzh master red for deal, let he and does the label. ZHmem hereinafter.

On the following вкладке is offered select the objects, which necessary to protect. In most cases if uzh to put protection, so on all that strictly and is done by default. So simply жмем hereinafter.

Now, the master offers to create the working group moreover right of the access on him already beforehand portioned. Can choose what or of them, but can проехать further. Personally I always itself shall create itself groups, but as deal of the taste is spoken. ZHmem hereinafter.

On this вкладке is offered group Users to fix restricted right. The Sense here in that that as was it already spoken in the first part of article, all bases Access actually are already connected to standard file of the working group, simply right beside all users (the group Users) full, as beside manager. А new file of the group s under installation of protection or changes standard. In general, in any file of the groups will always be present as minimum two groups: Admins and Users. This and understandable: in всякой to system of protection coming in the most simplest event must be identified as idle time user or manager. Delete these two notions at all it is impossible, otherwise loses the sense protection what hear, who came? Though beginning developers sometimes try to delete юзеров , but that do not delete

We shall Notice, master warns to did not return юзерам of right without person of the necessities, after all once such group there is in ALL group, that fixing her right, you automatically fix these right for all files mdw by default. The Dialect more simply if give the group Users full rights then for pass-by of protection it is enough to create the new file mdw and call at under username of the group Users. So most often this вкладку also проезжаем.

Now got before creation their own админов and юзеров. By default there already there is админ can change him(it) on its if him not доверяете. For this choose in list on the left to Add the user , shall assign him name (for instance Pupkin), password and жмем Add the user in list . Now possible dispell old админа select him(it) and жмем Delete the user from list . Now our Pupkin automatically became the админом (therefore as other don't care no). To make sure in this, move to following вкладку and see that in group Admins (the managers) is present our person. ZHmem hereinafter.

Now remained only to indicate, where save the reserve copy of the undefended base. This on event if suddenly you will reconsider and solve to return all as was . Access creates the copy of the base, only changes beside it extension on .bak. see That nobody did not guess that this not protected base. ZHmem ready.

The Base is encoded and appears the report about done to functioning. Once again напомню his without fall it is necessary to save. If suddenly file of the groups mdw where that денется or conks to gain access to the base it is necessary will create him(it) anew, having indicated when making his old code of the working group wipe that that offers the master, and put(deliver) its. As a result whole was got following:

1. Appeared new file of the working group - Security.mdw (in Access 2002 he by default is identified Secured.mdw)
2. All objects of the base Server.mdb (tables) were interweaved through file of the working group
3. Appeared copy of the base Server.bak
4. Label of the connection appeared On worker table to base Server.lnk

Now we shall try to start the base by usual way double call. As a result: Ostutsvuyut permits on use the object Server.mdb and t. d. . Same will see and malicious penetrator, trying get before your given in the base. Became to be protection works. Now we shall start through label will appear the form an авторизации. We shall Carry in her логин Pupkin and password, which he has assigned base is opened.

The Ithaca, the base protection, but from all users there only админ Pupkin. Signifies shall create the users and groups. We Start through label base and жмем Service Protection Users and groups. On the first вкладке we create the users, on the second - a groups of the users. With this think the problems not will: жмем Create and on dialogue hereinafter. Zamechu only that name better to give as numerals. This is because as is well known meet the namesake, but here is alike numerals does not exist.

If users it is enough much, that makes sense create the groups to unite them. In each group can be several users. The Rights of the access of the group are automatically fixed member of the group. Hereunder администрирование database is simplified. We Move to the second вкладку and create necessary us groups. Then we return on the first. Here we see that in list of the groups except standard admins and users appeared new. To enroll in them our users, shall choose from list of the user, shall select the group and жмем to add. We shall Call attention that our админ Pupkin must without fall be present in group manager (admins). Otherwise he will not be an админом. Accordingly, all rest this does not concern.

After making the users and distribution them on group remained to assign him password of the input this is done on the last.

The Password of the user can change only user itself that is to say one, will call at in program under his(its) name!

Has Now come the time be conceived about rights of the access. For this follows carefully продумать, who from users to that must have an access. Here, there is several decisions.
Regrettably, in Access not possible to install the access on field of the tables, but possible to the whole table only. So, for event, when to given one tables user miscellaneous must have a different access, come to bluff. For instance:

1. saw up table asunder and their correlation head-to-head. This just that event, when such вообщем that strange relationship makes sense.
2. Do the form miscellaneous for different users and start them for each its. To hear who there is who, possible use idle time by procedure:

IF CurrentUser = “1” Then …

But such variant does not give the access to given through the forms, but nothing do not disturb the user залезть stright in Server.mdb.

Change the level of the access can only manager (admin) member of the group admins!

That is to say for access level change for users necessary to call at in server part of program under name of the manager (in our event Pupkin ). Then choose: Service Protection Permits. Possible install the access for group, but possible for each user apart. In the event of with group when making the new user to fix him right of the access, it is enough to place him(it) in corresponding to group. So we shall put the accesses for groups.

For this on вкладке Permits it is necessary be switched to groups and in list User and groups choose the necessary group. In field with list Type of the object choose the necessary type of the object database. In list Name of the object choose the object and in list Permits enter the level of the access to object.

Do Not experiment with rights of the access manager (admin) otherwise You, as manager, can close the base from most itself!

As was it already spoken, the whole information on protection of the base be kept in scrambled type in file of the working group - Security.mdw. Before any action on access level change or change the passwords is recommended do the reserve copy of this file and keep him(it) in reliable place on external carrier. Will Hereunder be a possibility to return change, connected to the base saved copy Security.mdw.

At loss or damage of the file of the working group Security.mdw access to database will become not possible!

This is one more reason, on which is recommended save the copy Security.mdw on external carrier in reliable place. In ditto time, in an effort open the server part of program, in which is kept information database file Server.mdb, avoiding авторизацию, or dialect more simply, when stealing the base malicious penetrator, gain access to given without Security.mdw in the same way not possible.

Except restrictions of the access to data, possible use such protection and for conduct log. journal action users, allowing track the date and time of the creation record, but in the same way whom and when last she was changed. For this in each table it is necessary to create the field, in which are automatically written corresponding to data:

1. Date creation - date and time of the creation record.
2. Date change - date and time of the change record.
3. Changed - username, changed record.

Record is done at interception of the event of the form is Contributed change

Private Sub Form_Dirty(Cancel As Integer)
      [ДатаИзменения] = Date + Time
      [Изменил] = CurrentUser
End Sub

But date of the creation possible similarly to assign in table as date by default: Date()+Time() That given were displayed in extended format, it is necessary will install in table format field as dd.mm.yy.hh.nn

Author: Admin It Is Added: 14.05.2007