3 4
To work effectively and to minimize maintenance tasks later, use these project management practices:
For details about reusing project items, see Importing Files into and Exporting Files from Your Project in Creating a VBA Project earlier in this chapter.
When you remove an item, you permanently delete it from the project list—you cannot undo the Remove action. Make sure remaining code in other modules and user forms doesn't refer to code in the removed item.
To protect your code from being viewed or modified by users, you can lock a project. When you lock a project, you set a password that must be entered before the project can be viewed in the Project Explorer.
The next time you open the Visio file, the project is locked. Anyone who wants to view or edit the project must enter a password.
Like other Microsoft Office or Office XP products, Microsoft Visio uses Microsoft Authenticode technology to allow you to digitally sign VBA projects in your documents by using a digital certificate that identifies you as a trusted source. Visio has security-level settings that allow users to identify code produced by trusted sources and to prevent unsigned VBA projects from running in Visio.
To produce a trusted solution, you need to obtain and install a digital certificate that you can use to digitally sign your VBA projects in Visio documents. When opening a signed document, Visio can verify if an authentic digital signature exists and determine if the signed VBA project has been altered in any way since it was signed. Depending on the security level, Visio either automatically disables macros that might have been altered, or lets the user decide whether to enable or disable these macros.
Note
As a Visio solution developer, digitally signing your VBA projects can help to ensure that your solution users will be able to run the solution without being blocked by security settings. However, there are some security options in the control of users and administrators that can potentially interfere with your solution. For details, see Security and policy settings that can affect your solution's VBA code later in this section.
A Visio document opens in run mode by default unless the macros in the document have been disabled. Macros are enabled or disabled depending on the security level setting for Visio and whether the VBA project has been digitally signed. The following table describes the possible ways that security settings, signed and unsigned projects, and trusted and untrusted sources can interact when a document opens.
How security levels and digital signatures work together
Type of document and verification result | High security | Medium security | Low security |
---|---|---|---|
No project | Document is opened. | Document is opened. | Document is opened. |
Unsigned project | Macros are automatically disabled without notification and the document opens. | User is prompted to enable or disable macros. | No prompt. Macros are enabled. |
Signed project from a trusted source. Verification succeeds. | Macros are automatically enabled and the document opens. | Macros are automatically enabled and the document opens. | Macros are enabled. |
Signed project from an unknown author. Verification succeeds. | A dialog box is displayed with information about the certificate. Macros can be enabled only if the user chooses to trust the author and certifying authority by selecting the Always trust macros from this author check box in the Security Warning dialog box. A network administrator can lock the trusted sources list and prevent the user from adding the author to the list and enabling the document's VBA project's macros. | A dialog box is displayed with information about the certificate. The user is prompted to enable or disable macros. Optionally, the user can choose to trust the author and certifyingauthority by selectingthe Always trust macros from this author check box in the Security Warning dialog box. | No prompt or verification. Macros are enabled. |
Signed project from any author. Verification fails, due to a virus. | User is warned of a possible virus. Macros are automatically disabled. | User is warned of a possible virus. Macros are automatically disabled. | No prompt or verification. Macros are enabled. |
Signed project from any author. Verification not possible because public key is missing or incompatible encryption methods were used. | User is warned that verification is not possible. Macros are automatically disabled. | User is warned that verification is not possible. User is prompted to enable or disable macros. | No prompt or verification. Macros are enabled. |
Signed project from any author. The signature was made after the certificate had expired or been revoked. | User is warned that the signature has expired or been revoked. Macros are automatically disabled. | User is warned that the signature has expired or been revoked. User is prompted to enable or disable macros. | No prompt or verification. Macros are enabled. |
If the user selects the Always trust macros from this source check box in the Security Warning dialog box, the certificate is listed on the Trusted Sources tab of the Security dialog box.
The Trusted Sources tab in the Security dialog box lists all digital certificates that have been previously accepted by a user or that have been previously installed by a network administrator. A user doesn't add trusted sources directly to this dialog box, but can add a new certificate to the list by selecting the Always trust macros from this author check box upon opening a signed document from a new source for the first time. An administrator can lock the trusted sources list so that no new sources can be added to the list by users. Therefore, only macros signed by using approved certificates currently in the list will run.
Note
High Runs code only from trusted sources.
Medium Permits users to choose whether to run potentially unsafe code.
Low Runs all code, trusted or not.
Note
To digitally sign VBA projects in your solution, you must first obtain a digital certificate for software publishing. You can get a digital certificate in three ways:
For more information about digital certificates and digital signatures, search on these terms in the MSDN Library: "digital signature," "digital certificate," "Authenticode," and "security."
If a VBA project has been signed previously, clicking Choose and selecting a new digital certificate replaces the previous signature. To remove a signature from a previously signed project, click Remove.
Be aware that administrators and users can set security levels, installation options, or run-time options for VBA projects that might interfere with your solution's ability to run VBA code in Visio.
Users can set Visio security levels and whether VBA is enabled or disabled in Visio at run time in the Visio application. Administrators can set security policies using a Policy Editor or logon scripts, or by manually updating the registry. Settings that affect security and the ability to run code in a solution include the following:
Visio users and administrators can also disable VBA in Visio by choosing not to install VBA. If another application installs VBA, it will then become available to Visio. In that case, users and administrators would still have the option to disable VBA temporarily using the methods previously mentioned.
Additional details for administrators on setting security policies can be found in the Microsoft Visio Resource Kit, available from the Microsoft Visio Web site (http://www.microsoft.com/office/visio/).
In the Visual Basic Editor, you can use the Add-In Manager to manage add-ins that extend the VBA development environment. These add-ins are COM-based and provide the developer with a way to use a single add-in to add functionality to any VBA host application (VBA version 6.0 and later), including Visio. For more information about add-ins, see the Microsoft Visual Basic Help.
The Add-In Manager dialog box appears with a list of add-ins that have been registered with Visio.
Note