databasedev.co.uk - database solutions and downloads for microsoft access

Microsoft Access Database Security

Securing a Database with a Database Password:

To prevent unauthorised users from opening an application, you can add a database password. However, a database password does not control what a user does once the application is opened. To set a password, the database must open in exclusive mode.

Make sure to keep a record of the database password. If you lose or forget the password, you cannot open the database or retrieve its data.

You can password-protect a database that contains tables that are linked to another database. You must provide the password to the back-end database in a connection string; you can save the password as part of the link to the tables. The password information is added to the end of the connection string by using the password identifier, PWD=password. To change the password, you need Administer permission to the database object

Caution: Because many people will share the same database password, it is risky to rely on the database password without implementing full user-security. One person could change the password and lock everyone else out. With full user-security, you can control who has rights to change the database password.

Unfortunately, people do lose or forget their passwords, making it impossible to access that data. Luckily, it does not mean that the data is lost forever. Check out the Microsoft Access Password Recovery Tools available.

Let's experiment by setting a database password using the sample database - MyNewApp.mdb..

Task A-11: Setting a database password.

  1. Close MyNewApp.mdb
  2. Click the Open Database button Open File button - You need to use the Open dialog box.
  3. Select MyNewApp.mdb. Click on the arrow next to the Open button.

    Open dialog box, showing the option for choosing how to open the file.
  4. Choose Open Exclusive to open the MyNewApp.mdb database with exclusive access. This gives you the sole access to the database when you have it open. You can't set a database password if it's in shared access mode. By choosing the Open Exclusive option, you prevent other users from opening the database whilst you have it open.
  5. Choose Tools, Security, Set Database Password to open the Set Database dialog box.
  6. In the Password and Verify text boxes, type dbpassword. Passwords are case-sensitive.

    Dialog box to set the Database password.
  7. Click OK to accept the database password and close the dialog box.
  8. Close the database.
  9. Let's test the password to see if it works. Open MyNewApp.mdb. You must enter the database password to open the database.

    Dialog box to enter the database password
  10. Type dbpassword, and click OK. The database opens.

Removing the Database Password

You can remove the password you have set for a database. Once a password is set, the choice in the Tools, Security menu choice becomes Unset Database Password. You will be prompted for the password; it is case-sensitive. After you remove the database password, anyone has access to the database.

Let's remove the database password you set for MyNewApp.mdb

Task A-12: Removing a database password.

  1. Close MyNewApp.mdb. Open MyNewApp.mdb in Exclusive Mode.
  2. Enter dbpassword. Click OK
  3. Choose Tools, Security, Unset Database Password. Notice how this command has a different name now that the database has a password set on it.
  4. In the Password text box, type dbpassword.

    Dialog box to unset the Database password.
  5. Click OK to accept the password and close the dialog box.
  6. Let's test this change. Close the database.
  7. Open MyNewApp.mdb. You didn't need to enter a database password to open the database.

For the final tutorial in this section, let's take a look at Distributing the Secured Application

Go to page:

  1. Steps to Securing an Access Database by Using User-level Security
  2. Setting Logon Procedures
  3. Group Accounts
  4. User Accounts
  5. Changing a Password
  6. The Security Wizard
  7. Permissions
  8. Testing Security
  9. Documenting Database Security
  10. Previewing Permissions
  11. Securing a Database with a Database Password
  12. Distributing the Secured Application

Recommended Reading:

If you are serious about your Microsoft Access security, then you should check out Garry Robinson's book Real World Microsoft Access Database Protection and Security

About the book:

Real World Microsoft Access Database Protection and Security

Microsoft Access is the most popular desktop database in the world today and its very popularity means that its security measures can be easily compromised. Real World Microsoft Access Database Protection and Security takes a different approach than all the other Access books in the market by focusing from the start on all the issues that will help protect your database. It approaches protection and security from a task-by-task perspective and provides details that when put together will make your database more secure.

This book will help you to keep your staff from looking at your salary tables, stop your customers from looking at the design of your software that you distribute, and help you decide which security options are worth doing and which are generally a waste of your time.

Garry writes from a very experienced developer's point of view and he discusses in detail how to program all types of security issues including hiding tables as system tables, producing databases that password cracker software cannot easily crack, backing-up databases, menus, queries, and even user surveillance.