I have an access 2007 document I will be sharing on a SharePoint site. My users will open it only in read-only format so that they can just query from it but make no changes to the database.
The problem is that looking at a security perspective, users can save the file natively and then have a look at the internal data as well as make changes to the database. This is possible because they can use a SAVE AS feature. So my question is : How to disable this feature so that they can not save it at all in any form.
Here is a link I found for Excel and it even worked in Excel but I cant do it in Access!
Help is much appreciated :)
How to Disable Save and Save As using VBA
If you really want to restrict, you can disable a few things in Access Options (depending on how restrictive you wish to be) and then compile the application to an ACCDE. Play around with disabling settings like Display Navigation Pane, Use Access Special Keys, Allow Full Menus and Allow Default Shortcut Menus. If you want you can hide the ribbon too. All depends on how restricted you want it. Then go to File --> Save & Publish --> Make ACCDE. The ACCDE file is a compiled version that restricts editing of the structure of the database including form designs, etc.
Related
We have a (super)user who has been using VBA in an Excel spreadsheet to create and manipulate documents in a Domino database application.
The user has 'Editor' access to the application, and should normally be able to create/edit the document contents.
They have been, however, creating documents using VBA. That logic doesn't consider such important document fields as Readers, Authors, etc. .
We would like to restrict access to all Domino data so that it can only be created/modified using an IBM Notes client.
I have tried looking through the ECL, but that only restricts what 'others' do.
Since he has his Notes client available, the external logic is using his normal Notes credentials.
I have tried setting a hidden field with the Notes client and looking for that in the QuerySave event of the form design.
Unfortunately, the external code pays no attention to the form events and the save is executed despite the missing field.
Similarly, the Database Script has no bearing on the execution of external logic.
I was going to inspect the client version upon database open and restrict activity based on a variance in the version (I was hoping!).
I have de-selected the 'Don't prompt for a password...' option in the user security preferences, but that has no effect at all (suspected as much!).
The ONLY thing I have been able to suggest is to hide the database design... That's really only designed to thwart a user's efforts to understand the underlying design.
It won't prevent them from creating hundreds of thousands of documents with a fictitious form and throwing the app into disarray.
I'm hoping that there is a solution out there that I'm missing.
The user has been instructed not to undertake such activity in the future.
We were lucky that there really wasn't any malicious intent - "Just trying to be more efficient" we're told.
The effects of the activity have been remedied, and the user has been warned.
What I want to know is... how can I prevent this from ever happening again?
The circumstances are rare I know, but I would've thought there'd be a means of restricting the platforms used to manage Notes/Domino data.
Is there a way to ensure no external applications are able to access, create or modify Notes database documents?
I am currently focussing on access to Notes via COM.
I thought that, if I unregistered 'nlsxbe.dll' from the registry, that would prevent such activity - It has not.
I also tried removing the .TLB files from the Notes executable folder - removal of 'notes32.tlb' and 'domobj.tlb' have no effect at all. Removal of 'ltsci3.tlb' screws everything up (as expected!).
I'm really having no luck at all - Any/all suggestions would be most appreciated!
I'm not aware of any way to detect that a connection has been made by standalone code instead of by the Notes client, but you do have two paths available to you:
A Domino server add-in that prevents documents from being saved in that particular database if certain criteria aren't met.
An agent that is triggered to run shortly after documents are saved or modified in that particular database. The agent code can delete (or modify, if you prefer) the documents that don't conform to the required criteria.
The server add-in route would normally require coding in C, but thanks to the Open NTF Trigger Happy project, the hard part is done for you, and the rest can be filled in with either LotusScript or Java agent code that is "triggered" by the pre-written C code. You will need to have some basic knowledge of how the Notes Extension Manager interface works, but once you get past that and write your agent code to enforce your data consistency/integrity requirements, the only real hurdle is your willingness to host open source code on your server.
There may be two other possibilities, but I can't say if either will solve or deal with the issue...
In the ECL you can disable 'COM' access for the user (also known as OLE or ActiveX) automation since VBA access is usually via COM. This has stopped Notes using external COM access for me, but I don't know if also prevents VBA using Notes. Additional steps may be needed to enforce the ECL and apply to the specific users.
There is an (old) notes.ini 'DisableExternalApps' (or something similar) that disables some external access. This can affect many things (DDE/Prompts/#dblookups) but again I don't know if this will disable VBA/COM and its not user specific, but server wide.
I would have thought that removing the nlsxbe.dll or restricting access to execute it might work, but the ECL may be the best bet.
Alternatively, rather than add hidden flags to your design (and the documents), and then delete the offending documents, your agent could apply the correct author/reader fields to the documents instead.
Very tricky. Did you find a better solution?
Currently i generated excel file from TFS 2013.
I want to disable editing this file for some specific users.
I tried to add these users in the group Reader only, but they can modify the excel file then publish it.
On the other side, i want to give them the ability to refresh the excel file and get the latest status.
By "publish" I assume you mean the Check In permission. Readers don't have an explicit Deny on Check In by default, so you may find that people who can still Check In are members of another group with permissions. The usual group being the Contributors group.
To force the matter you can go to the file in question in Source Control Explorer, right click it and select Advanced -> Security and then explicitly set the Reader group to Deny for the Check In right.
I assume that you mean "publishing work items". If you do then people in the readers group will not be able to publish unless they also have contributed rights. So while they can click "publish" they will not be able to make changes on TFS, and they will be able to refresh.
this seems to be a bit of an odd requirement, but we have a separate form (not an infopath form) being filled out by people. Now, this form that we have has quite a lot of validations in it. We're currently trying to prevent people from accessing the list where this certain form is saving the data, this is so that they won't bypass the validations we created in the form that we created. Is there a way to be able to do this, one way or another?
Easy fix. Use SharePoint Designer to browse to the list, starting from "All Files". The list has several files in it. You're only interested in NewForm.aspx and EditForm.aspx.
Open these files. Either add JavaScript redirect code directly to the file (near placeholdermain) to point back to AllItems.aspx, or add a Content Query Web Part to add the redirect JavaScript code in that added web part.
Either way, when users go to add/edit items in that list, they will be bounced back to the page that list the items.
This will only work when JavaScript is enabled. Mind you, SP won't work very well with JavaScript off anyway, so people may not disable JS. But for a bullet proof solution, make a Visual Studio feature for the specific list.
If I open a doc in read only mode I'm able to press save and then it opens up a save as box and the default directory is the directory on the sharepoint server and if you press save you save it to the server.
This actually makes the whole process not really "read only" mode since I could actually update the document.
Is there a way to prevent this from happening so that if someone chooses read only there is no way possible to updload any changes back to the sharepoint site?
Also, it has been suggested as a solution to get rid of the edit/read only option so that people have to check out the document. Is there a way to remove the edit/read only option on documents?
Rather than relying on the client software to prevent saving, you need to modify the permissions on the server - give the user read only access to the document or even the whole list. That way they will get an access denied error if they try what you describe or uploading a different file with the same name.
The Read-only and Edit prompt are driven by SharePoint and a setting in the DOCICON.XML file. If you have added PDF as a Document extension inside the DOCICON.XML you will need to also add an additional attribute in the line and that is opencontrol=”” this seems to stop SharePoint from applying it's header to open the document.
<Mapping Key="pdf" Value="icpdf.gif" OpenControl=""/>
-Rob
(Edit : Sorry I have not tested this on SharePoint 2007 only SharePoint 2010)
Is There an easier way to have pictures on the sharepoint site? I only one way to do this but I want to find another way if its faster and easier for users to use.
I suggest looking into Telerik's FREE Radeditor for MOSS.
P.S. Belongs on superuser.
I would not use this in all cases as it depends on user permissions, how much you trust your users, and if your users are internal and have access to your network.
But, with that said...
The fastest, easiest way I know how to load pictures into a Picture Library is to go to the Library, select Actions > Open with Windows Explorer, and drag images into Windows Explorer, which populates the Library.
It depends on where you want to be fast.
If you want to be fast in uploading all the files, upload them using the explorer view into your picture library.
If you want to be fast in editing content, then there really is only one option : use SharePoint 2010 as adding pictures has become as easy as adding pictures in a Word document. Insert picture, specify which file of the filesystem you want and select a picture library in which the picture will be automatically uploaded.