Securing your database from any view or edit try (1 Viewer)

[fugifox]

After a year of work I've almost finished the development of a database (DB) in Access 2003.
Before sending it to the purchases I reasonably want to secure my work.

My ultimate goal is
1) to have a DB split in FrontEnd and BackEnd stored both locally at user's PC
2) user to have no special privileges and all menus to be hidden
3) a way to grant administrator privileges, with the admin account not to be shown in any way to user, in order to edit the DB directly on user's PC.

I more or less achieved every single of the above, but combining all together becomes really cumbersome and I found no solution yet.

1) Fortunately process is straightforward. No questions or problems

2) I've read many topics concerning the prevention of view or editing but after experimenting a little on all the suggesting ways I found that each has at least one way to bypass it.

I think that the two easiest yet powerful ways to use is the Tools->Startup options (disabling all boxes) and the code provided by ghudson.

What is from both missing, is disabling the keyboard shortcuts. For example if you hit Alt-Enter to any Form, its properties sheet will show up. Although changes made from there can not be saved it is still wrong for the purchasers to be able to view it.
So my question is if there's anything could be done to disallow the keyboard shortcuts.

3) My goal is to have a user account and an administrator one. Specifically, I want my base to open by default to the state where all menus etc. are hidden and all special privileges are removed. I achieve this, by using either of the two ways mentioned above. The difficult part is to have with some way an Administrator account, which will require a password to log in to, but the password prompt won't be show up every time my DB is opened. I played around a lot with the accounting system of Access but I didn't find how to implement it. If there's no way to achieve this I would like to know it, in order to use an other interface to call my DB.

I would be grateful for any suggestion or advice.
Thanks is advance

 

[fugifox]

Oh, I just figure out that ghudson's code permanently hides the Access menus globally (to all Access DB's even new ones)!
This makes things more complicated...

 

[converse]

Unless I'm misunderstanding you, it sounds like you are making this harder than you need to...

I don't really understand why anyone would want, or need to hide all those menus/controls.

I've been deploying similar systems for years, setting up a secure workgroup file. The first step is to remove the default Admin and Users etc. Then ensure the default groups have no access to the system, setting up your own new groups via the custom workgroup.

Alt-Enter has no effect on any of my forms at all.

My systems are secure, you can't get to the database window (I have my only Window menu without the "unhide" command). The users have no preferences to edit or change any forms, queries etc.

All forms are set to display my custom menu/toolbar combo, so the full access menus never appear (unless someone tried to load using the shift combo, but they'd need knowledge to do this, and still couldn't get to change anything, just to see some of the forms, tables and queries in the DB window.

Also, as standard practice, in the Tools > Startup box, I uncheck "Allow Default Shortcut menus" and "Use Access Special Keys" and "Allow toolbar/menu changes". I also set a raft of other options when my system loads.

The standard access toolbar/menu is never available, to the users, but not removed.

I have a special access level section, that when I'm logged in allows me to show the database window and edit the system.

No doubt nothing is 100% secure to a real technical person, but to a user this is bombproof, I also always compile to an MDE, and never leave the MDB with the customer. The back end data is also secured in a similar way, but remains an MDB not an MDE.

If you try just to open the MDE or MDB without access to the correct workgroup (and the correct login), you cannot get anyway, you can't open the file, view edit, it is 100% locked out.

Alison Balter's books on Access describe in detail how to achieve all this.

 

[fugifox]

My systems are secure, you can't get to the database window (I have my only Window menu without the "unhide" command). The users have no preferences to edit or change any forms, queries etc.

I have a special access level section, that when I'm logged in allows me to show the database window and edit the system.

If I understand well you have a login system, in other words an input box appears when anyone opens the DB, and according to the username/password provided he/she granted with the right priviliges.
If that's the case, I'm afraid it is not what I'm looking for because I don't want to make simple user's life hard by typing a password every time s/he opens the DB.

 

[converse]

If I understand well you have a login system, in other words an input box appears when anyone opens the DB, and according to the username/password provided he/she granted with the right priviliges.
If that's the case, I'm afraid it is not what I'm looking for because I don't want to make simple user's life hard by typing a password every time s/he opens the DB.

No logins required, unless you want them to be. Technically you have to login into the Workgroup to gain whatever access level you require to the file, but you can have the user / standard user password either set to blank, or set to anything you like, and automatically login in via the loading shortcut. Setup a shortcut with all the parameters in the Target box of the short cut properties e.g:

"C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /wrkgrp "your_work_group_file" "your_mdb_or_mde_front_end" /user USERNAME /pwd USERNAME_PASSWORD

So when a user open the system using a custom shortcut, they only gain the access level given.

Then for your admin/developer login, create another shortcut with no username and password info, e.g.:

"C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /wrkgrp "your_work_group_file" "your_mdb_or_mde_front_end"

So when you open the system using this shortcut, it'll prompt for both u/n and p/w. It's highly secure, using the workgroup system, and you cannot bypass it. That way you also are not storing any info about the login to access the entire file / edit / modified etc.

 

[fugifox]

Thanks a lot of your advice.
I've already begun studying about and trying to get the best of.

I've read that user groups have been removed from Access 2007.
Since I don't have it at my disposal to try it, I'd like to ask if it is true.
And if that's the case, is it possible to migrate the DB keeping all the security settings?