Access / Security

[Dthmtlgod]

OK. I have rolled out my simple ASP site, just updates a few fields in a
database, it works fine for administrators, but the local users are getting
a page can't be displayed error stating the database is opened exclusively
(this is not the case) or they don't have rights. The database s shared to
everyone as well as the actual web server.

Any ideas?

 

[Ray Costanzo [MVP]]

Is it opened exclusively by someone else?

Does your site authenticate your users against a Windows account database
(i.e. Active Directory). If so, do your users have proper NTFS permissions
on the ~directory~ in which the database resides?

If not authenticating, does IUSR_yourServer have NTFS permissions?

Ray at work

 

[Dthmtlgod]

No, the DB is not opened.

I am using Integrated Windows authentication. All users are on Active
Directory.

 

[Bob Barrows [MVP]]

Don't forget, all users of an Access database must have read/write
permissions to the folder containing the database. Not just to the database
file. This includes the IUSR_machine account.

Bob Barrows

 

[Ray Costanzo [MVP]]

Does your site authenticate your users against a Windows account
database
What is the answer to the second question from the quote above?

Ray at work

 

[Dthmtlgod]

Here is the error and connection string

The Microsoft Jet database engine cannot open the file
'\\ws\c$\inetpub\wwwroot\database\cxc.mdb'. It is already opened exclusively
by another user, or you need permission to view its data.
/cxc/missing_p.asp, line 29

27 Set Conn = Server.CreateObject("ADODB.Connection")

28 Conn.Provider = "Microsoft.Jet.OLEDB.4.0"

29 Conn.Open \\ws\c$\inetpub\wwwroot\database\cxc.mdb

 

[Ray Costanzo [MVP]]

What kind of authentication are you using? Integrated? If so, you cannot
"daisy chain" the authentication from one server to another, which is what
would be required if you need to access a share on a separate server. In
order to daisy chain authentication, you need to have a kerberos ticket
created. I do not believe that one is created with integrated
authentication. See these articles:

http://support.microsoft.com/?kbid=264921
http://support.microsoft.com/?kbid=287537

Or just move the database to the web server... Of course, I have a
suspicion that WS actually is your web server in which case, why are you
using a UNC path?

Oh, but then you did say that admins can access things fine, so maybe you
are already authenticating properly. So, in that case, the default shares
like C$ only allow admins to access them by default. Create a different
share!

Ray at work

 

[Dthmtlgod]

OK. I have made a little more progress on this, but not heading in the
right direction.

If I add a local user account for a user. He/she can access the database.
The website works fine.

I really don't want to add all 500 users. I must be missing something very
easy, as I mentioned before all administrators can access it with no
problems.

 

[Jeff Cochran]

OK. I have made a little more progress on this, but not heading in the
right direction.

If I add a local user account for a user. He/she can access the database.
The website works fine.

I really don't want to add all 500 users. I must be missing something very
easy, as I mentioned before all administrators can access it with no
problems.

You're missing the permissions for the files/folders and share. And
misunderstanding how to use Windows NTFS and share permissions to
apply these to a *group* then add the users to the group.

*Or* if this is going to be web-based, use anonymous access and make
the IUSR account able to access the proper files/folders.

Although you never tell us the specific error, my guess is it's
covered here:

Why do I get database-related 80004005 errors?
http://www.aspfaq.com/show.asp?id=2009

Jeff