Security Overview

I have completed my Db and have just applied user level security. So far so good - it all seems to work OK on my development version.  I have set up all my users with the same password and what I now want to do is the following, in order to comply with the company's Information Security regulations:

1: Force a password change the first time the user logs in.

2: Create a button which enables the user to change their password whenever they choose.

3. Force a password change every 4 weeks.

Also, I understand that, in order for the Db security to work in the live environment, I need to save the Workgroup Information File into the same folder of the network drive as the Db will be stored in. Will this work automatically or are there associated issues I need to consider.

I'm working in 97 on NT 4.0

I'm getting into the realms of "WOOOAH, I don't really know what I'm doing with this!!!", and the help file is not very, ah, helpful. Could someone give me a hand??

The following information may prove helpful to you.

User-level passwords apply to the session of Access, not to the mdb itself.
The passwords, user, and group info is stored in the workgroup file under
which the Access application session is always run.  You cannot run Access
_without_ running under some workgroup somewhere.  However, usually you
start Access using the default workgroup installed when Access itself is
installed, that workgroup does not have a password for the default Admin
user unless you deliberately set one on your PC.

So when you start Access, you are actually logging in with no password as
the defaukt Admin user in the Users and Admins groups of the default
workgroup file.  You cahnge this by either using the WGA utility, prior to
running Access, to change the active workgroup used for running Access, or
do that same by using a command-line switch when you invoke Access.  Either
way, you then switch to the new workgroup which presents a login dialog
because it has a password set for each user, including the default Admin
user.

So users of your application will not see a login dialog unless they are
running under your special workgroup which has your passwords.  They will
just be running under their own default workgroups unless they deliberately
switch to yours as above; this means you will not have any login dialogs
unless the user is trying to run _your_ application, they can do other stuff
without ever involving your app or workgroup.

And of course, that is why you have workgroups, you normally would deny all
security permits to such default-workgroup users in your app, forcing them
to run under your workgroup, logging in as a special user, if they want to
use your app.  Permits for users on objects in an application are stored in
the mdb itself not in the woirkgroup.


You can create your own form to set and remove the database password.  Your
form can include text boxes with a password input mask so the "*" character
is displayed for each character they type.  You can use the .NewPassword and
.RemovePassword methods of the database object to modify the password --

Robert Berman
Data Base consultant
Vulcan Software Services
thornmastr@yahoo.com