Microsoft Access Database Security R. Baker
Database security is an important issue in all organizations for several reasons. The data itself is an asset to the organization and has a value like all other assets. Organizational data takes significant time to accumulate and process into the database. Customer data contains the names of the organization’s customers, customer contacts, sales records, phone numbers and addresses. This data is the basis for continued customer sales and service. It could be harmful to the organization if it became available to competitors. Employees have an expectation of privacy regarding their data maintained in the organization’s database. Data regarding employee personal information, pay, and performance must be protected to maintain employee privacy.
The database’s design and structure must also be protected. As you have experienced over the past few weeks, designing and debugging a functional database for an organization is a time consuming and complex process. Once the database is functional, the design and structure that allow the database to operate effectively must be protected from unauthorized tampering. Many users like to experiment with organizational systems both to try to improve on the system and to see how the system works. Unfortunately, this often results in damage to the underlying structure of the system rendering it dysfunctional. Securing the system and restricting user access to the underlying structure and code prevents this occurrence.
A final reason to secure databases is to prevent theft of data or vandalism of the database by users. Data has a market value, and unscrupulous users may make unauthorized copies of the dataset and attempt to sell it. Disgruntled employees may intentionally delete data or damage the underlying database structure in an attempt to “get even” with the organization for a perceived injustice. Securing the database can significantly reduce these problems for organizations.
The initial method of increasing database security is to set a password for the database. In order to set an Access database password, the database must be opened for exclusive use. Use the following steps to open an Access database for exclusive use and set a database password:
1. Click File on the Menu Bar and select Open.
2. When the Open window displays, click the down arrow beside the open button to display the drop down menu. Select Open Exclusive to open the database for exclusive use. 3. When the database opens, click Tools on the Menu Bar, click Security and select Set
Database Password from the Security menu.
Figure 2 - Security Menu
4. If the database was not opened for exclusive use, the following error message displays. If this occurs, click the OK button, close the database, and reopen for exclusive use using the procedures stated above.
Figure 3 - Error Message Resulting From Not Opening The Database For Exclusive Use 5. If the database was properly opened for exclusive use, the following Set Database
Figure 4 - Set Database Password Input Box
Enter an alpha-numeric database password into the Password box and enter it again in the Verify box.
6. Click the OK button and close the database.
7. Reopen the database (open normally, do not open for exclusive use). The following Password Required input box displays.
Figure 5 - Password Required Input Box 8. Enter the password and click the OK button. The database opens.
9. To remove the password, click Tools then click Security. Click Unset Database Password and the following Unset Database Password input box displays:
Figure 6 - Unset Database Password Input Box
10. Enter the password and click OK. The password is removed from the database. Access Security Wizard
Access user-level security functions in a similar manner to the security systems used by other database programs. Passwords and permissions and can be set to allow or restrict the access of individual users to the objects of the database. Security accounts identify the users or groups of users who are allowed access to the various objects in the database. The Access Security Wizard is used to set user-level security passwords and permissions. If a password has been set for the database, the password must be unset to use the Access Security Wizard. After unsetting the database password, use the following steps to set user-level security.
Figure 7 - Security Wizard Screen One
2. When the wizard opens, click the Help button and review the information regarding user-level security and setting permissions provided. After reviewing the information, click the Next button. The following Security Wizard screen opens:
Figure 8 - Security Wizard Screen Two
Figure 9 - Security Wizard Screen Three
4. All database objects are secured by default. If any objects are not to be secured, deselect those not needing security by clicking the check box beside the object name. Click the Next button to open the following screen:
Figure 10 - Security Wizard Screen Three
Figure 11 - Security Wizard Screen Four
6. Security Wizard screen four allows the developer to assign specific permissions to all users, including those users not assigned to a group with predetermined. Notice the caution statement associated with this screen. Anyone with a copy of Access will have same permissions that you assign to the Users group. Permissions are assigned for the database in general or for individual object categories in the database. Since users who need to work with the database may be placed into a group, assign these permissions sparingly. Click the button beside the statement “No, the Users group should not have any permissions.” Click the Next button to open the following wizard screen:
7. The above screen allows users to be added to the workgroup information file. To add users, enter the User Name and password in the appropriate input boxes and click the Add This User to the List button. Add the users Jefferson Minaret (password et6652) and Joseph Spartan (password an3217). Click the Next button to display the following wizard screen:
Figure 13 - Security Wizard Screen Six
8. This screen of the Security Wizard allows users to be assigned to groups. When a user is assigned to a group, the user obtains the security permissions of the group. To assign a user to a group, click the button for “Select a user and assign the user to groups.” Then select the user using the “Group or user name” drop down menu. Finally, click the group or groups to assign the group to the user. Users may also be assigned to groups by clicking the button for “Select a group and assign users to the group.” MAKE SURE YOU ASSIGN YOURSELF FULL PERMISSIONS. Click the Next button to display the final wizard screen:
9. The Security Wizard creates a backup copy of the database that is not secured. Using the final screen of the Security Wizard, click the Browse button to select a location and name the backup. Click the Finish button to complete security permission assignments. The wizard creates a Security Wizard Report similar to the following figure. The report contains the names of the users granted permissions to the database, the groups the users are assigned to, the users’ personal ID codes and passwords. This report should be printed and stored in a secure location in the event permissions need to be recreated at a future time.
Figure 15 - One-Step Security Wizard Report
10. To activate the database security, close the database and close access. When the database is reopened, the following Logon input box displays:
Figure 16 - Database Security Logon
