Prevent Table Import From Access ADP/ADE

Prevent Table Import From Access ADP/ADE

Post by Winglif » Tue, 26 Sep 2000 04:00:00



Hi Folks-

I'm upsizing an Access MDB to an Access ADP, and I just found out that
ADPs (and ADEs) do not have the Database Password feature that MDBs and
MDEs do.  This database password feature was used in the original front
end here to keep users from sucking out raw data from the database by
simply importing tables from the front end.  This is explained below.
Now how can I keep users from importing tables from the ADP/ADE front
end?

In the environment where the DB is used, it is critical that users only
be allowed to view data THROUGH THE FRONT END FORMS.  For example,
salespeople are only allowed to see their own customers.  The front end
forms programatically display only the customers of the user who signed
into the front end's own Sign In form.  To prevent salespeople from
poaching each other's customer contacts, there is a DB Password on the
actual front end MDE.  The users do not know the DB Password, and
therefore cannot extract raw table data by importing the MDE's tables
into a new Access file.

In order to open up the actual front end, the user opens up another,
different MDE (the "Launcher") that has NO TABLES, whose only function
is to programatically automatically open up the actual front end MDE.
The DB Password of the real front end is written inside the code of the
"Launcher" MDE, and the code of the Launcher MDE is, of course,
inaccessible.

So until now that system has worked really well.  Yeah, I know the
Access DB password is supposed to be fairly easy to hack one's way into,
but the security level was really sufficient considering the computing
abilities of the users here.  But releasing a password-less ADE file
that users can easily pull all the raw data out of by simply importing
the tables is NOT enough security.

Does anyone know a way to stop users from pulling raw data out of an ADE
file by simply importing its tables into a new Access file?  Thank you
for any insight.

-Paul

Home:  www.gis.net/~winglift

 
 
 

Prevent Table Import From Access ADP/ADE

Post by Mohamad Akr » Wed, 27 Sep 2000 13:09:38


Hi Paul,
First, you need to prevent access to the tables (no select permissions).
Then you can define a view that will select only the rows corresponding to
the salesman
who is currently logged on.
Select * From <Table Name>
Where salesman = SYSTEM_USER
assuming of course, that in the above table there is a field called
"salesman" which gets filled
automatically with the (SYSTEM_USER) value when the salesman enters a new
customer.

Then you give select permission on the view only.
This way, each salesman will only see whatever customers he has entered
himself.

HTH


Quote:> Hi Folks-

> I'm upsizing an Access MDB to an Access ADP, and I just found out that
> ADPs (and ADEs) do not have the Database Password feature that MDBs and
> MDEs do.  This database password feature was used in the original front
> end here to keep users from sucking out raw data from the database by
> simply importing tables from the front end.  This is explained below.
> Now how can I keep users from importing tables from the ADP/ADE front
> end?

> In the environment where the DB is used, it is critical that users only
> be allowed to view data THROUGH THE FRONT END FORMS.  For example,
> salespeople are only allowed to see their own customers.  The front end
> forms programatically display only the customers of the user who signed
> into the front end's own Sign In form.  To prevent salespeople from
> poaching each other's customer contacts, there is a DB Password on the
> actual front end MDE.  The users do not know the DB Password, and
> therefore cannot extract raw table data by importing the MDE's tables
> into a new Access file.

> In order to open up the actual front end, the user opens up another,
> different MDE (the "Launcher") that has NO TABLES, whose only function
> is to programatically automatically open up the actual front end MDE.
> The DB Password of the real front end is written inside the code of the
> "Launcher" MDE, and the code of the Launcher MDE is, of course,
> inaccessible.

> So until now that system has worked really well.  Yeah, I know the
> Access DB password is supposed to be fairly easy to hack one's way into,
> but the security level was really sufficient considering the computing
> abilities of the users here.  But releasing a password-less ADE file
> that users can easily pull all the raw data out of by simply importing
> the tables is NOT enough security.

> Does anyone know a way to stop users from pulling raw data out of an ADE
> file by simply importing its tables into a new Access file?  Thank you
> for any insight.

> -Paul

> Home:  www.gis.net/~winglift


 
 
 

Prevent Table Import From Access ADP/ADE

Post by Winglif » Wed, 27 Sep 2000 04:00:00


Wow, yes, that works great.  Oh man, I wish I had known this BEFORE we started
to upsize.  Generally we have referenced only Views and Stored Procedures, but
in the case of simple combo boxes tied to very small simple tables, sometimes
we simply referenced the table directly.  This was a major newbie blunder on
my part.  Hopefully we can go back and catch all the direct table references
and then lock down the tables according to your directions.

Thank you, Mohamad!

-Paul

 
 
 

1. S.O.S. - MAJOR PROBLEM IN ACCESS 2K PROJECT (ADP/ADE) TOOL

Hello-

This message is in regard to the situation described in my earlier post
of Thursday, 9/29/00, called "Changing data in View requires Table
SELECT Perm?", but I would like to resubmit the matter in a different
way.  It is not necessary to read the earlier post.  After corresponding
in some other newsgroups and speaking with several people at Microsoft
Product Support, I am led to believe that there is a major problem with
the Access 2K Project tool.  Simply put, I am told that contrary to what
common sense would would lead one to believe there is no way within the
resources of an Access Project to prevent a user from simply importing
all the raw data he or she would like to have by simply importing tables
out of any ADP or ADE file into a new Access file.  If anyone HAS
successfully prevented the import of tables from an Access Project,
PLEASE could you respond to this post?  Otherwise, this new tool has
about as much security as a cereal box, and should be marketed with a
big label on the front that says "DOES NOT WORK".

I am specifically calling out to anyone, if such people exist,  who has
first hand experience successfully deploying an ADE that cannot have its
tables extracted by simple importing.  With all due respect, if you're
not familiar with working in an Access Project, please do not respond
simply assuming that it behaves the way it should.  The standard SQL
Server method of calling data from only Views and Stored Procedures and
then denying permissions on the table DOES NOT WORK.  Microsoft Product
Support has confirmed to me that it SHOULD and that it DOES NOT.

The team here has just spent nine months porting a large database from
an MDE frontend / MDB backend format to the new ADE frontend / Sql
Server 7 backend format.  And if I'm now told that this supposedly
sophisticated, state-of-the-art, easy-to-use database tool cannot even
prevent users from extracting all raw table data as easily as peeling an
orange, then you'll understand my being, to put it mildly, upset.  If I
am forced to release a front end that anyone can extract tables from, I
could well lose my job over this.

If anyone has successfully deployed an ADE from which the tables cannot
be imported, I would appreciate your letting me know, as would those who
depend on me for their livelihood.

Thank you.

-Paul

2. SE on Red Hat 9

3. I'm in a ADP or ADE?

4. HELP ME PLEASE!

5. ADP/ADE in AccessXP/Developer

6. ODBC call failed using ODBCDirect

7. ADP/ADE - RunTime XP in Win95

8. olap web development

9. ADP/ADE

10. Preventing table update when linking oracle database table to access via ODBC

11. Access 2000 adp project reference another A2000 adp project

12. How to programmatcally save a project as an ADE file (ADP->ADE) ?

13. ADP to Access 2002 Format?? (ADP to MDB)