Securing Back Ends

Ask any knowledgeable Access developer and they will tell you any Multi-User application or any application supported by someone other than the user NEEDS to be split into a back end (containing the tables only) and a front end (containing everything else). This is essential for stability and development needs. In most cases the back end is then stored on a shared network folder.

The users then need all but Full Control to that folder. This is because Access creates a locking file (ldb/laccdb) whenever any Access file is opened. So the user needs to have the rights to create this file, modify it and delete it.

But there is a way to hide this folder, though it’s not 100%. This article shows you how to do this through an extended permission called Traverse folder.

Basically what you need to do is create a folder to act as a container for your back end folders. Within this folder you create another folder for your back end files. You can either use a single folder or individual ones. My company has create a single folder so that’s what I will illustrate.
We have a shared network drive mapped as S:\ for all users. Within that share we have a folder I’ll call Miscellaneous for this example. Within that folder I have another folder called Back_ends where I store the back end files. It looks like this to a Domain Admin account:
TraverseFig1

However, to a Domain User account the Miscellaneous folder will not appear. This is because only Traverse rights to the Miscellaneous folder have been granted to Domain Users. Following shows the permissions assigned to Domain Users:
TraverseFig2

To set Traverse access, you would first uncheck all but the Write permission under the Allow column. Next you press the Advanced button to set Special Permissions. Select Domain Users under the Permissions tab and press the Change Permissions button:
TraverseFig3

Select to Edit permissions and set permissions as shown below:
TraverseFig4

You may not need the create and write permissions, but it shouldn’t hurt. The key is the Traverse Folder permission.
Once you do that, Domain Users will not be able to get to the Back_ends folder unless they know the exact name of the Traverse folder. So they can Type in S:\Miscellaneous\Back_ends and see that folder. As I said it’s not 100% but it will inhibit the average user.

Advertisements