Saturday, May 01, 2004

Effective MS Access Security? Did you know that:

 1. You can access the Start-Up properties (such as disabling the Shift key bypass) of an .mde through an .mdb and change each property

 2. You can open an .mde with the Shift key, press Ctrl+G to open the Debug window, press F2 to open the Object Browser, and then search all the code modules and constants.

 3. You can import all the form and report objects but not the code from an unsecured .mde into an .mdb.

To effectively secure an Access database you MUST demote the Admin user from the Admins group. Otherwise your database will not be secure, as Admin cannot be removed from the Users group, and anyone using the retail system.mdw file logs on automatically as Admin.

Securing An Access Database

1. Use the Access Workgroup Administrator (AWA), wrkgadm.exe, to create a new workgroup (.mdw) file.

2. Join the new workgroup using the AWA.

3. Open Access and the database to be secured.

4. Using Tools, Security, User and Group Accounts..., in the User and Group Accounts dialog:

4.1 Create a password for Admin user.

4.2 Create a new user account. This account will be the new database owner account. For example, call the owner account DBOwner. Add "DBOwner" to all groups, including the critical Admins group.

5. Close and re-open Access, logging on as "DbOwner", and leaving the password blank, as you have not assigned one yet.

7. In the User and Group Accounts dialog, demote the Admin user account by removing it from the Admins group. Now Admin is only a member of the Users group and will have only those permissions assigned to that group by "DBOwner".

8. Create a password for "DBOwner".

9. Close and re-open Access, logging on as "DBOwner" using the password you created in step 8.

10. You can now start to secure the objects in you database.

Special Notes:

* A User account inherits the permissions of the Group to which it belongs.

* In Access 2000 and later, if you are not creating an .mde, you also need to secure your code by using Password Protection in the VBA Editor.

No comments: