MS Access & Networks

[wjoc1]

Hi,

Just a few general queries I was wondering about. I've heard various rumours that Access is not "safe" to use in a network enviornment. I had intended using a split Access DB with an FE on each users machine and a BE residing on out local server here.

However our IT department refuse to let Access anywhere near our network because apparently it can cause all sorts pof problems re. corruption and network traffic etc. etc. !?

How much of this is true. I need some facts and figures so I can argue my case with these guys

Thanks,
Liam

 

[Mile-O]

I'm not an expert on the subject of networks but I've got numerous databases running over the network in my office (and, indeed my legacy continues to operate efficiently in my last office, from what I hear).

IT departments, in my experience, seem not to like Access. The problem stems from the fact that most people can open it and use it but most people don't know how to use it properly (a fact backed up by the number of questions we see on this forum). Thus the IT departments become inundated with requests to fix this and fix that with respect to Access databases that are both unintelligible to anyone but the author, are accompanied by little or no documentation, and are poorly designed. The IT departments can't handle this: they've got their own jobs to do with maintaining stuff like mainframes and delivering business solutions; they don't have time to waste on Access databases.

I think the network excuse is simply that: an excuse. They suspect people will come to them should there be problems. If you want a bit of fun then challenge them - ask for something more than a rebuttal. A case study, perhaps; or an actual reason because saying that "it can" is not a reason. And the fact that "it can" does not mean "it will" or ever "shall."

 

[wjoc1]

Thanks Mile-O-Phile,

I did a little more digging just for curiosity's sake and found vague references to problems with actually linking the tables from the FE to the BE.

Apparently if the queries in the DB are not passthrough queries there could be issues with traffic over the network.

Has anyone else experience of this?

 

[The_Doc_Man]

Sys Admins and Net Admins do not like Access running in either of two configurations, mostly because of behavioral issues.

Case A - entire DB is on a server. Server is used as file-server only.

Case B - DB is split, FE is anywhere, BE is on server. Server is used as file-server.

In either case, the problem is that the application is being run on a workstation but its data is being stored on a server. In order to run a query, the workstation needs to see EVERY RECORD IN THE INVOLVED TABLES so it can do filtration. Since a recordset is stored as a temporary object in the DB, that means the internal pointers generated as a result of the query must also be sent and later pulled back across the network link. Obviously, this implies a lot of data.

Another problem is that the way Access uses its locking file, you need some fairly hefty privileges on the shared directory. This is because you have to be able to create or delete the .LDB file whether you are using the DB READ-ONLY or READ-WRITE.

Finally, Access does not encrypt data between a workstation and a server. You might find a third-pary network suite that will do so, but by itself, Access station-to-server security is kinda, well, non-existant.

The factors that bother Sys Admins and Net Admins relate to these issues:

1. Network traffic gets bigger whenever you have:
1.1 Very long tables
1.2 Very wide tables
1.3 Many multi-table joins (regardless of one-to-one or many-to-one joins)
1.4 Many multi-layer queries (i.e. query based on a query based on a query ...)
1.5 Forms with underlying code that manipulates recordsets on the fly or behind the scenes

2. Network security gets worse whenever:
2.1 The database is shared. (Gee, that right there is a zinger.)
2.2 Many users have access to the directory.
2.3 File import/export operations are required in the shared directory.
2.4 The security set-up is not proper or not complete. (I.e. not using or mis-using workgroup security)
2.5 Data being exchanged is subject to any laws relating to personal information security. In USA, we are talking the Privacy Act of 1974, Fair Credit Reporting Act, HIPAA, Patriot Act, and a raft of others.

3. Network and system security gets worse whenever:
3.1 Applications use Active-X
3.2 Applications use any part of MDAC
3.3 You are using an older version of MS Office - particularly if it is older than or at Office 97 (which just recently "fell off" the list of MS supported products.)
3.4 You cannot assure that users are patching their copies of Windows or Office on a regular basis.

Mitigation of this problem involves work on your part.

1. If you have users who have read-only access to the DB, make a stand-alone copy they can run on their system. Base it on an MDE file. Be aware that you will have to regenerate this file often. Every user you eliminate from shared access this way eases the network load and actually improves your security (a little bit). But of course, they will have no flexibility in what they can do with that MDE file.

2. Move the whole database or the backend part to a top-level directory (folder) on the file server and assure that no other user group shares that directory. That way, you can isolate it with respect to system or object security. Discuss your network requirement with your Net Admin or Server Admin person. If Windows Domain Security applies to the server folders, you can suggest creation of a new domain-local group to describe the people who will use this database. By having a single group identifier to manage, your sys admin will be happier. (Admittedly, this is a relative term.) Then all your admin needs to do when your group changes membership is either grant or revoke the user's membership in that group.

3. If at all possible, plan to convert the backend to something like SQL server or some other product that will allow you to pass SQL queries to the server and get back only the resultant data set. This is the optimal solution with respect to network traffic. Be sure you can use Access with that product. You might have to obtain an ODBC license and code for each user in order to do this for your entire site.

4. In general, Sys Admins and Net Admins hate anything that is a resource eater, and unfortunately, Access qualifies. So you might need to discretely discuss the issue with your management and have THEM talk to the admin types who are giving you grief. If someone reminds them of "the big picture" now and then, they will be less likely to complain. Even if the reduction in complaints is only their way of avoiding repeated visits to the big boss's office to hear another "BIG PICTURE" lecture.

 

[wjoc1]

Thanks for all your replys guys. The info you've given me has been really helpfull and at least I've been able to make my argument

I still have one last hurdle though I'm afraid. There is plans now for a SQLServer BE but for the moment the DB will just have linked tables with a BE residing on a server and approx 10 FE's.

My last concerns are over record locking etc. What is the best way to configure Access in terms of record locking in a reasonably small multi-user enviornment like this one?

Thanks again,
Liam

 

[Cosmos75]

3. If at all possible, plan to convert the backend to something like SQL server or some other product that will allow you to pass SQL queries to the server and get back only the resultant data set. This is the optimal solution with respect to network traffic. Be sure you can use Access with that product. You might have to obtain an ODBC license and code for each user in order to do this for your entire site.

What about using MSDE 2000 (Microsoft SQL Server 2000 Desktop Engine)?