As long as you are the only one working with a database, security issues are not usually a big concern. However, in a multi- user environment, you will probably need to consider how to secure the information your database contains. There are many threats to your data's integrity. It needs to be protected from users accidentally deleting important records or reports . Some parts of your database, such as a table containing employee salaries and social security numbers , will need to be restricted to a select group of users. You may even need to devise ways to protect your database from being hacked by someone using special programs designed to view your most sensitive data. Access security features help you ensure that your data will be secure under almost all circumstances.
Creating and Using Workgroups
A workgroup is a group of users in a multi-user environment who share data. A company's workgroup might consist of all of its employees , and to a certain extent, its customers and shareholders. Access stores workgroup information in a special file called the workgroup information file , also known as the system database . Access created a default workgroup information file during its initial setup. The information is typically stored in the System.mdw file located in the C:\Windows\System folder. You have been using this workgroup file since the first day you started Access, even if you weren't aware of it.
If you need to support several different workgroups, such as when there are several different multi-user environments (employees, customers, and shareholders, for example) Office 2003 supplies a utility called the Workgroup Administrator , which allows you to create new workgroup information files. Even if you don't intend to support several workgroups, it is recommended that you replace the default workgroup information file with one of your own, because it is possible for unauthorized users to copy the default workgroup file and use it to gain access to your data.
If you do support several workgroups, you have to use the Workgroup Administrator to join the appropriate group before you start Access. As long as you're using only the default workgroup, you automatically joined the workgroup when you ran the Access Setup program and have remained joined to it since.
Working with User and Group Accounts
Access allows you to organize the users in a workgroup into groups . Each group might enjoy different privileges. Users in some groups might have the ability to add, edit and delete data; other user groups might be limited to viewing data. You can create workgroups and populate them with users. You can also specify the privileges for these groups or for individual users within a group. You can apply privileges to specific tables, queries, and reports or to whole databases. The list of users, groups and privileges also becomes part of the workgroup information file.
Using the Admins Group
Access, by default, creates the Admins group (short for Administrative), which is the group of users that have complete control over all database objects and the database itself. When you initially start Access, you are a member of the Admins group with the user name "Admin." As long as you are the sole user of your database, you are probably not even aware that you have such an account and are a member of such a group. Access keeps this feature hidden from you. However, if others will have access to your database, you may want to take steps to keep them from being given the same default privileges that you were given.
Activating Account Logons
To protect your data from other users acting as the Admin user, you have to specify a password for the Admin account. When you specify a password, you activate Access's logon procedure, requiring users to enter a user name and password before being able to start Access. You can then insert passwords for each individual account, requiring users to enter their own user name and password to start Access. User names and passwords are also stored in the workgroup information file.
You cannot assign a single user name and password to an entire group; each user must have a unique name and password. A user can create or change his or her own password; however, only the Admin user can clear a password if a user forgets it.
Another Access security feature allows the ownership of the various tables, reports, forms, and databases. By default, the owner of an object is the account that created the object (usually the Admin account). An account that owns a database object always has full privileges to edit or delete that object. An account that owns a database can always open the database. You can use the Admin account to assign ownership of these objects to various users and groups, even if they did not create the object themselves . In this way, you can prohibit certain users from accessing sensitive databases by assigning ownership to accounts not included in their workgroup information file.
Using Database Passwords
Access prompts for the user password once, when the user starts Access. After that, Access does not query the user again, unless you assign a database password to a specific database. In this case, all users must enter a password before gaining access to that database. Adding a database password is an easy way to keep unauthorized users out of sensitive material; however, once the user gains access to the database, you will still need to use the other security features to control the user's privileges and behavior in that database.
A final area where the security of your data could be compromised is unauthorized data retrieval with applications other than Access. By using specialized utility programs, or even word processors, a user can bypass Access's security features to view your sensitive material. If this is a concern, you can encrypt your data. When you encode a database file, Access makes it indecipherable to unauthorized viewing, especially during electronic transmission or when it's stored on a disk or tape. The encoding does not affect Access, however, except that it can slow performance by 10 to 15 percent.