Hello All!
I see that my thread is building on, and must add something that (clearly logical) cannot be hacked in Acc 97/2000. This what
nashman (good work!) talks about is simmilire solution I use, but together with this steps described bellow offers complete level of security on remote mashines. Combination of customized login, non-persistant links (use coded) to pwd protected db and steps taken below.
This steps below are common sence of it's author and adds additional security to deployed mde applications. Applying those steps bellow is a must.
Steps bellow describe simple security logics -> make user accounts & premissions for any DB (especially that one wich serves as server!) on Your PC, and then distribute it together with mde app. to others. Your system.mdw (on Yur PC) will retain passwords/prermissions, while others will not be able to hack them as they have their own system.mdw (wich is different!), and therefore cannot compromise them.
I used those steps below, and as a result I couldn't access any table in server db or mde application (wich contains same tables for my customized synchronization) on another mashine (message was that I have no premissions to access). Applications (my mde distributions) worked smooth with coded link access to server db and my customized users administration. No matter that one can determine db password. It'll have no use of it since all premissions were left on my PC! Therefore I am completely satisfyed, as I am sure that noone (I'm selling software) can do anything to compromise me, my design, their data and our business. I do sleep much much better now.
Finnaly: if You use one mdb as server database and one mde as application on network in Your distribution package, remember to protect them both with below steps.
Security without a Login - Avoiding built-in Login Dialog, in order to use Your own.
You can do this provided that you have only two security groups needed - you as owner/administrator and a single group for all users.
If you are using Access 97/2000, follow the steps outlined on this page, except for the 'Not Done Yet' section. Do not create any new groups. Instead assign the permissions you want your users to have to the built-in Users Group. When you're done, just ship the database without the workgroup file. Users will use their standard system.mdw workgroup and be restricted by the permissions you put on the Users Group. If you need to make design changes, log in using the workgroup you used to secure the database.
If you are using 2002/2003, then follow the steps outlined on this page. The wizard offers you the ability to assign permissions to the Users Group (step 24). Do not create any new groups, or assign permissions to the groups offered by the wizard.
Note that if you have any audit procedure in your database, you can't rely on the CurrentUser() function, since these users will all be 'Admin'. You can instead use the function at
to retrieve the user's network login name and use that in your audit trail
Access 97/2000 Security Step by Step
1. Go to Start, Run and type wrkgadm.exe This will open the workgroup administrator and show you the workgroup you are currently joined to by default (write down the path; you’ll need it later).
2. Click on Create and enter a Name, Organization, and Workgroup ID. Write down the exact strings you use; you’ll need these should you ever need to recreate the workgroup.
3. Choose a suitable location and name for your new workgroup file. Do not give it the same name as the standard workgroup (system.mdw). Once you click on OK, you’ll be presented with a dialog to confirm the information.
4. Once you’ve confirmed the information, the workgroup will be created and you’ll be joined by default to this new workgroup. Click Exit.
5. Open Access, canceling the opening dialog.
6. Go to Tools, Security, User and Group Accounts.
7. On the Users tab click on New to create a new user (one that will own all objects and have full permissions on your database). Enter the name and PID for this user (suggest you write down this information).
8. Add the Admins Group to this user.
9. Choose the Admin user in the dropdown list and remove them from the Admins Group.
10. Go to the Change Logon Password tab and enter a password for the Admin user. Click on OK.
11. Close Access.
12. Open Access and log in as the user you created in step 7 (the password will be blank). Cancel the opening dialog.
13. Go to Tools, Security, User and Group Accounts. Click on the Change Logon Password tab and enter a password for this user. Click on OK.
At this point, you can either use the security wizard or secure it manually. If you are using Access 97, use the wizard. If you are using version 2000, do not use the security wizard - secure it manually.
Using the Wizard:
14. Open the database you want to secure. Go to Tools, Security, User Level Security Wizard.
15. Choose all objects and click on OK.
16. Choose a suitable location and name for your secure mdb and click on Save.
17. The wizard will create the new secure mdb, and your original mdb will not be changed. You’ll get a confirmation message when it is completed. Your new user will be the owner of the secure mdb and all its objects. The Users Group will have no permission on anything.
18. When the wizard is completed, close the database window. Open your new secure mdb.
19. Go to Tools, Security, User and Group Permissions.
20. Click on the List Groups option, and then select the Users Group in the list.
21. Beside Object Type choose Database, and uncheck the Open/Run permission, and click OK.
22. Proceed to Final Steps, below.
Secure it manually:
14. Create a new database, choosing a suitable location and name.
15. Go to File, Get External Data, Import
16. Locate your database. Click on each tab and click Select All. If your database has custom menus and/or import/export specs, click on Options and ensure you include those. Click OK.
17. Go to Tools, Security, User and Group Permissions.
18. Click on the List Groups options, and then select the Users Group in the list.
19. Beside Object Type choose Database, and uncheck all permissions.
20. Choose Object Type Tables, select all items under Object Name. Click on Read Design once to remove all permissions and click on Apply. Repeat for the Object Type Queries.
21. Choose Object Type Forms, select all items under Object Name. Click on Read Design and on Open/Run to remove all permissions and click on Apply. Repeat for the Object Type Reports.
22. Choose Object Type Macros, select all items under Object Name. Click on Open/Run once to remove all permissions and click on Apply.
23. Choose Object Type Modules, select all items under Object Name. Click on Read Design once to remove all permissions and click on Apply.
24. Proceed to Final Steps, below.
Final Steps
1. Close Access.
2. Go to Start, Run and type wrkgadm.exe This will open the workgroup administrator and show that you are still joined by default to your secure mdw.
3. Click on Join and locate the original workgroup you were joined to (you wrote down the path).
4. Create a desktop shortcut that has the following as the target:
“path to msaccess.exe” “path to mdb” /wrkgrp “path to secure mdw”
This will ensure that you are joined to the standard system.mdw for all sessions of Access. When you want to use your secure database, you’ll start it using the desktop shortcut.
As a final test, open Windows Explorer, locate your secure mdb and double-click it. You should not be able to open the database at all.
Not Done Yet
So far you have ensured that only by using the secured mdw can someone open your secure database. You haven’t created any groups or users other than the one.
1. Open your database using the shortcut, and login with the username/password you created. Go to Tools, Security, User and Group Accounts.
2. Click on the Groups tab and create the groups you need. Be sure you write down the names and PIDs you enter.
3. Close the dialog.
4. Go to Tools, Security, User and Group Permissions.
5. Click on the Groups option beside List.
6. Select a group that you want to apply permissions to.
7. Go through all the objects in your database assigning the appropriate permissions to this group. Repeat for other groups you have created. Ensure that you don’t assign any permissions to the Users Group.
8. You do not need to assign permissions to individual users. Although it’s possible, it isn’t necessary and will make administration harder.
9. Go to Tools, Security, User and Group Accounts.
10. Click on the Users tab and create users.
11. Once you've created a user, you can assign them membership in one or more groups. That user will automatically inherit the permissions assigned to the group.