Opinions on security

[kstarnes]

I have very painstakingly worked out a new database and I'm about to present it to the departments who will be using it. At various times words like 'password' and 'locked' have been thrown out but as of now I have not implemented any security measures. I started reading up on the topic this morning and the general consensus seems to be that unless there is a sincere need for them the security process is excruciating.
Does anyone have specific advice or opinions on access security? If I were to do anything, I think it would be to set up working groups only allowing users access to the parts of the database they are concerned with.

I would love any opinions or advice from people with experience of this on if I should recommend such measures or try to steer the department away from them.

 

[tehNellie]

At the risk of being unhelpful, my general opinion is that if it requires any more than rudimentary security, dont put it in Access. I have tried, and mostly failed, to get to grips with Access security and it's mainly made me want to cry in a darkened room for several hours.

You can circumvent it with a login routine using a table featuring a "password" column, and trying to lock down the vba, forms tables etc by using a login form referencing that table, but it's not going to take too much for a bored kiddie to work their way around it.

 

[David Eagar]

I guess a rule of thumb is - How Business Critical / Sensitive is the data?
If a crash and lost data will lead to the end of civilisation as you know it, or internal civil war because someone has gained access to data that they were not supposed to see then security must be implemented

Another case for doing so is to filter out non essential / applicable data for users - this can make their life easier by only showing them relevent data

 

[kstarnes]

Thank you. Its not the sort of think I felt I could advise on without having tried. I don't think the data is really that sensitive-I think the main concern was that they didn't want people from one department messing around with the information from another department accidentally. I have clearly labelled the forms and will suggest colour coding before any heavy security. If that is rejected, however, I may be back lurking around reading and posting to figure out how to do this.

 

[tehNellie]

If a crash and lost data will lead to the end of civilisation as you know it, or internal civil war because someone has gained access to data that they were not supposed to see then security must be implemented

To me, that's a clear sign that the department in question wants to start looking at shelling out on a SQL/MySQL/Oracle server/<insert favourite enterprise db>.

Much as I like Access, as soon as more than one person needs access to it and the data needs securing then I just dont think Access is the right tool for the job.

Unfortunately because it's cheap, needs no real infrastructure spend and relatively little development time and lot of what end up being "mission critical" applications end in Access because it's the path of least resistance.

 

[tehNellie]

Thank you. Its not the sort of think I felt I could advise on without having tried. I don't think the data is really that sensitive-I think the main concern was that they didn't want people from one department messing around with the information from another department accidentally. I have clearly labelled the forms and will suggest colour coding before any heavy security. If that is rejected, however, I may be back lurking around reading and posting to figure out how to do this.

Aside from file permissions on the network so only the relevant people can get to the file to begin with you could go with a quick and dirty "honour" system on the main menu. Select a department from a list and blank out all the form options that don't apply to them. I fully admit it's not security per se, but if accidental data "meddling" is all they are trying to prevent then it may be enough.

 

[kstarnes]

That sounds like a reasonable alternative to me. I'm sort of of the mind that if anyone actually wanted to destry/modify the data then anything I could set up wouldn't stop them- esp. since the aforementioned departments do not back up their files.