Access 2010 Security???? How-to??

M

mafhobb

Registered User.
Local time
Today, 09:10
Joined
Feb 28, 2006
Messages
1,249
All right, I have heard tons of bad things regarding 2003 user-level security, but I have been using it for many years without any problems. However, I just got a new copy of Access 2010 and I am working on a new database that should use Access 2010 security.

...I am at a loss...:confused:...without user-level security, I have no idea what to do to get the users to login to the database (to identify them and to prevent others from using some one elses computer) and I do not understand too well the idea behind the "security certificates"

The help menu is not that helpful in trying to understand this.

Is there a tutorial somewhere that explains this in detail?

Is there a step-by-step "secure your 2010 db" tutorial somewhere?

Are there any secured database examples?

Any help is VERY appreciated!

mafhobb
 
First question you should be asking; Do you need anything 2010-specific? If not, then you can just continue to use the .MDB file format and use user-level security which is still supported in Access 2010. It's only that when you use ACCDB file format where we need to take alternatives.

The next question is if you have some requirements that need newer features not available in MDB and thus must use ACCDB file format, then you should ask what security you really need. Is it more of a corraling system to protect honest users from hurting themselves? Would you use physical access as security? What does it really means to compromise data?
 
Hi Banana,

We are switching to Access 2010 so we can use Runtime 2010 for all users. I am assuming that I need to use ACCDB to use Runtime 2010.

The other reason to switch to 2010 is to use the more powerful encryption tool. The user level security is also used to allow/deny permissions to forms and tables. i do not know how to do that is I do not have it.

mafhobb
 
Though I have not tested, I don't think it's required to use ACCDB with 2010 Runtime; you should be able to still use MDB with 2010 runtime equally well.

Regarding blocking edits to forms, if you convert ACCDB to ACCDE, that will pretty much make it impossible to make any design changes to form and if set up correctly, the user would never see the navigation pane, ribbon or access the "developer" aspect.

As for denying permissions to the table; while ACCDE can help ensure that the users cannot use navigation pane and thus open table directly, there is nothing to stop users to link to the table. You mentioned using encryption which would require a password. Therefore, to use it, the users has to share a password which also imply a level of trust. Typically, most employees want to keep their database working - else they wouldn't be an employee for very long!

So, it seems to me sufficient to convert the file into ACCDE, place it in a network folder that is configured to allow only an authorized subgroup of people to it. If you split the database as well, you can render the front-end useless if the user doesn't have the permission to the folder where the back-end resides as well. This would be a simple and effective way to secure the database.
 
Regarding the first suggestion and keeping the original file...How do I go and change user settings since the user level security window is not present in 2010?

Regarding the second suggestion: What about forms that should only be accessed by certain users? It is perfectly understandable that some info should only be accessible by a certain group of people and not all the users...Until now I used the login info to determine who the user was an then allowed access to a form (which can change a table) or not based on that.

How do I do that now?

mafhobb
 
Last edited:
1) I believe the ribbon will show you additional buttons that are MDB-only, including the security tools in the database ribbon. If not, you can customize the ribbon by going File -> Options, then choose Customize ribbon tab and adding the needed buttons to the ribbons there.

2) If you've used login, then I think this is very good solution: Securing Access Database using Active Directory. Used in conjencture with ACCDE, nobody can tamper with the file to circumvent the security. Do keep in mind that they could just go and link to the backend directly with their own ACCDB file and tamper data there, but if they did that then I think you have a serious Human Resources problem, not a technology problem. As long the backend is in a properly secured folder, it should be accessible only to trusted users.
 
This might do what I need, however, I still have one question....

I am designing the database, but I am not the domain administrator (or network administrator), so that means that I will need them to set up all these groups, right?

What if there is a new user? All that is needed for him to be able to use that database is to get a copy of the FE and for the network people to add him to whatever appropriate group in the active directory, right?

...ok...two questions...:rolleyes:

mafhobb
 
Not necessarily. If it happens that there already exists a domain group that correlates to what you want to allow as an user for your database, you can use that group. But even so, I'd still want to sit down and talk with the domain administrator and make plans so they know that you plan to rely on the security and have the policies in the place to help support you.

Yes, correct; the new user needs to be added to the domain group to be able to use the database. Recall also that your backend should be in a folder available only to the authorized domain user so that even if somebody got a copy of FE, they couldn't use it because data is in the protected folder. (Do note, however, that Access require you to have full read/write/delete capabilities to that folder, so you can't for instance enable only read/write and block deletion without creating issues in Access. That typically shouldn't be an issue because as I said before, if you can't trust your employees to play nicely, you have much bigger problem at the hand.)

Hope that helps.
 
Thanks for the help.

BTW, I did try to modify the ribbon to get MDB-only commands and it looks like there is no option for that.

...but, it looks like I am not going to go that way anyway.

mafhobb
 
Believe me, it's there, albeit you have to look hard for it. One thing that trip up people is that the list of commands displayed by default are merely "popular commands"; they have to select "all commands" to get the complete listing, then search for the commands. The other thing that trips up people is that things are not always named as expected. In case of old ULS, the 3 commands are named "User and Group Accounts", "User and Group Permissions", and "User-Level Security Wizards"; there's also a "Users and Permissions" group which I assume contain the 3 commands. If one tried to search for "Security..", they wouldn't find it in the S* listing.

Not that it matters for you, but so everyone know where to find it in case.
 
You must log in or register to reply here.

Similar threads

D
Darshan Hiranandani : How to Access a Password-Protected MDB Database with an MDW File and Unknown User Password?
Replies
3
Views
545
Isaac
Isaac
P
Solved Imported DB to windows 11 does not show objects or top panel
2
Replies
23
Views
515
Gasman
Gasman
The_Doc_Man
Important Security Guidelines
2
Replies
24
Views
884
The_Doc_Man
The_Doc_Man
B
Advice Request : Simplest method to allow multi-site access to a prototype database
Replies
10
Views
480
Pat Hartman
P
Mylton
Solved Best way to protect VBA code in Excel
2
Replies
20
Views
1,465
Mylton
Mylton

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom