Real World Microsoft Access Database Protection and Security
The strategy for this chapter was to adopt a simple model for using Access workgroup security and then to explain how to implement it. The developer workgroup strategy that I settled on is significant in that it doesn't require passwords to use it, it is relatively easy to understand, and it achieves a number of significant security results, including the following:
-
Stopping users from viewing forms, reports , and macros in design mode. The open exclusive database permission further assists in this regard.
-
Stopping users from changing the design of queries and tables.
-
Stopping users from changing the startup options.
-
Removing the ability for users to upgrade and view databases in later versions of Access.
-
Stopping users from importing secured objects into another database.
All these outcomes are significant for developers who want their Access databases to behave like software produced from compiled languages, such as Visual Basic, within a security framework that you can trust.
Once you manage to work this model into your database, it is important to take a break and let the database settle down. There are many directions to take from here, and it is best to wait for the user pressures to dictate what the next best thing is to invest your software dollars in. As I have said, this model is flawed in that anyone who can find the database will be able to see the data through the user interface. They will not be able to change the interface, however, and there are many ways for you to protect your data, including the following:
-
Implementing your own internal security system to stop users from viewing particular data.
-
Setting up a front-end database in separate location from a hard-to-find back-end database.
-
Using the operating system to restrict usage based on operating system names and groups.
The other flaw is that the VBA code is quite vulnerable if you don't protect your startup options; verify that your menus and toolbars don't provide entry to the VBA environment through buttons, such as the form and report design mode buttons ; or use the special module permissions code that I have provided.
Finally, remember when working with workgroup file security that you must know which workgroup you joined and what user you logged on as before you do anything. The number of times that this author has made that mistake seems like a good enough reason to warn the readers.