Real World Microsoft Access Database Protection and Security
As I mentioned in the last section, ownership of objects in the database is important because owners can reset permissions on their objects. To make sure that the Developer user has full control of the objects in the database, that user needs to own all the objects. You can assign objects on the Change Owner tab in the Group and Users Permissions dialog. As a built-in Access security precaution, you cannot change database ownership through that interface or through VBA code. To get around this issue, you have to make a new database and import all the objects into that database. The steps for that action follow:
-
Log on to your new workgroup by using the Developer user account.
-
Check that you actually are using the Developer workgroup file and Developer user account. For details on how to check, see the earlier sections "Which Workgroup File? Which User?" and "Joining an Existing Workgroup File."
-
If you are using Access 2002 or later, check that you are creating the database in the required file format by choosing Tools ˜ Options ˜ Advanced ˜ Default File Format. This setting usually depends on whether your clients use Access 2000 or Access 2002/2003.
-
Choose File ˜ New Database.
-
Create a new blank database.
-
Choose File ˜ Get External Data ˜ Import.
-
Find the database on which you want to change ownership.
-
Select the Tables, Queries, Forms, Reports, Macros, and Modules tabs, then select all the objects for each one. Also remember to click the Options button and select the Menus and Toolbars and the Import/ Export Specs check boxes, and click OK. All the objects will now be imported into the blank database.
-
Now choose Tools ˜ Security ˜ User and Group Permissions and check that the owner of all the objects is now the Developer user.
Note | To import a database, you must have Read Design permission for all its objects and Open /Run permission for the database. To import tables, you must also have Read Data permission. If you have permissions for some objects but not others, Access imports only the objects for which you have permission. When an error occurs, Access will issue an error message for each object it cannot import. |
The most important ownership issue that is resolved by importing the database is the ownership of the database itself. Generally, when you first start developing an Access database, you will create the database by using the anonymous Admin account. As you can see from the disabled Change Owner button shown in Figure 8-16, you cannot transfer the ownership of the database by using the Change Owner tab. One issue to be aware of with database ownership is that the owner/creator of the database can always open the database, which is why you do not want the default Admin account to own the database. Another reason is that changing ownership of a database means that people who are not database owners cannot encrypt or decrypt the database. Find out more about database encryption in Chapter 9.
In the next section, we will look at how we can maintain object ownership over the long term , as it is likely that a number of people could create objects in a database where anyone can gain access to the database window.