I wish to create an automated update script that will import data from an old copy to a new copy. The script will have to run remotely and without my supervision since the client wishes to keep their financial data private. My problem is that my strict file access settings are not allowing the new file to access the old one. My solution thus far is to ensure the target file is already opened. I'd like to know whether this (along with the other steps I've outlined) is a potentially problematic approach.
My approach to security
After reading the security guide along with numerous posts on the community forums, I have taken the following approach to securing my file:
- Account creation, deletion, modification, etc... is handled via scripts.
- Under the file access tab in the security window, I have checked "Require full access privileges to use references to this file."
- All security other than account creation is handled strictly via accounts and privilege sets (i.e. no ersatz/scripted security).
- Admin access has been permanently removed.
My approach to updates:
Everything is and has been working fine for months. When an update is required for a client, I take the following steps:
- I notify the client that I am performing an update. They make no changes until I have finished and notified them.
- I create a copy of my master file (which still has full access enabled).
- I make a few changes (like inputting the company's name/logo).
- I download my clients database from their server.
- I open their database with the highest level security (but not full access, since full access was removed).
- I open the updated database mentioned in steps 2 & 3 (which still has full access).
- I import all the data from the old file into the new file.
- I remove admin access from the new file and upload it to their server.
My approach to remote updates:
However, I now have clients that wish to keep their financial data private from everyone (including me, the developer). Therefore I have created a script that will run when I send them the updated copy. Imports all the data, recreates all the accounts (though with a default password since of course their old password was not stored in the database).
The issue I wish to address:
My issue is with file access. File access cannot be granted via the "do you wish to grant access etc... this is a one time process etc...." window since neither file has a full access account. As best I can tell the only work around is to open the target file first. There are 2 things I don't like about this approach:
- Importing from an open file imports the found set instead of the entire table.
- The import status/dialogue box opens and closes for each table imported. I would prefer to avoid this.
Is there a way to perform an update/import without opening the target file? Are there potential dangers/pitfalls to performing and 'remote' update the way I have described above? Am I being to stingy by checking "Require full access privileges to use references to this file"?