User and group permissions / accounts - "Access" denied (1 Viewer)

I have created a database and want to restrict the priveliges of certain users so records cannot be deleted, designs changed, etc. Under the user and group permissions, I discovered that even though I'm logged onto the machine under my username, the 'Current user' is 'Admin'. I have no idea where this name came from, and therefore how to log in as someone else. When I log onto the machine as a different user and try to run the database, it tells me the database is read only, and it's unable to run a macro I've used to go to a new record. However there is only ever one user listed in the database. When running the database as myself (i.e. 'Admin' as it calls me), I tried creating new users under my own username and that of another user, and assigning full rights to the other user, but even when logged in as that other user, Access still reported the same error, presumably to do with user permissions. I'm presuming that once I've got the database to recognise different users, the permission setting will follow without too much trouble, but this was really the first hurdle as it stood.

The next twist was, I tried making a different user the owner of the database and its contents, and when I logged in as that user, I still didn't have any more permission, but nor did I have the right to remove or modify any of the accounts previously created by 'Admin'. When I logged back in as myself (i.e. 'Admin' or so it thinks), this modify permissions / create users access failed to return, even after I restored database and object ownership to 'Admin'. So as far as I can tell, the situation is currently as it was to start with (database ownership, permissions), but I no longer have the rights to change any permissions, and therefore implement any suggestions which this forum may present.

So my question is: how do I restore the right to modify permissions; how does Access use usernames and how are these linked to the Windows XP username.

Any assistance greatly appreciated.

You have not implemented security properly and should start again. Hopefully, you didn't modify system.mdw but made your own workgroup file. Before you continue, download and read, several times, the security FAQ from the MS knowledgebase.

Microsoft Knowledgebase
http://support.microsoft.com/default.aspx?scid=fh;[ln];kbhowto

I can't seem to get this link to post properly.

Thanks for that, I've downloaded secfaq.doc now and will read it through. It looks more complicated than I initially thought! It's possible I did modify the system.mdw file in the process, but the database is still working properly, and if there are issues I can easily export the tables and forms into a new database and start again.

Thanks for your help!

It's not a big deal if you did modify the default system.mdw. You can get it back to original state in a couple of ways. Via the security faq there is enough info there to help you manually change the workgroup back to it's original settings. OR, if you have access to another PC with the same version of Access and Windows that has not had security applied (well, if it has it was done correctly i.e. they did not alter the system.mdw file). Simply use Windows Explorer to locate the file system.mdw and copy it over to you PC (make sure to make a backup of the one that is on your PC first in case things go badly!).

Great, thanks. I don't have another copy of it yet, but I'll try restoring it as you suggested if I need to.

The referenced file will probably tell you most of what you need to know, but I've found that sometimes the explanations aren't specific enough.

When you apply security but DON'T join the workgroup, you are still using the default workgroup. In this group, all users come in as ADMIN (without an S), who is a user in the ADMINS (with an S) group. In order to come in as a user, you MUST join a workgroup.

In order to prevent others from doing the same thing,

1. Create a new user to become your equivalent to the ADMIN account, but give it a different name. Make it a member of the ADMINS group.

2. Log out of the database. Login in again as your new account that is a member of the ADMINS group.

3. Make user ADMIN no longer a member of the ADMINS group.

4. Create a new group to replace group USER. Give it the same privileges as USER originally had.

5. Take away ALL privileges from group USER.

6. Create a targeted group that has the rights needed by your general users. Make your individual user accounts members of that group.

7. If you need to do so for special users, create more groups with the extra rights you need for those groups. Assign user accounts to the powerful groups as needed.

In summary, NEVER assign rights to users. Always assign rights to groups, then assign users to groups.

Now, when someone comes in without having properly joined the workgroup, they come in with no rights at all, so they very quickly get kicked out of the database. Problem solved.

Sounds good, I'll give it a whirl!