no site admin (1 Viewer)

Is it possible to get into an mdb that has security permissions and no one is able to make you a user of a group that has those permissions?

Sounds suspicious.
How do we know that you are entitled to open it?
I'm not sure forum users are going to be willing to assist you on this

In general, no. For all Windows Server 20xx in the last couple of years, that kind of permission conforms to U.S. Dept. of Defense standards for Privacy Act data management, which means that you need someone in a position of trust to be able to diddle with groups. Without someone who has Administrator rights OR someone who has Full Control permissions, there is no way to get into the database from where you say you are. There may be a couple of loopholes, but we tend to be VERY reluctant to describe how to break into a database without permission.

The more interesting question is how it got that way if you have no one who can make you a group member. Because you needed to have someone who could create groups to set up what you describe, and that person would also be able to make you a member of the created group. So your description is not self-consistent. You have left something out of your situation description OR you are contemplating something that we would consider illegal, one or the other of those two.

As a matter of interest, what would happen if the last individual with Admin rights left the organisation and was unwilling/unable to divulge relevant account details (e.g. passwords) ?

BeeJayEff - I cannot speak for private enterprise, but for the U.S. Government, there is an actual rule that the assigned administrator to a system must write down the password for a system in a security envelope, seal it with tape, and hand it over to the government lead for the machine or project in question. OR, for large enough departments, the supervisor of administrators uses encrypted e-mail to distribute the password that is to be used for all of the systems under their control.

Good private practice SHOULD include a way for a hand-off to occur and the last paycheck would not be handed over until the system information is handed over. But that is a matter of good practice, not necessarily of law. I would think that a small business in that situation might have legal avenues to pursue in that a "bad exit" would in essence deprive a company of the use of its equipment. Most places I know have laws intended for sabotage but that could be applied to other methods of interfering with the ability of a business to use computer equipment. Deprivation of service if nothing else.

I agree with Doc totally. Every org, no matter how small or large, needs some form of "data survivability" if they wish to continue their business in the event of catastrophe (flood, fire..), loss of power, injury/death/incapacity of key individuals, hardware/software failure, disgruntled employees, external attacks.....
This is part of data/information management and/or risk managment. Often overlooked, as you are experiencing. Too many tend to use wishing/hoping something didn't/wouldn't happen as their strategy.
Think worst case scenario and set up some procedures/policies to reduce risk. Test it, communicate it and take it seriously.

Good luck.

when you create an access security group, you get fair warning that you need to store carefully the credentials you used to create it, as it is not recoverable.

True that, Dave. For other systems (UNIX and OpenVms for two), you can determine those credentials in one or more roundabout ways, but Windows tends to hide, encrypt, or one-way hash stuff. And if the item in question involves a one-way hash, the reverse algorithm is multi-valued so that you cannot tell which of a large number of possible choices led to the hash code in question.