Security for MS Access 2007 (1 Viewer)

Good Morning All!

So I have created this database for a lessons learnt system. Is it possible in MS Access 2007 to have security on it. What I mean is I want certain individuals (project heads) to have access to alter, add and save the database, while everyone else can only view it. This lessons learnt database contains hundreds of lessons learnt and I have created a search filter for ease, however I don't want unauthorized individuals to make changes to the database. I have been reading other threads and noted that jet-level security was mentioned, however it has been disabled in access 2007. Thanks for reading!

User-level/Group-level/Object-level security is not possible in Access2007. You may save a copy of your database into Access2003 format and implement User-level or User-Group level security after creating a separate Workgroup Information File (a database with .mdw extension).

Go through the following links for more info and guidance:

Running Workgroup Admin in Access2007
Microsoft Access Security

You may try out various aspects of user-level Microsoft Access Security on a separate trial copy of your database and get some familiarity before implementing it on your production database.

CoreyBuchan said:

Good Morning All!

So I have created this database for a lessons learnt system. Is it possible in MS Access 2007 to have security on it. What I mean is I want certain individuals (project heads) to have access to alter, add and save the database, while everyone else can only view it. This lessons learnt database contains hundreds of lessons learnt and I have created a search filter for ease, however I don't want unauthorized individuals to make changes to the database. I have been reading other threads and noted that jet-level security was mentioned, however it has been disabled in access 2007. Thanks for reading!

Click to expand...

Hi there,

First, I would suggest you add a login form to your database. Additionally, you can disable viewing of the tables, reports etc(this would depend on the knowledge of the user about access). You can also try ACCDE file format.

Much as I hated ULS, Microsoft really left us with no options when they removed it. You can sort of secure the FE by distributing an .accde and hiding everything and requiring a logon for the forms, etc. to work but the BE is totally exposed. The only way to actually secure data is to use SQL Server which is overkill for many applications.

There are some obscure ways to do this but they all can be defeated if you have a persistent hacker-type.

In the database that I use at work right now, which is Ac2007-based, we have a domain-based login that requires credentials managed by the O/S. We then ask Windows who it thinks is logged in by reading the environment variable Username. The database looks up the login name to determine a role. The front-end file is trapped in various ways to prevent someone from breaking out of it. The only way a non-supervisor can see to get out of the main switchboard/dispatcher form is the Exit button (and I don't mean the X in the upper right corner; that is also disabled.)

The back end cannot be directly opened so easily because it, too, asks the O/S your login name and determines your role. If you aren't a supervisor, the BE exits.

If you really think extensive security is required above and beyond limited what a person can see by controlling the Front End interface, I recall searching for something about how to dynamically encrypt and decrypt the back end file using a password that is not so easily discovered because it does not itself appear in the FE file. In theory, if you open the BE file by dynamically repointing to its path when you open the FE, and then if you open an encrypted channel to the BE by supplying the password to one connection, all subsequent queries know to "ride" the encrypted channel. If you don't keep that password in an obvious place, or if you otherwise obscure it somehow, you can perhaps make it at least a bit more difficult for a hacker to get through. The catch is, if you ever lose the BE password, you are hosed, too.