databasedev.co.uk - database solutions and downloads for microsoft access

Microsoft Access Database Security

Testing your Microsoft Access Database Security:

After you've set up security for all groups and users, you will need to test it. Make sure that each group has the options that you have selected in the User And Group Permissions dialog box.

Task A-8: Testing Microsoft Access Database Security.

Objective: To test the various groups for the security that you set up in the previous tutorial - Microsoft Access Database Security - Security Permissions

  1. Exit Access. You'll need to log on as a different user to test security.
  2. Start Access. Open MyNewApp.mdb. Log on with the name Susan M, and no password. Susan M is a member of the Sales Managers group, so you'll be testing the permissions you assigned to that group.
  3. From the Database Window (Press F11 to display database window), preview the report, Book and Customer Sales. Because the Sales Managers group has permission to Open/Run all reports, Susan M can preview this report.
  4. Choose View, Design View. As Susan M, you don't have permission to view the design of the report.

    Error message when trying to view the report design without the appropriate permissions.
  5. Click OK to dismiss the message box.
  6. Close the report.
  7. Now let's try to add a new customer to the database. From the database window, open the Customer form. Look at the New Record navigation button at the bottom of the form. It's dimmed. There's your first clue that you can't add a new record.

    Showing that the New Record button is dimmed (disabled) when trying to add records without the appropriate permissions.
  8. But you still have the Add Customer button on the form, right? Click the Add Customer button.

    Error message warning that you can not go the the specified record, due to permissions not being available.
    Another roadblock. You can't add a new record. The permission assignments work the way that you want them to.
  9. Click OK to dismiss the message box.
  10. Close the Customer form.
  11. From the Switchboard, click Add Customer. You see a blank form.
  12. Close the Customer form (Chose File, Close)
  13. Exit Access.
  14. Start Microsoft Access and open MyNewApp.mdb. Log on as Admin with the password, "password".

    Error message when logging in as Admin user, without appropriate permissions
    The Admin user can't even get past Go.
  15. Click OK to dismiss the message box.
  16. Exit Access yet again.
  17. Start Access, open MyNewApp.mdb, and log on with your name and password (your password is password).

Once you have tested your security you will want to Document Database Security.

Go to page:

  1. Steps to Securing an Access Database by Using User-level Security
  2. Setting Logon Procedures
  3. Group Accounts
  4. User Accounts
  5. Changing a Password
  6. The Security Wizard
  7. Permissions
  8. Testing Security
  9. Documenting Database Security
  10. Previewing Permissions
  11. Securing a Database with a Database Password
  12. Distributing the Secured Application

Recommended Reading:

If you are serious about your Microsoft Access security, then you should check out Garry Robinson's book Real World Microsoft Access Database Protection and Security

About the book:

Real World Microsoft Access Database Protection and Security

Microsoft Access is the most popular desktop database in the world today and its very popularity means that its security measures can be easily compromised. Real World Microsoft Access Database Protection and Security takes a different approach than all the other Access books in the market by focusing from the start on all the issues that will help protect your database. It approaches protection and security from a task-by-task perspective and provides details that when put together will make your database more secure.

This book will help you to keep your staff from looking at your salary tables, stop your customers from looking at the design of your software that you distribute, and help you decide which security options are worth doing and which are generally a waste of your time.

Garry writes from a very experienced developer's point of view and he discusses in detail how to program all types of security issues including hiding tables as system tables, producing databases that password cracker software cannot easily crack, backing-up databases, menus, queries, and even user surveillance.