Microsoft Access Security

http://www.databasedev.co.
uk/distribut
e_secure_app.html
Microsoft Access Database Security
Steps to Securing an Access Database by Using User-level Security:
A workgroup information file is a file about the users in a workgroup. Microsoft Access reads this file at
startup. It contains information about account names, passwords, group membership and preferences.
Preference information is specified in the Options dialog box.
A workgroup information file is initially created by the setup program when Microsoft Access is installed.
The file is identified by the name and organisation information that is supplied during the setup process of
Microsoft Access.
A Workgroup ID (WID) is created when a new workgroup information file is created. A WID can have
between four and twenty characters and is case-sensitive. The WID guarantees that the workgroup file
can't be recreated by another user by simply guessing the name and company. It also makes the Admins
group unique to this workgroup file.
Access Workgroup Password Recovery v1.0a

Recover lost passwords for MS Access user/group permissions security files
Access Workgroup Password Recovery is a program to recover lost or forgotten passwords for MS
Access workgroup files. All passwords are recovered instantly regardless of length. Multilingual
passwords are supported.
Note: The following information details how to create and implement User-Level Security using Microsoft
Access 2000. These steps have been thoroughly tested and have been found to work correctly. Please
ensure that you follow the steps and instructions completely to recreate this process. The author takes no
responsibility for any problems that arise due to these instructions not being adhered to. Always
remember to BACK-UP any files (database and workgroup) prior to testing these procedures.
Task A-1: Creating a new workgroup information file
Objective: To create a new System.mdw with a new name
1. Exit Access
2. Using the Windows Explorer, open the folder C:\Program Files\Microsoft
Office\Office. This folder is where the System.mdw is located with a fresh installation of
Microsoft Office 2000
3. Copy the file SYSTEM.MDW to the root of your computer’s hard drive (don't move
the file) to make a backup copy of the file.
4.In the Microsoft Office folder, double-click on MS Access Workgroup
Administrator.
This is a shortcut to the Wrkgadm.exe program that, when executed, runs the Workgroup
Administrator.
1
5. In the first dialog box is the name, company and workgroup to which you are joined.
6. Click Create to open the Workgroup Owner Information dialog box, which you can use
to create a new workgroup information file.
7. In the Name text box, type in your name.

8. In the Organisation text box, type in your organisation name.
9. In the Workgroup ID text box, type in mywid.
10. Click OK to accept this information and open the Workgroup Information File dialog
box.
11. Using the default path, change the database filename to MySystem.mdw.
12. Click OK to accept the default path and new name for the new workgroup information
file, C:\Program Files\Microsoft Office\Office\MySystem.mdw
2
13. In the Confirm Workgroup Information dialog box, verify that the information
you typed is correct.
14. Click OK. You must confirm your entries for the new workgroup information file.
15. In the message box indicating that you have successfully created the
workgroup information file, click OK.
16. Look at the changes in the Workgroup Administrator dialog box. There's the
information that you entered for the new workgroup information file. This workgroup
information file is used the next time that you start up Microsoft Access, so there is no need
to join the workgroup now.
17. Click Exit to close the Workgroup Administrator and display the contents of the Office
folder in the Windows Explorer. Notice that the new file, MySystem.mdw, isn't displayed.
You may need to refresh the view to see it.
18. Choose View, Refresh. Scroll to see MySystem.mdw and System.mdw. Both
workgroup information files are saved in the same folder.
19. Before you close Windows Explorer, make a shortcut to the MSAccess.exe on
the desktop. You'll be exiting and starting Microsoft Access several times during this
tutorial and a desktop shortcut makes restarting Microsoft Access more convenient.
20. Close Windows Explorer.
Go to page:
3
1. Steps to Securing an Access Database by Using User-level Security
2. Setting Logon Procedures
3. Group Accounts
4. User Accounts
5. Changing a Password
6. The Security Wizard
7. Permissions
8. Testing Security
9. Documenting Database Security
10. Previewing Permissions
11. Securing a Database with a Database Password
12. Distributing the Secured Application
4
Setting Logon Procedures
If you do not activate the logon procedure, you are automatically logged on under the Admin user
account, for which there is an empty password. If you want to require users to log on to start Access, you
can change the password of the Admin user account. The Admin user is a member of the Admins
(Administrator) group. The Admin user account is the same for every installation of Access. Administrators
always have full permissions for objects created in the workgroup.
An Access password is case-sensitive and can have up to 14 characters, including any ASCII characters
except null (ASCII character 0). When you type your password in the New Password text box, asterisks
are displayed to maintain your password’s security. The first time you set a password, do not type
anything in the Old Password text box.
Before completing the following activities, please ensure that you have followed the previous exercise:
Steps to Securing an Access Database by Using User-level Security
Task A-2: Activating the logon procedure
Objective: To change the logon password for the user named Admin to turn on security for the
MyNewApp.mdb database. Please download the MyNewApp.mdb database before starting this tutorial.
1. Start Access. Do not open a database

2. Choose Tools, Security, User And Group Accounts. You use the User And Group
Accounts dialog box to define user names, group membership, group names, and a logon
password.
3.Verify that the Users tab is selected and that Admin is selected in the User
Name text box. You're goint to change the password for this user.
4. Select the Change Logon Password tab. In the New Password text box, type
password. (Don't type in the Old Password text box because there is no old password.)
Passwords are case-sensitive. Notice that an asterisk is displayed for each character that
you type.
5. In the Verfiy text box, type password. Accuracy is essential! The password text
boxes should look identical.
6. Click OK to accept your new password.

7. Exit Access.
8. Start Access. Try to open MyNewApp.mdb. The Logon dialog box opens before you
can open the database. You must enter a valid user name and password.
5
9. In the Name text box, type Admin. In the Password text box, type password.
10. Click OK. Now MyNewApp.mdb opens!
Go to page:

3. Group Accounts
4. User Accounts
7. Permissions
8. Testing Security
6
Group Accounts:
When you install Microsoft Access, you get one user account and two group accounts:
 The Admin account is the default user account.

 The Admins account is the system administrator’s group account. The Access Setup
program automatically adds the Admin user account to the Admins group.
 The Users account is a group account that comprises all the user accounts. When you
create a user account, it is automatically added to the Users group. Everyone is always a
member of the Users group and can't be removed.
You can log on to Microsoft Access with a user account, but not with a group account.
It is easier if you organise your users into groups and assign permissions to each group, rather than to
individual users. A user can be a member of more than one group, and inherits all of the permissions of
each group. A good design strategy is to add permissions to the groups, and add users to the appropriate
group(s).
A Personal Identifier (PID) is a character string that is used in conjunction with the account name to
identify a user or group. The PID is specified when you create a new user or group. You should record this
case-sensitive code in case you need to recreate the workgroup information file. Note that the PID is not a
password. It's another means of identifying who you are to Microsoft Access.
Let's create two group accounts and set a unique PID for each one.
Before completing the following activities, please ensure that you have followed the previous exercise:
Setting Logon Procedures
Task A-3: Creating Group Accounts in Microsoft Access
Objective: To create two new group accounts, one for the group who does Order Entry, and the second for
the Sales Managers group. This information relates to the sample Microsoft Access database download
1. Close MyNewApp.mdb without exiting Access. You don't need to have a database
open to create accounts.
2. Choose Tools, Security, User and Group Accounts.
3. In the User And Group Accounts dialog box, notice the Available Groups list in
the Group Membership section. There are two groups available, one named Admins and
the other named Users.
4. Select the Groups tab. Display the Name drop-down list.

The same two groups are listed here. You're going to create two new groups to add to this
list.
5. Close the Name drop-down list. Click New to open the New User/Group dialog box,
which is what you'll use to create new group accounts, one at a time.
6. Create the following group:
Name: Order Entry

Personal ID: orderpid
7
All the characters are case-sensitive.
7. Click OK.
8. Create another group as follows:
Name: Sales Managers

Personal ID: salespid
9. Click OK.
10. Display the Name drop down list. Notice that four groups are now listed, including
your two new groups.
Now that you've created new group accounts, it's time to create new user accounts.
Go to page:

3. Group Accounts
4. User Accounts
7. Permissions
8. Testing Security
8
User Accounts
Now that you've created new Microsoft Access Group Accounts, it's time to create new user accounts in
Microsoft Access.
When you create user accounts for an application, those accounts are stored in the workgroup that the
users join when they use the application. Therefore, before you create the user accounts, you should
make sure that you are in the correct workgroup information file.
You can add a user to a group account or remove a user from a group account by making selections in the
Users tab of the Users And Group Accounts dialog box. Similarly, you can delete a user account or a group
account from a workgroup by making selections in the Users tab or the Groups tab of the Users And Group
Accounts dialog box. You cannot delete the group accounts Admins or Users.
Task A-4: Creating User Accounts in Microsoft Access
Objective: To create the administrator's user account as well as four other user accounts, and to assign
each user to a group. This information relates to the sample Microsoft Access database download
Before you begin: The User and Group Accounts dialog box is open, and the Order Entry and Sales
Managers group accounts are created - please complete the previous tutorial Setting up Microsoft Access
Group Accounts before starting.
1. Select the Users tab.

2. Display the Name drop-down list. There's only one user listed, Admin. You're going
to create five more users to add to this list.
3. In the Groups section, look at the Available Groups list. Four groups are listed,
including the two that you created. You can assign users to these groups.
4. In the User section, click New to open the New User/Group dialog box.
5. Create a user account for yourself, as follows:
Name: (Your Name)

Personal ID: mypid
Click OK.
6. From the User Name drop-down list, select your name.

7. From the Available Group list, verify that Admins is selected. Click Add to create
a security administrator account with you as administrator. You are a member of the Admins
group. As such you inherit Administer rights to import files, create new users, and assign
9
permissions.
8. Create the following new user accounts and assign each user to the indicated group
accounts:
User Name Personal ID Group Membership
Olivia E oliviapid Order Entry; Users
Oscar D oscarpid Order Entry; Users
Scott S scottpid Sales Managers; Users
Susan M susanpid Sales Managers; Users
9. Display and scroll through the Name drop-down list. Now there are six user
accounts, including Admin, yourself, and the additional four that you have created.
10. In the User And Group Accounts dialog box, click OK to accept your account
additions.
Next we'll look at Changing a Security Account Password.

Go to page:

3. Group Accounts
4. User Accounts
7. Permissions
8. Testing Security
10
Changing a Password:
Now that you've created new Microsoft Access User Accounts, it's time to look at Security Account
Passwords.
Passwords that are entered when you log on to Access are known as Security Account Passwords. The
primary purpose of these passwords is to ensure that no other user can log on using your name. If this is
the first time you are adding a password to your Access account, you do not have to use the Old Password
text box.
The Admin user has full permissions to all database objects. The Admin user’s password is empty, so
anyone can log on to Access as the Admin user. To make your system more secure, you can remove the
Admin user from the Admins group. In this tutorial, you'll do just that.
Task A-5: Setting your logon password and removing the Admin user from the Admins group
Objective: To add a password for yourself and to delete the Admin user. This information relates to the
sample Microsoft Access database download
1. Exit Access.
2. Start Access. Don't open a database.
3. Choose Tools, Security, User And Group Accounts. The Logon dialog box opens.
4. Log on by using your name (as you typed it in when you created your own user
account) and no password. There's no password assigned to your name yet. After you
click OK, the User And Group Accounts dialog box opens.
5. Select the Change Logon Password tab.
6. In the New Password and Verify text boxes, type password. Remember, the
password is case-sensitive.
7. Click Apply to accept the change and leave the dialog box open.
8. On the Users page, select the User Name Admin.
9. From the Member Of list, select Admins.
10. Click Remove to remove the Admin user from the Admins group. The Admin user
remains a member of the Users group only.
11
11. Click OK to accept the change and close the User And Group Accounts dialog box.
Next we'll take a look at The Security Wizard.

Go to page:

3. Group Accounts
4. User Accounts
7. Permissions
8. Testing Security
12
The Security Wizard:
The Admin user owns all the objects in the database and has irrevocable permissions to them. However, it
is important to change the ownership to the project leader’s account (you). When you create or copy an
object, the user who is logged in becomes the owner. The easiest way to change ownership of all objects
in the database is to first make sure your project leader is logged in, and then run the Security Wizard.
You can use the Security Wizard to create a new database and fill it with copies of the objects of the
database that is currently open. The Security Wizard exports copies of all the objects from the original
database. It also secures selected object types by revoking all permissions in the Users group for those
objects in the database. The new database is encrypted, which means that it is indecipherable during
electronic transmission or when it is stored on a disk, tape, or other magnetic medium. All table
relationships and linked tables are recreated in the new database. However, the original database is not
changed.
Changing the Ownership of Database Objects
An object's owner is the user who creates that object, also known as the object's creator. The owner of an
object has Administer permissions. Other users cannot change the object owner's permissions. If another
user creates a new object in the database, then that user is the owner of the object. Having different
owners for all the objects within a database can be cumbersome. The database will be easier to maintain if
one user is designated as the owner and takes responsibility for maintaining the objects. You can change
the owner of an object by using the Change Owner tab of the User and Group Permissions dialog box.
Now let's use the Security Wizard to create an unsecured backup copy of the sample Microsoft Access
database download file: MyNewApp.mdb and to secure MyNewApp.mdb. You should have already
completed the previous tutorials within this security section; details of each can be found at the bottom of
this page.
Task A-6: Using the Microsoft Access Security Wizard
Objective: To create a new database that only certain users can access. This information relates to the
sample Microsoft Access database download
1. Exit Access. Start Access

2. Open MyNewApp.mdb. In the Logon dialog box, enter your password and click
OK.
3. Choose Tools, Security, User And Group Permissions.
4. Select the Change Owner tab. The form objects are displayed. Notice that Admin is
the owner of every form. Display different object types from the Object Type drop-down list.
Admin is the owner of every object type.
5. Click Cancel to dismiss the dialog box.
13
6. Choose Tools, Security, User-Level Security Wizard to run the Security Wizard.
Accept the default selection, Modify My Current Workgroup Information File. Click
Next.
7. You want to secure all database objects, which is the default wizard setting. Select the
All Objects tab and scroll through the list to verify that all tables, queries, forms,
reports and macros are checked.
8. Click Next.
9. In the next wizard dialog box, check these security group accounts: Order
Entry and Sales Managers. Each one defines specific permissions for the users you'll
assign to the group. To read the group permissions assigned to each built-in group, select
each group (but don't check any of the built-in groups)
10. Click Next.

11. In the next wizard dialog box, accept the default selection "No, The Users
Group Should Not Have Any Permissions". Any permissions you assign to the Users
group are the same permissions available to anyone with a copy of Access. You want to
completely lock out others.
12. Click Next.

13. In the next wizard dialog box, the users you've already added to the workgroup
information file are listed. You also have the option of adding new users. We're not adding
any users now, so click Next.
14
14. In the next wizard dialog box, you assign users to groups in the workgroup information
file. Select the option Select A Group And Assign Users To The Group.
15. Your name is already assigned to the Admins group, and the other users are already
assigned to either the Order Entry or Sales Managers group. Use the following graphics
to select the group names and verify the users assigned to them.
16. Click Next to advance to the last wizard dialog box. Verify the name of the backup
copy of the unsecured database.
Also note that, after the database is secured, you'll get a report of the settings that were
used to create the users and groups in the workgroup information file.
17. Click Finish and wait while the wizard secures the database objects and creates the
report.
15
18. Scroll through the One-Step Security Wizard Report. Notice that there's an
unsecured database (.bak file) and a secured database (.mdb file), both stored in the folder.
The report lists the secured objects, groups and users. It's important to keep this
information available in the report in case you ever need to re-create the same workgroup
file.
19. Close the report.
20. Click Yes to save the report as a Snapshot (.snp) file. Wait for the encryption process
to finish.
21. On the taskbar, you will see the Snapshot Viewer, and clicking this will view
the new file: MyNewApp.snp.
22. The snapshot report is saved in the same location as the database file.
23. Close the Snapshot Viewer.
Next we'll take a look at Security Permissions and Permission Types.

Go to page:

3. Group Accounts
4. User Accounts
7. Permissions
8. Testing Security
16
Permissions
After you run the Security Wizard, you can manually change database and object permissions for user and
group accounts in a workgroup. It's advisable to assign permissions to groups, not to users, because each
user inherits the permissions assigned to the group.
Permission Types
Each user has access to nine types of permission for data or objects in a database. The following table
describes the nine types of permission, and what each type enables a user to do. To read more about
these permissions, search Microsoft Access Help for permissions, display the topic Work With Permissions,
and select Types Of Permissions.
Permission Allows a user to Objects involved
Databases, forms, reports, and

Open/Run Open a database, form, or report. Run a macro.
macros.
Open Open a database on a network, while ensuring that others Tables, queries, forms, reports,
Exclusive cannot open the database while the first user has it open. macros, and modules.
Read View the design of objects. No changes to the design are Tables, queries, forms, reports,
Design allowed. macros, and modules.
Modify Tables, queries, forms, reports,

Change the design of objects and delete objects.
Design macros, and modules.
Set database passwords, replicate databases, and change Databases, tables, queries,
Administer startup properties. Have full access to objects and data, and forms, reports, macros, and
assign permissions for objects. modules.
Read Data View data, but not table designs or query designs. Tables and queries.
Update
View and edit data, but not insert or delete data. Tables and queries.
Data
Insert Data View and insert data, but not change or delete data. Tables and queries.
Delete Data View and delete data, but not change or insert data. Tables and queries.
Before starting the following exercise you should have already completed the previous tutorials within this
security section; details of each can be found at the bottom of this page.
Task A-7: Granting permissions to a database and its objects
1. Choose Tools, Security, User And Group Permissions to display the User And Group
Permissions dialog box.
2. Select the Change Owner tab. Select different object types and notice that you
are the current owner of the database and all its objects
17
3. Select the Permissions tab. Let's take a look at the permissions assigned to the users
and groups, starting with the groups.
4. From the List options, select Groups. The Admins group is selected in the
User/Group Name list.
5. Explore the permissions assigned to various object types and group names.
Notice that the Order Entry, Sales Managers and Users groups have no permissions assigned
to them. For the Users group, you want to leave it set that way.
6. From the User/Group Name list, select Order Entry. You want to assign
permissions to this group.
7. From the Object Type drop-down list, select Database. In the Permissions section,
check Open/Run
18
8. Click Apply. All users in the Order Entry group have permission to open and run the
current database.
9. Now let's set the Order Entry group's permissions for the table objects in the current
database. From the Object Type drop-down list, select Table. From the Object Name list,
select all the table names.
10. In the Permissions section, check Update Data and Insert Data. Uncheck Delete
Data. Notice that the options Read Design and Read Data are also checked by default with
these options. Three options should be unchecked: Modify Design, Administer, and Delete
Data.
11. Click Apply.

12. Apply database and object permissions to groups according to the
specifications in the following table (select all object names for each object type):
Group Object Type Permissions
Order Entry Query Read Design, Read Data, Update Data, Insert Data, Delete Data - all
Queries
19
Form Open/Run, Read Design - all Forms
Report Open/Run, Read Design - all Reports
Macro Open/Run - all Macros
Database Open/Run
Table Read Data, Read Design - all Tables
Query Read Data, Read Design - all Queries

Sales
Managers
Form Open/Run - all Forms
Report Open/Run - all Reports
Macro Open/Run - all Macros
13. Click OK to close the dialog box.
Now that you have assigned your security for the groups and users, you will want to Test Your Microsoft
Access Security.
Go to page:

3. Group Accounts
4. User Accounts
7. Permissions
8. Testing Security
20
Testing your Microsoft Access Database Security:
After you've set up security for all groups and users, you will need to test it. Make sure that each group
has the options that you have selected in the User And Group Permissions dialog box.
Task A-8: Testing Microsoft Access Database Security.
Objective: To test the various groups for the security that you set up in the previous tutorial - Microsoft
Access Database Security - Security Permissions
1. Exit Access. You'll need to log on as a different user to test security.

2. Start Access. Open MyNewApp.mdb. Log on with the name Susan M, and no
password. Susan M is a member of the Sales Managers group, so you'll be testing the
permissions you assigned to that group.
3. From the Database Window (Press F11 to display database window), preview
the report, Book and Customer Sales. Because the Sales Managers group has permission
to Open/Run all reports, Susan M can preview this report.
4. Choose View, Design View. As Susan M, you don't have permission to view the design
of the report.
5. Click OK to dismiss the message box.

7. Now let's try to add a new customer to the database. From the database window,
open the Customer form. Look at the New Record navigation button at the bottom of the
form. It's dimmed. There's your first clue that you can't add a new record.
8. But you still have the Add Customer button on the form, right? Click the Add
Customer button.
Another roadblock. You can't add a new record. The permission assignments work the way
that you want them to.
10. Close the Customer form.
11. From the Switchboard, click Add Customer. You see a blank form.
12. Close the Customer form (Chose File, Close)
13. Exit Access.
21
14. Start Microsoft Access and open MyNewApp.mdb. Log on as Admin with the
password, "password".
The Admin user can't even get past Go.

16. Exit Access yet again.
17. Start Access, open MyNewApp.mdb, and log on with your name and password
(your password is password).
Once you have tested your security you will want to Document Database Security.
Go to page:

3. Group Accounts
4. User Accounts
7. Permissions
8. Testing Security
22
Microsoft Access Database Security - Documenting your Database Security:
After you have established security for your application, you can print a security report for a particular
workgroup. In this report, you can see the security for both users and groups, just users, or just groups.
The report includes group names and user names, and indicates which users and groups belong together
in the particular workgroup. If you want to send the security report directly to the printer, you can use the
Print Security dialog box to make selections about what level of security you want to document.
Let's start by taking a look at your options to print a report about users and groups in the sample
database - MyNewApp.mdb. You will have created these user and group accounts and permissions in the
previous tutorials listed at the bottom of this page.
Task A-9: Printing reports about security users and groups.
1. Choose Tools, Security, User And Group Accounts to open the User And Group
Accounts dialog box.
2. Click Print Users And Groups to open the Print Security dialog box.
3. Take a look at the print security options.
You can print reports that show one of the following security levels:
 All users defined for the current workgroup.
 All groups defined for the current workgroup.
 Both user and group account information.
All users in the current workgroup can print reports showing user and group information.
4. Click Cancel. Because printed security reports are sent directly to a printer, your
computer must be attached to a printer if you click OK.
5. Close the User And Group Accounts dialog box. Next, you'll create a report on a
form with permissions for each user and group.
Once you have tested your security you will want to Document Database Security.
Go to page:

3. Group Accounts
4. User Accounts
7. Permissions
23
8. Testing Security
24
Microsoft Access Database Security -
Previewing Security Permissions:
Previewing Permissions
If you want to view the permissions for a particular object, you can create a report that includes the
object’s design information and permissions listed by user and group. Use the Database Documenter to
view the definition for one object or multiple objects.
Let's use the Documenter to preview a report for user and group permissions as they're set for the
Customer form.
You will have created these user and group accounts and permissions in the previous tutorials listed at the
bottom of this page using the sample database - MyNewApp.mdb..
Task A-10: Previewing reports about user and group permissions by object.
1. Choose Tools, Analyze, Documenter to open the Documenter dialog box.

2. Display the form objects. Check frmCustomer to run the report on just this one
form.
3. Click Options to open the Print Form Definition dialog box.

4. In the Include For Form section, uncheck Properties and Code. Check
Permissions By Users And Groups. To make your report run faster, check only those
options you need. Printing properties can fill up lots of pages.
5. In the Include For Sections And Controls section, select Nothing. Again, this is to
keep the report shorter and include only the information you need.
25
6. Click OK to close the Print Form Definition dialog box.
7. Click OK to run the Documenter. This might take several minutes to run, so be patient.
The more information that you request from the Documenter, the longer it takes to run the
report.
8. In the Object Definition report for the Customer form, look at the user and
group permissions.
Now we've investigated User and Group Security in Microsoft Access, let's take a look at Securing a
Database with a Database Password
Go to page:

3. Group Accounts
4. User Accounts
7. Permissions
8. Testing Security
26
Securing a Database with a Database Password:
To prevent unauthorised users from opening an application, you can add a database password. However,
a database password does not control what a user does once the application is opened. To set a password,
the database must open in exclusive mode.
Make sure to keep a record of the database password. If you lose or forget the password, you cannot
open the database or retrieve its data.
You can password-protect a database that contains tables that are linked to another database. You must
provide the password to the back-end database in a connection string; you can save the password as part
of the link to the tables. The password information is added to the end of the connection string by using
the password identifier, PWD=password. To change the password, you need Administer permission to the
database object
Caution: Because many people will share the same database password, it is risky to rely on the database
password without implementing full user-security. One person could change the password and lock
everyone else out. With full user-security, you can control who has rights to change the database
password.
Unfortunately, people do lose or forget their passwords, making it impossible to access that data. Luckily,
it does not mean that the data is lost forever. Check out the Microsoft Access Password Recovery Tools
available.
Let's experiment by setting a database password using the sample database - MyNewApp.mdb..
Task A-11: Setting a database password.
1. Close MyNewApp.mdb
2. Click the Open Database button - You need to use the Open dialog box.
3. Select MyNewApp.mdb. Click on the arrow next to the Open button.
4. Choose Open Exclusive to open the MyNewApp.mdb database with exclusive access.
This gives you the sole access to the database when you have it open. You can't set a
database password if it's in shared access mode. By choosing the Open Exclusive option,
you prevent other users from opening the database whilst you have it open.
5. Choose Tools, Security, Set Database Password to open the Set Database dialog
box.
6. In the Password and Verify text boxes, type dbpassword. Passwords are case-
sensitive.
27
7. Click OK to accept the database password and close the dialog box.
8. Close the database.
9. Let's test the password to see if it works. Open MyNewApp.mdb. You must enter the
database password to open the database.
10. Type dbpassword, and click OK. The database opens.
Removing the Database Password
You can remove the password you have set for a database. Once a password is set, the choice in the
Tools, Security menu choice becomes Unset Database Password. You will be prompted for the password; it
is case-sensitive. After you remove the database password, anyone has access to the database.
Let's remove the database password you set for MyNewApp.mdb
Task A-12: Removing a database password.
1. Close MyNewApp.mdb. Open MyNewApp.mdb in Exclusive Mode.

2. Enter dbpassword. Click OK
3. Choose Tools, Security, Unset Database Password. Notice how this command has a
different name now that the database has a password set on it.
4. In the Password text box, type dbpassword.
5. Click OK to accept the password and close the dialog box.

6. Let's test this change. Close the database.
7. Open MyNewApp.mdb. You didn't need to enter a database password to open the
database.
For the final tutorial in this section, let's take a look at Distributing the Secured Application
Go to page:

3. Group Accounts
4. User Accounts
28
7. Permissions
8. Testing Security
29
Distributing the Secured Database Application
Because permissions are stored with application databases, and accounts and passwords are stored with
workgroups, users must have access to both the appropriate databases and workgroups. To make an
application database (or databases) and workgroups available to users, you can do any of the following
procedures:
 Copy the workgroup information file that defines the workgroup to a network server.
Users can join this workgroup by specifying the network server path to the workgroup
information file.
 Provide each user with a copy of the workgroup information file that defines the
workgroup, so that the users can place it on their local workstation PC. Users can then join
the workgroup. One drawback to this method is that if you update the workgroup you must
give users separate copies of the updated files.
 If users are using different workgroup information files, you can create the same group
account in each workgroup instead of copying the whole workgroup into the file. The
common group account must have the same name and personal identifier (PID) in each
workgroup. You need to add the users in each workgroup to the common group.
 In all cases, the application files (MDB’s) can be located on a shared network drive or
copied to the individual workstations. If a user’s permissions are changed, you need to
redistribute a copy of the application database to each PC where that user needs to work.
You might not want to give users a copy of the workgroup information file that defines the workgroup you
used when you created the application, because then users might get full permissions to databases and
objects (if they can guess a password and log on to Access as members of the Admins group).
Each user must have a copy of Access in order to run your application. If you want users to run an
application without having a copy of Access on their computers, you must use the Package And
Deployment Wizard included in the MS Office 2000 Developer's Edition. This wizard includes the files
necessary to use the run-time version of Microsoft Access. It has its own setup program that you can use
to create a custom run-time setup for each user’s computer.
Go to page:

3. Group Accounts
4. User Accounts
7. Permissions
8. Testing Security
30
31
32

Microsoft Access Security

Caricato da

Informazioni sul documento

Descrizione originale:

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Microsoft Access Security

Caricato da

Copyright:

Formati disponibili

http://www.databasedev.co.

Access Workgroup Password Recovery v1.0a

7. In the Name text box, type in your name.

Task A-2: Activating the logon procedure

1. Start Access. Do not open a database

6. Click OK to accept your new password.

10. Click OK. Now MyNewApp.mdb opens!

1. Steps to Securing an Access Database by Using User-level Security

 The Admin account is the default user account.

Task A-3: Creating Group Accounts in Microsoft Access

4. Select the Groups tab. Display the Name drop-down list.

Name: Order Entry

Name: Sales Managers

1. Steps to Securing an Access Database by Using User-level Security

Task A-4: Creating User Accounts in Microsoft Access

1. Select the Users tab.

Name: (Your Name)

6. From the User Name drop-down list, select your name.

User Name Personal ID Group Membership

Olivia E oliviapid Order Entry; Users

Oscar D oscarpid Order Entry; Users

Scott S scottpid Sales Managers; Users

Susan M susanpid Sales Managers; Users

Next we'll look at Changing a Security Account Password.

1. Steps to Securing an Access Database by Using User-level Security

9. From the Member Of list, select Admins.

Next we'll take a look at The Security Wizard.

1. Steps to Securing an Access Database by Using User-level Security

Changing the Ownership of Database Objects

Task A-6: Using the Microsoft Access Security Wizard

1. Exit Access. Start Access

5. Click Cancel to dismiss the dialog box.

10. Click Next.

12. Click Next.

Next we'll take a look at Security Permissions and Permission Types.

1. Steps to Securing an Access Database by Using User-level Security

Permission Allows a user to Objects involved

Databases, forms, reports, and

Modify Tables, queries, forms, reports,

Task A-7: Granting permissions to a database and its objects

11. Click Apply.

Group Object Type Permissions

Report Open/Run, Read Design - all Reports

Macro Open/Run - all Macros

Table Read Data, Read Design - all Tables

Query Read Data, Read Design - all Queries

Report Open/Run - all Reports

Macro Open/Run - all Macros

13. Click OK to close the dialog box.

1. Steps to Securing an Access Database by Using User-level Security

Task A-8: Testing Microsoft Access Database Security.

1. Exit Access. You'll need to log on as a different user to test security.

5. Click OK to dismiss the message box.

The Admin user can't even get past Go.

1. Steps to Securing an Access Database by Using User-level Security

Task A-9: Printing reports about security users and groups.

3. Take a look at the print security options.

1. Steps to Securing an Access Database by Using User-level Security

1. Choose Tools, Analyze, Documenter to open the Documenter dialog box.

3. Click Options to open the Print Form Definition dialog box.

1. Steps to Securing an Access Database by Using User-level Security

Task A-11: Setting a database password.

10. Type dbpassword, and click OK. The database opens.