Database Security

[soldat452002]

Hi,
Im new to Access Security, I created a DB for for about 12 people and I just set up the security using the Wizard. Some could not access and are getting this error message, I use this the following path for admin only, but I want to give view rights to others. Im lost:banghead:

"C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE" "Z:\WH\Common06\Broker Intake\Intake Database\Admin Only\Intake Database.mdb" /WRKGRP "Z:\Broker Intake\Intake Database\Admin Only\Security.mdw"

 

[ButtonMoon]

The user level "security" feature is an illusion. It was allegedly once useful to provide role-based UIs to different users but has no information security value at all. For that reason it was deprecated and discontinued by Microsoft and they don't advise the use of it for new applications. If role-based security is a requirement then you cannot and shouldn't use Jet/Ace files for your data. Use a server-based DBMS with built-in security (e.g. SQL Server - the Express Edition of which is free to download).

 

[soldat452002]

I researched throughout the Web the security wizard in access 2003 and agreed. How can unsecured the database

 

[Rx_]

Another option that provides security is Citrix. With 12 uers, you may be too small to consider that.

Citrix provides and extremely small network footprint because it only transmits the changes in the screen, mouse movements, and keyboard.
In the past, we had multiple users on a dial-up or ISDN line.

The Access and back-end (what ever backend) runs on a secured server.
The users log into Citrix and only have access to the Access user interface. This can be sent out nationally to many users with very low bandwidth. It also works equally well on Apple since it is the Server that provides the operating system.

With this solution, nobody touches your code or your database.
From the time I create a new version release of MS Access to posting it on a Citrix is about 5 minutes total.

 

[The_Doc_Man]

The first security question you have to ask is how much you trust your user base. It makes a difference as to whether you are behind a firewall and only have 12 disgruntled employees to consider or whether you have a 12-person subset of the whole world assailing your application.

In the former case, you can perhaps get by with rolling your own security based on compiled code to enforce your rules, perhaps a touch of encryption here and there, and you have to have some sort of trust system to let you identify your users individually. In this case, you can do fairly well with limited role-based security.

If the world is coming your way, separately compiled binaries (true compiler, not reversible pseudo-code) and a remote back-end DB server with true role-based security internal to the DB will be more in order.

Asking a question about security implementation is putting the cart before the horse. First ask what kind of cart you need before you choose the horse.