microsoft access security
TRANSCRIPT
-
8/8/2019 Microsoft Access Security
1/32
http://www.databasedev.co.uk/distribute_secure_app.html
Microsoft Access Database Security
Steps to Securing an Access Database by Using User-level Security:
A workgroup information file is a file about the users in a workgroup. Microsoft Access reads this file atstartup. It contains information about account names, passwords, group membership and preferences.Preference information is specified in the Options dialog box.
A workgroup information file is initially created by the setup program when Microsoft Access is installed.The file is identified by the name and organisation information that is supplied during the setup process of
Microsoft Access.
A Workgroup ID (WID) is created when a new workgroup information file is created. A WID can have
between four and twenty characters and is case-sensitive. The WID guarantees that the workgroup filecan't be recreated by another user by simply guessing the name and company. It also makes the Adminsgroup unique to this workgroup file.
Access Workgroup Password Recovery v1.0a
Recover lost passwords for MS Access user/group permissions security files
Access Workgroup Password Recovery is a program to recover lost or forgotten passwords for MSAccess workgroup files. All passwords are recovered instantly regardless of length. Multilingualpasswords are supported.
Note: The following information details how to create and implement User-Level Security using MicrosoftAccess 2000. These steps have been thoroughly tested and have been found to work correctly. Pleaseensure that you follow the steps and instructions completely to recreate this process. The author takes noresponsibility for any problems that arise due to these instructions not being adhered to. Alwaysremember to BACK-UP any files (database and workgroup) prior to testing these procedures.
Task A-1: Creating a new workgroup information file
Objective: To create a newSystem.mdw with a new name
1. Exit Access
2. Using the Windows Explorer, open the folder C:\Program Files\Microsoft
Office\Office. This folder is where the System.mdw is located with a fresh installation ofMicrosoft Office 2000
3. Copy the file SYSTEM.MDW to the root of your computers hard drive (don't move
the file) to make a backup copy of the file.
4. In the Microsoft Office folder, double-click on MS Access Workgroup
Administrator.
This is a shortcut to the Wrkgadm.exe program that, when executed, runs the Workgroup
Administrator.
1
http://www.databasedev.co.uk/access_password_recovery.htmlhttp://www.databasedev.co.uk/security_overview.htmlhttp://www.databasedev.co.uk/security_overview.htmlhttp://www.databasedev.co.uk/security_overview.htmlhttp://www.databasedev.co.uk/access_password_recovery.html -
8/8/2019 Microsoft Access Security
2/32
5. In the first dialog box is the name, company and workgroup to which you are joined.
6. Click Create to open the Workgroup Owner Information dialog box, which you can use
to create a new workgroup information file.
7. In the Name text box, type in your name.
8. In the Organisation text box, type in your organisation name.
9. In the Workgroup ID text box, type in mywid.
10.Click OK to accept this information and open the Workgroup Information File dialog
box.
11.Using the default path, change the database filename to MySystem.mdw.
12.Click OK to accept the default path and new name for the new workgroup information
file, C:\Program Files\Microsoft Office\Office\MySystem.mdw
2
-
8/8/2019 Microsoft Access Security
3/32
13.In the Confirm Workgroup Information dialog box, verify that the information
you typed is correct.
14.Click OK. You must confirm your entries for the new workgroup information file.
15.In the message box indicating that you have successfully created the
workgroup information file, click OK.
16.Look at the changes in the Workgroup Administrator dialog box. There's the
information that you entered for the new workgroup information file. This workgroupinformation file is used the next time that you start up Microsoft Access, so there is no needto join the workgroup now.
17.Click Exit to close the Workgroup Administrator and display the contents of the Office
folder in the Windows Explorer. Notice that the new file, MySystem.mdw, isn't displayed.You may need to refresh the view to see it.
18.Choose View, Refresh. Scroll to see MySystem.mdw and System.mdw. Both
workgroup information files are saved in the same folder.
19.Before you close Windows Explorer, make a shortcut to the MSAccess.exe on
the desktop. You'll be exiting and starting Microsoft Access several times during this
tutorial and a desktop shortcut makes restarting Microsoft Access more convenient.
20.Close Windows Explorer.
Go to page:
3
-
8/8/2019 Microsoft Access Security
4/32
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures
3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
7. Permissions
8. Testing Security
9. Documenting Database Security
10.Previewing Permissions
11.Securing a Database with a Database Password
12.Distributing the Secured Application
4
http://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.html -
8/8/2019 Microsoft Access Security
5/32
Microsoft Access Database Security
Setting Logon Procedures
If you do not activate the logon procedure, you are automatically logged on under the Admin useraccount, for which there is an empty password. If you want to require users to log on to start Access, youcan change the password of the Admin user account. The Admin user is a member of the Admins(Administrator) group. The Admin user account is the same for every installation of Access. Administratorsalways have full permissions for objects created in the workgroup.
An Access password is case-sensitive and can have up to 14 characters, including any ASCII charactersexcept null (ASCII character 0). When you type your password in the New Password text box, asterisks
are displayed to maintain your passwords security. The first time you set a password, do not typeanything in the Old Password text box.
Before completing the following activities, please ensure that you have followed the previous exercise:Steps to Securing an Access Database by Using User-level Security
Task A-2: Activating the logon procedure
Objective: To change the logon password for the user named Admin to turn on security for theMyNewApp.mdb database. Please download the MyNewApp.mdb databasebefore starting this tutorial.
1. Start Access. Do not open a database
2. Choose Tools, Security, User And Group Accounts. You use the User And Group
Accounts dialog box to define user names, group membership, group names, and a logon
password.
3. Verify that the Users tab is selected and that Admin is selected in the User
Name text box. You're goint to change the password for this user.
4. Select the Change Logon Password tab. In the New Password text box, type
password. (Don't type in the Old Password text box because there is no old password.)Passwords are case-sensitive. Notice that an asterisk is displayed for each character that
you type.
5. In the Verfiy text box, type password. Accuracy is essential! The password text
boxes should look identical.
6. Click OK to accept your new password.
7. Exit Access.
8. Start Access. Try to open MyNewApp.mdb. The Logon dialog box opens before you
can open the database. You must enter a valid user name and password.
5
http://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/downloads/MyNewApp.zip -
8/8/2019 Microsoft Access Security
6/32
9. In the Name text box, type Admin. In the Password text box, type password.
10.Click OK. Now MyNewApp.mdb opens!
Go to page:
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures
3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
7. Permissions
8. Testing Security
9. Documenting Database Security
10.Previewing Permissions
11.Securing a Database with a Database Password
12.Distributing the Secured Application
6
http://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.html -
8/8/2019 Microsoft Access Security
7/32
Microsoft Access Database Security
Group Accounts:
When you install Microsoft Access, you get one user account and two group accounts:
The Admin account is the default user account.
The Admins account is the system administrators group account. The Access Setup
program automatically adds the Admin user account to the Admins group.
The Users account is a group account that comprises all the user accounts. When you
create a user account, it is automatically added to the Users group. Everyone is always amember of the Users group and can't be removed.
You can log on to Microsoft Access with a user account, but not with a group account.
It is easier if you organise your users into groups and assign permissions to each group, rather than toindividual users. A user can be a member of more than one group, and inherits all of the permissions ofeach group. A good design strategy is to add permissions to the groups, and add users to the appropriategroup(s).
A Personal Identifier (PID) is a character string that is used in conjunction with the account name toidentify a user or group. The PID is specified when you create a new user or group. You should record thiscase-sensitive code in case you need to recreate the workgroup information file. Note that the PID is not apassword. It's another means of identifying who you are to Microsoft Access.
Let's create two group accounts and set a unique PID for each one.
Before completing the following activities, please ensure that you have followed the previous exercise:Setting Logon Procedures
Task A-3: Creating Group Accounts in Microsoft Access
Objective: To create two new group accounts, one for the group who does Order Entry, and the second forthe Sales Managers group. This information relates to thesample Microsoft Access database download
1. Close MyNewApp.mdb without exiting Access. You don't need to have a database
open to create accounts.
2. Choose Tools, Security, User and Group Accounts.
3. In the User And Group Accounts dialog box, notice the Available Groups list in
the Group Membership section. There are two groups available, one named Admins andthe other named Users.
4. Select the Groups tab. Display the Name drop-down list.
The same two groups are listed here. You're going to create two new groups to add to this
list.
5. Close the Name drop-down list. Click New to open the New User/Group dialog box,
which is what you'll use to create new group accounts, one at a time.
6. Create the following group:
Name: Order Entry
Personal ID: orderpid
7
http://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/downloads/MyNewApp.zip -
8/8/2019 Microsoft Access Security
8/32
All the characters are case-sensitive.
7. Click OK.
8. Create another group as follows:
Name: Sales ManagersPersonal ID: salespid
9. Click OK.
10.Display the Name drop down list. Notice that four groups are now listed, including
your two new groups.
Now that you've created new group accounts, it's time to create new user accounts.
Go to page:
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures
3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
7. Permissions
8. Testing Security
9. Documenting Database Security
10.Previewing Permissions
11.Securing a Database with a Database Password
12.Distributing the Secured Application
8
http://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.html -
8/8/2019 Microsoft Access Security
9/32
Microsoft Access Database Security
User Accounts
Now that you've created newMicrosoft Access Group Accounts, it's time to create new user accounts inMicrosoft Access.
When you create user accounts for an application, those accounts are stored in the workgroup that theusers join when they use the application. Therefore, before you create the user accounts, you shouldmake sure that you are in the correct workgroup information file.
You can add a user to a group account or remove a user from a group account by making selections in theUsers tab of the Users And Group Accounts dialog box. Similarly, you can delete a user account or a groupaccount from a workgroup by making selections in the Users tab or the Groups tab of the Users And GroupAccounts dialog box. You cannot delete the group accounts Admins or Users.
Task A-4: Creating User Accounts in Microsoft Access
Objective: To create the administrator's user account as well as four other user accounts, and to assign
each user to a group. This information relates to thesample Microsoft Access database download
Before you begin: The User and Group Accounts dialog box is open, and the Order Entry and SalesManagers group accounts are created - please complete the previous tutorialSetting up Microsoft AccessGroup Accounts before starting.
1. Select the Users tab.
2. Display the Name drop-down list. There's only one user listed, Admin. You're going
to create five more users to add to this list.
3. In the Groups section, look at the Available Groups list. Four groups are listed,
including the two that you created. You can assign users to these groups.
4. In the User section, click New to open the New User/Group dialog box.
5. Create a user account for yourself, as follows:
Name: (Your Name)
Personal ID: mypid
Click OK.
6. From the User Name drop-down list, select your name.
7. From the Available Group list, verify that Admins is selected. Click Add to create
a security administrator account with you as administrator. You are a member of the Adminsgroup. As such you inherit Administer rights to import files, create new users, and assign
9
http://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/group_accounts.html -
8/8/2019 Microsoft Access Security
10/32
permissions.
8. Create the following new user accounts and assign each user to the indicated groupaccounts:
User Name Personal ID Group Membership
Olivia E oliviapid Order Entry; Users
Oscar D oscarpid Order Entry; Users
Scott S scottpid Sales Managers; Users
Susan M susanpid Sales Managers; Users
9. Display and scroll through the Name drop-down list. Now there are six user
accounts, including Admin, yourself, and the additional four that you have created.
10.In the User And Group Accounts dialog box, click OK to accept your account
additions.
Next we'll look atChanging a Security Account Password.
Go to page:
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures
3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
7. Permissions
8. Testing Security
9. Documenting Database Security
10.Previewing Permissions
11.Securing a Database with a Database Password
12.Distributing the Secured Application
10
http://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.html -
8/8/2019 Microsoft Access Security
11/32
Microsoft Access Database Security
Changing a Password:
Now that you've created newMicrosoft Access User Accounts, it's time to look at Security AccountPasswords.
Passwords that are entered when you log on to Access are known as Security Account Passwords. Theprimary purpose of these passwords is to ensure that no other user can log on using your name. If this isthe first time you are adding a password to your Access account, you do not have to use the Old Passwordtext box.
The Admin user has full permissions to all database objects. The Admin users password is empty, soanyone can log on to Access as the Admin user. To make your system more secure, you can remove theAdmin user from the Admins group. In this tutorial, you'll do just that.
Task A-5: Setting your logon password and removing the Admin user from the Admins group
Objective: To add a password for yourself and to delete the Admin user. This information relates to the
sample Microsoft Access database download
1. Exit Access.
2. Start Access. Don't open a database.
3. Choose Tools, Security, User And Group Accounts. The Logon dialog box opens.
4. Log on by using your name (as you typed it in when you created your own user
account) and no password. There's no password assigned to your name yet. After youclick OK, the User And Group Accounts dialog box opens.
5. Select the Change Logon Password tab.
6. In the New Password and Verify text boxes, type password. Remember, the
password is case-sensitive.
7. Click Apply to accept the change and leave the dialog box open.
8. On the Users page, select the User Name Admin.
9. From the Member Of list, select Admins.
10.Click Remove to remove the Admin user from the Admins group. The Admin user
remains a member of the Users group only.
11
http://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/downloads/MyNewApp.zip -
8/8/2019 Microsoft Access Security
12/32
11.Click OK to accept the change and close the User And Group Accounts dialog box.
Next we'll take a look atThe Security Wizard.
Go to page:
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures
3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
7. Permissions
8. Testing Security
9. Documenting Database Security
10.Previewing Permissions
11.Securing a Database with a Database Password
12.Distributing the Secured Application
12
http://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.html -
8/8/2019 Microsoft Access Security
13/32
Microsoft Access Database Security
The Security Wizard:
The Admin user owns all the objects in the database and has irrevocable permissions to them. However, itis important to change the ownership to the project leaders account (you). When you create or copy anobject, the user who is logged in becomes the owner. The easiest way to change ownership of all objectsin the database is to first make sure your project leader is logged in, and then run the Security Wizard.
You can use the Security Wizard to create a new database and fill it with copies of the objects of thedatabase that is currently open. The Security Wizard exports copies of all the objects from the originaldatabase. It also secures selected object types by revoking all permissions in the Users group for those
objects in the database. The new database is encrypted, which means that it is indecipherable duringelectronic transmission or when it is stored on a disk, tape, or other magnetic medium. All tablerelationships and linked tables are recreated in the new database. However, the original database is notchanged.
Changing the Ownership of Database Objects
An object's owner is the user who creates that object, also known as the object's creator. The owner of anobject has Administer permissions. Other users cannot change the object owner's permissions. If anotheruser creates a new object in the database, then that user is the owner of the object. Having differentowners for all the objects within a database can be cumbersome. The database will be easier to maintain ifone user is designated as the owner and takes responsibility for maintaining the objects. You can changethe owner of an object by using the Change Owner tab of the User and Group Permissions dialog box.
Now let's use the Security Wizard to create an unsecured backup copy of thesample Microsoft Accessdatabase download file: MyNewApp.mdb and to secure MyNewApp.mdb. You should have alreadycompleted the previous tutorials within this security section; details of each can be found at the bottom ofthis page.
Task A-6: Using the Microsoft Access Security Wizard
Objective: To create a new database that only certain users can access. This information relates to thesample Microsoft Access database download
1. Exit Access. Start Access
2. Open MyNewApp.mdb. In the Logon dialog box, enter your password and click
OK.
3. Choose Tools, Security, User And Group Permissions.
4. Select the Change Owner tab. The form objects are displayed. Notice that Admin is
the owner of every form. Display different object types from the Object Type drop-down list.Admin is the owner of every object type.
5. Click Cancel to dismiss the dialog box.
13
http://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.zip -
8/8/2019 Microsoft Access Security
14/32
6. Choose Tools, Security, User-Level Security Wizard to run the Security Wizard.
Accept the default selection, Modify My Current Workgroup Information File. ClickNext.
7. You want to secure all database objects, which is the default wizard setting. Select the
All Objects tab and scroll through the list to verify that all tables, queries, forms,reports and macros are checked.
8. Click Next.
9. In the next wizard dialog box, check these security group accounts: Order
Entry and Sales Managers. Each one defines specific permissions for the users you'll
assign to the group. To read the group permissions assigned to each built-in group, selecteach group (but don't check any of the built-in groups)
10.Click Next.
11.In the next wizard dialog box, accept the default selection "No, The Users
Group Should Not Have Any Permissions". Any permissions you assign to the Usersgroup are the same permissions available to anyone with a copy of Access. You want tocompletely lock out others.
12.Click Next.
13.In the next wizard dialog box, the users you've already added to the workgroup
information file are listed. You also have the option of adding new users. We're not addingany users now, so click Next.
14
-
8/8/2019 Microsoft Access Security
15/32
14.In the next wizard dialog box, you assign users to groups in the workgroup information
file. Select the option Select A Group And Assign Users To The Group.
15.Your name is already assigned to the Admins group, and the other users are already
assigned to either the Order Entry or Sales Managers group. Use the following graphics
to select the group names and verify the users assigned to them.
16.Click Next to advance to the last wizard dialog box. Verify the name of the backup
copy of the unsecured database.
Also note that, after the database is secured, you'll get a report of the settings that wereused to create the users and groups in the workgroup information file.
17.Click Finish and wait while the wizard secures the database objects and creates the
report.
15
-
8/8/2019 Microsoft Access Security
16/32
18.Scroll through the One-Step Security Wizard Report. Notice that there's an
unsecured database (.bak file) and a secured database (.mdb file), both stored in the folder.The report lists the secured objects, groups and users. It's important to keep thisinformation available in the report in case you ever need to re-create the same workgroupfile.
19.Close the report.
20.Click Yes to save the report as a Snapshot (.snp) file. Wait for the encryption process
to finish.
21.On the taskbar, you will see the Snapshot Viewer, and clicking this will view
the new file: MyNewApp.snp.
22. The snapshot report is saved in the same location as the database file.23.Close the Snapshot Viewer.
Next we'll take a look atSecurity Permissions and Permission Types.
Go to page:
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures
3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
7. Permissions
8. Testing Security
9. Documenting Database Security
10.Previewing Permissions
11.Securing a Database with a Database Password
12.Distributing the Secured Application
16
http://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.html -
8/8/2019 Microsoft Access Security
17/32
Permissions
After you run the Security Wizard, you can manually change database and object permissions for user andgroup accounts in a workgroup. It's advisable to assign permissions to groups, not to users, because eachuser inherits the permissions assigned to the group.
Permission Types
Each user has access to nine types of permission for data or objects in a database. The following tabledescribes the nine types of permission, and what each type enables a user to do. To read more aboutthese permissions, search Microsoft Access Help for permissions, display the topic Work With Permissions,and select Types Of Permissions.
Permission Allows a user to Objects involved
Open/Run Open a database, form, or report. Run a macro.Databases, forms, reports, andmacros.
OpenExclusive
Open a database on a network, while ensuring that otherscannot open the database while the first user has it open.
Tables, queries, forms, reports,macros, and modules.
ReadDesign
View the design of objects. No changes to the design areallowed.
Tables, queries, forms, reports,macros, and modules.
ModifyDesign
Change the design of objects and delete objects.Tables, queries, forms, reports,macros, and modules.
AdministerSet database passwords, replicate databases, and changestartup properties. Have full access to objects and data, andassign permissions for objects.
Databases, tables, queries,forms, reports, macros, andmodules.
Read Data View data, but not table designs or query designs. Tables and queries.
UpdateData
View and edit data, but not insert or delete data. Tables and queries.
Insert Data View and insert data, but not change or delete data. Tables and queries.
Delete Data View and delete data, but not change or insert data. Tables and queries.
Before starting the following exercise you should have already completed the previous tutorials within thissecurity section; details of each can be found at the bottom of this page.
Task A-7: Granting permissions to a database and its objects
1. Choose Tools, Security, User And Group Permissions to display the User And Group
Permissions dialog box.2. Select the Change Owner tab. Select different object types and notice that you
are the current owner of the database and all its objects
17
-
8/8/2019 Microsoft Access Security
18/32
3. Select the Permissions tab. Let's take a look at the permissions assigned to the users
and groups, starting with the groups.
4. From the List options, select Groups. The Admins group is selected in the
User/Group Name list.
5. Explore the permissions assigned to various object types and group names.
Notice that the Order Entry, Sales Managers and Users groups have no permissions assignedto them. For the Users group, you want to leave it set that way.
6. From the User/Group Name list, select Order Entry. You want to assign
permissions to this group.
7. From the Object Type drop-down list, select Database. In the Permissions section,
check Open/Run
18
-
8/8/2019 Microsoft Access Security
19/32
8. Click Apply. All users in the Order Entry group have permission to open and run the
current database.
9. Now let's set the Order Entry group's permissions for the table objects in the current
database. From the Object Type drop-down list, select Table. From the Object Name list,select all the table names.
10.In the Permissions section, check Update Data and Insert Data. Uncheck Delete
Data. Notice that the options Read Design and Read Data are also checked by default with
these options. Three options should be unchecked: Modify Design, Administer, and DeleteData.
11.Click Apply.
12.Apply database and object permissions to groups according to the
specifications in the following table (select all object names for each object type):
Group Object Type Permissions
Order Entry Query Read Design, Read Data, Update Data, Insert Data, Delete Data - allQueries
19
-
8/8/2019 Microsoft Access Security
20/32
Form Open/Run, Read Design - all Forms
Report Open/Run, Read Design - all Reports
Macro Open/Run - all Macros
SalesManagers
Database Open/Run
Table Read Data, Read Design - all Tables
Query Read Data, Read Design - all Queries
Form Open/Run - all Forms
Report Open/Run - all Reports
Macro Open/Run - all Macros
13.Click OK to close the dialog box.
Now that you have assigned your security for the groups and users, you will want to Test Your MicrosoftAccess Security.
Go to page:
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures
3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
7. Permissions
8. Testing Security
9. Documenting Database Security
10.Previewing Permissions
11.Securing a Database with a Database Password
12.Distributing the Secured Application
20
http://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.html -
8/8/2019 Microsoft Access Security
21/32
Testing your Microsoft Access Database Security:
After you've set up security for all groups and users, you will need to test it. Make sure that each grouphas the options that you have selected in the User And Group Permissions dialog box.
Task A-8: Testing Microsoft Access Database Security.
Objective: To test the various groups for the security that you set up in the previous tutorial -MicrosoftAccess Database Security - Security Permissions
1. Exit Access. You'll need to log on as a different user to test security.
2. Start Access. Open MyNewApp.mdb. Log on with the name Susan M, and no
password. Susan M is a member of the Sales Managers group, so you'll be testing thepermissions you assigned to that group.
3. From the Database Window (Press F11 to display database window), preview
the report, Book and Customer Sales. Because the Sales Managers group has permissionto Open/Run all reports, Susan M can preview this report.
4. Choose View, Design View. As Susan M, you don't have permission to view the design
of the report.
5. Click OK to dismiss the message box.
6. Close the report.
7. Now let's try to add a new customer to the database. From the database window,
open the Customer form. Look at the New Record navigation button at the bottom of theform. It's dimmed. There's your first clue that you can't add a new record.
8. But you still have the Add Customer button on the form, right? Click the Add
Customer button.
Another roadblock. You can't add a new record. The permission assignments work the waythat you want them to.
9. Click OK to dismiss the message box.
10.Close the Customer form.
11.From the Switchboard, click Add Customer. You see a blank form.
12.Close the Customer form (Chose File, Close)
13.Exit Access.
21
http://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/permissions.html -
8/8/2019 Microsoft Access Security
22/32
14.Start Microsoft Access and open MyNewApp.mdb. Log on as Admin with the
password, "password".
The Admin user can't even get past Go.
15.Click OK to dismiss the message box.
16.Exit Access yet again.
17.Start Access, open MyNewApp.mdb, and log on with your name and password
(your password is password).
Once you have tested your security you will want toDocument Database Security.
Go to page:
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures
3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
7. Permissions
8. Testing Security
9. Documenting Database Security
10.Previewing Permissions
11.Securing a Database with a Database Password
12.Distributing the Secured Application
22
http://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.html -
8/8/2019 Microsoft Access Security
23/32
Microsoft Access Database Security - Documenting your Database Security:
After you have established security for your application, you can print a security report for a particularworkgroup. In this report, you can see the security for both users and groups, just users, or just groups.The report includes group names and user names, and indicates which users and groups belong togetherin the particular workgroup. If you want to send the security report directly to the printer, you can use the
Print Security dialog box to make selections about what level of security you want to document.
Let's start by taking a look at your options to print a report about users and groups in thesampledatabase - MyNewApp.mdb. You will have created these user and group accounts and permissions in theprevious tutorials listed at the bottom of this page.
Task A-9: Printing reports about security users and groups.
1. Choose Tools, Security, User And Group Accounts to open the User And Group
Accounts dialog box.
2. Click Print Users And Groups to open the Print Security dialog box.
3. Take a look at the print security options.
You can print reports that show one of the following security levels:
All users defined for the current workgroup.
All groups defined for the current workgroup.
Both user and group account information.
All users in the current workgroup can print reports showing user and group information.
4. Click Cancel. Because printed security reports are sent directly to a printer, your
computer must be attached to a printer if you click OK.
5. Close the User And Group Accounts dialog box. Next, you'll create a report on a
form with permissions for each user and group.
Once you have tested your security you will want toDocument Database Security.
Go to page:
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures
3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
7. Permissions
23
http://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.html -
8/8/2019 Microsoft Access Security
24/32
8. Testing Security
9. Documenting Database Security
10.Previewing Permissions
11.Securing a Database with a Database Password
12.Distributing the Secured Application
24
http://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.html -
8/8/2019 Microsoft Access Security
25/32
Microsoft Access Database Security -
Previewing Security Permissions:
Previewing Permissions
If you want to view the permissions for a particular object, you can create a report that includes the
objects design information and permissions listed by user and group. Use the Database Documenter toview the definition for one object or multiple objects.
Let's use the Documenter to preview a report for user and group permissions as they're set for theCustomer form.
You will have created these user and group accounts and permissions in the previous tutorials listed at thebottom of this page using the sample database - MyNewApp.mdb..
Task A-10: Previewing reports about user and group permissions by object.
1. Choose Tools, Analyze, Documenter to open the Documenter dialog box.
2. Display the form objects. Check frmCustomer to run the report on just this oneform.
3. Click Options to open the Print Form Definition dialog box.
4. In the Include For Form section, uncheck Properties and Code. Check
Permissions By Users And Groups. To make your report run faster, check only those
options you need. Printing properties can fill up lots of pages.
5. In the Include For Sections And Controls section, select Nothing. Again, this is to
keep the report shorter and include only the information you need.
25
http://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.zip -
8/8/2019 Microsoft Access Security
26/32
6. Click OK to close the Print Form Definition dialog box.
7. Click OK to run the Documenter. This might take several minutes to run, so be patient.
The more information that you request from the Documenter, the longer it takes to run thereport.
8. In the Object Definition report for the Customer form, look at the user and
group permissions.
9. Close the report.
Now we've investigated User and Group Security in Microsoft Access, let's take a look at Securing aDatabase with a Database Password
Go to page:
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures
3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
7. Permissions
8. Testing Security
9. Documenting Database Security
10. Previewing Permissions
11.Securing a Database with a Database Password
12.Distributing the Secured Application
26
http://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/distribute_secure_app.html -
8/8/2019 Microsoft Access Security
27/32
Microsoft Access Database Security
Securing a Database with a Database Password:
To prevent unauthorised users from opening an application, you can add a database password. However,a database password does not control what a user does once the application is opened. To set a password,the database must open in exclusive mode.
Make sure to keep a record of the database password. If you lose or forget the password, you cannotopen the database or retrieve its data.
You can password-protect a database that contains tables that are linked to another database. You mustprovide the password to the back-end database in a connection string; you can save the password as partof the link to the tables. The password information is added to the end of the connection string by usingthe password identifier, PWD=password. To change the password, you need Administer permission to the
database object
Caution: Because many people will share the same database password, it is risky to rely on the databasepassword without implementing full user-security. One person could change the password and lockeveryone else out. With full user-security, you can control who has rights to change the databasepassword.
Unfortunately, people do lose or forget their passwords, making it impossible to access that data. Luckily,it does not mean that the data is lost forever. Check out the Microsoft Access Password Recovery Toolsavailable.
Let's experiment by setting a database password using thesample database - MyNewApp.mdb..
Task A-11: Setting a database password.
1. Close MyNewApp.mdb
2. Click the Open Database button - You need to use the Open dialog box.
3. Select MyNewApp.mdb. Click on the arrow next to the Open button.
4. Choose Open Exclusive to open the MyNewApp.mdb database with exclusive access.
This gives you the sole access to the database when you have it open. You can't set adatabase password if it's in shared access mode. By choosing the Open Exclusive option,you prevent other users from opening the database whilst you have it open.
5. Choose Tools, Security, Set Database Password to open the Set Database dialog
box.
6. In the Password and Verify text boxes, type dbpassword. Passwords are case-
sensitive.
27
http://www.databasedev.co.uk/access_password_recovery.htmlhttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/downloads/MyNewApp.ziphttp://www.databasedev.co.uk/access_password_recovery.htmlhttp://www.databasedev.co.uk/downloads/MyNewApp.zip -
8/8/2019 Microsoft Access Security
28/32
7. Click OK to accept the database password and close the dialog box.
8. Close the database.
9. Let's test the password to see if it works. Open MyNewApp.mdb. You must enter the
database password to open the database.
10.Type dbpassword, and click OK. The database opens.
Removing the Database Password
You can remove the password you have set for a database. Once a password is set, the choice in the
Tools, Security menu choice becomes Unset Database Password. You will be prompted for the password; itis case-sensitive. After you remove the database password, anyone has access to the database.
Let's remove the database password you set for MyNewApp.mdb
Task A-12: Removing a database password.
1. Close MyNewApp.mdb. Open MyNewApp.mdb in Exclusive Mode.
2. Enter dbpassword. Click OK
3. Choose Tools, Security, Unset Database Password. Notice how this command has a
different name now that the database has a password set on it.
4. In the Password text box, type dbpassword.
5. Click OK to accept the password and close the dialog box.
6. Let's test this change. Close the database.
7. Open MyNewApp.mdb. You didn't need to enter a database password to open the
database.
For the final tutorial in this section, let's take a look at Distributing the Secured Application
Go to page:
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures
3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
28
http://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.html -
8/8/2019 Microsoft Access Security
29/32
7. Permissions
8. Testing Security
9. Documenting Database Security
10.Previewing Permissions
11. Securing a Database with a Database Password
12.Distributing the Secured Application
29
http://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/distribute_secure_app.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/distribute_secure_app.html -
8/8/2019 Microsoft Access Security
30/32
Distributing the Secured Database Application
Because permissions are stored with application databases, and accounts and passwords are stored withworkgroups, users must have access to both the appropriate databases and workgroups. To make anapplication database (or databases) and workgroups available to users, you can do any of the followingprocedures:
Copy the workgroup information file that defines the workgroup to a network server.
Users can join this workgroup by specifying the network server path to the workgroupinformation file.
Provide each user with a copy of the workgroup information file that defines the
workgroup, so that the users can place it on their local workstation PC. Users can then jointhe workgroup. One drawback to this method is that if you update the workgroup you mustgive users separate copies of the updated files.
If users are using different workgroup information files, you can create the same group
account in each workgroup instead of copying the whole workgroup into the file. Thecommon group account must have the same name and personal identifier (PID) in eachworkgroup. You need to add the users in each workgroup to the common group.
In all cases, the application files (MDBs) can be located on a shared network drive or
copied to the individual workstations. If a users permissions are changed, you need to
redistribute a copy of the application database to each PC where that user needs to work.
You might not want to give users a copy of the workgroup information file that defines the workgroup you
used when you created the application, because then users might get full permissions to databases andobjects (if they can guess a password and log on to Access as members of the Admins group).
Each user must have a copy of Access in order to run your application. If you want users to run anapplication without having a copy of Access on their computers, you must use the Package AndDeployment Wizard included in the MS Office 2000 Developer's Edition. This wizard includes the filesnecessary to use the run-time version of Microsoft Access. It has its own setup program that you can useto create a custom run-time setup for each users computer.
Go to page:
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
7. Permissions
8. Testing Security
9. Documenting Database Security
10.Previewing Permissions
11.Securing a Database with a Database Password
12. Distributing the Secured Application
30
http://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.htmlhttp://www.databasedev.co.uk/access_security.htmlhttp://www.databasedev.co.uk/setting_logon_procedures.htmlhttp://www.databasedev.co.uk/group_accounts.htmlhttp://www.databasedev.co.uk/user_accounts.htmlhttp://www.databasedev.co.uk/change_password.htmlhttp://www.databasedev.co.uk/security_wizard.htmlhttp://www.databasedev.co.uk/permissions.htmlhttp://www.databasedev.co.uk/testing_security.htmlhttp://www.databasedev.co.uk/document_security.htmlhttp://www.databasedev.co.uk/previewing_permissions.htmlhttp://www.databasedev.co.uk/database_password.html -
8/8/2019 Microsoft Access Security
31/32
31
-
8/8/2019 Microsoft Access Security
32/32