If they share a single-file Access database, expect frequent locking, program abort, and "unrecognized format" errors caused by that configuration. (Discussion below.)
You can show the persons making those decisions this post if you like...
They might not listen to you, but what IDIOT would ignore the advice of multiple seasoned professionals to SPLIT the database into Front End/Back End parts and to distribute the FE parts? The "single unsplit database" configuration is GUARANTEED to not work long-term. It WILL run into lock contention that will corrupt the database files and if you are not lucky, can PERMANENTLY corrupt the data tables. If that happens, the cost becomes the extra labor required to go back to the last good backup and to then try to get everyone to re-enter everything that happened since that restore point.
I was a contractor for the U.S. Navy for 28 1/2 years, the last several years being in a Navy Enterprise Data Center serving the entire Eastern Seaboard and some interior states. We had heavy security on the network including firewalls, multi-factor authentication, and other Dept. of Defense security methodologies in place. I had an elevated clearance and was certified for cyber-security issues to be a systems administrator on a machine covered by Privacy Act and HIPAA requirements. I was a first-line security admin and my work was reviewed by second-line security managers. They very rarely asked me anything because my systems were CLEAN.
I know about security requirements. I know about network load issues. If you are going to use a database in Access and don't want it to fail, you NEED a split database and you need the FE copies to be distributed among the users. Otherwise, locking conflicts will eat you alive and negate the usefulness of the database.
As to working on a 2008 R2 server, yes, it should work great with a single user. The ONLY way you are going to get it to work multi-user involves licensing issues. EITHER you need to have a proper multi-user license for Office on the server OR you need individual seat licenses to have individual FE files.
If the issue is money, OK, I understand. But you can throw the cost of technical support salaries for hours of hard and frequent database maintenance at the problem or you can simplify the problem by making a one-time purchase of Access (or Office) licenses for each user. Doing so will minimize the locking problem.
The mechanism of this problem is that if you open the BE file for shared use from each FE file, and if your FE has been set up for optimistic locking, the window of opportunity for lock collision is minimized. If each user has their own private FE file, the opportunity for query, form, report, and module collisions is totally eliminated because those locks will all be PRIVATE, not shared.
The problem may well be that the money wonks want to go "on the cheap" but Microsoft solutions are SPECIFICALLY DESIGNED to not allow that. That is why you technically need the right kind or number of licenses. Let us say that if you EVER had to ask for support from Microsoft and they found improper sharing, they DO pursue piracy - because that is what it would represent. I was able to avoid that with the D.o.D. due to the #1 rule that I could NEVER violate a license even if directly instructed to do so by a supervisor. My defense would always be that doing so was illegal and I required that order in writing with signatures, dates, and dated witness signatures.
IF the problem is IT types who don't like what SMB does to a network, OK, that is a legit concern - to be counteracted by (a) the multi-user license and (b) allowing each user to RDP in and have a private profile into which you can drop the individual FE files and have the single shared BE file visible to all such profiles. By having individual profiles with enough quota to hold private FE files, you can get the lock privacy in the FE file and the optimistic locking selection to still function as needed.
In any context, it would be OK to use local or domain group identifiers as the "permission vehicles" to allow folks to see what they each need to see. Your security people, assuming they have been trained in typical Microsoft "best practices," would want a way to use Access Control Lists to protect the relevant shared folder, and using local or domain group identifiers is the ideal way to go on that.
Itmasterw: Please note that I have couched this in a stern format but it is not directed at you. I understand having to beat management over the head with their own reluctance to make a decision. In a Dept. of Defense office? You had better believe that nobody wanted to make a decision that would earn them scrutiny. But you also have to learn that sometimes policy and money MUST take second place to technical issues. If you want a project to fail, just keep the tech folks from doing what is needed to make it work.
