Decide whether to trust a database

Microsoft Office Access 2007 uses a new security model that is simpler than earlier versions. In Access 2007, you indicate whether you trust a database, and all other security decisions are made for you automatically, based on your trust decision. This article contains an overview of how trust works in Access 2007, how it differs from security in earlier versions, and what factors you should consider when you decide whether to trust a database.

This article does not explain the use of digital signatures (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) in trust decisions. For more information, see Show trust by adding a digital signature.

In this article


Overview

If you used the security features in earlier versions of Access, you had to make a series of choices when you opened a database. For example, you had to choose between security levels (Low, Medium, or High), and whether you wanted to run potentially unsafe code or not. You no longer have to make those kinds of decisions when you open a database in Access 2007. By default, Access 2007 disables all the potentially unsafe code or other components in a database, regardless of the version of Access that you used to create the database.

When Access disables content, it informs you of the action by displaying the Message Bar.

Message Bar

If you see the Message Bar, you can choose whether to trust the disabled content in the database. If you choose to trust the disabled content, you can do so in two ways:

  • Trust the database only for the current session (while the database is open)    Click Options on the Message Bar. A dialog box appears in which you can choose to trust the database. When you choose this option, you must repeat the procedure every time that you open the database.
  • Trust the database permanently    Place the database in a trusted location — a folder on a drive or network that you mark as trusted. When you choose this option, you no longer see the Message Bar, and you never have to enable the database content as long as the database remains in the trusted location.

If you do not want to trust the database, ignore or close the Message Bar. When you ignore or close the Message Bar, you can still view the data in the database and use any components in the database that Access has not disabled.

Top of Page Top of Page

Factors to consider when deciding whether to trust a database

Before you decide whether to trust a database, you should consider the following factors.

  • Your own security policy    You or your company may have a security policy in place that specifies how to handle Access database files. For example, you might have a very robust backup system in place, and decide that you are willing to trust most database files, unless you have a specific reason not to. Conversely, you may not have a good backup system, and therefore might want to be very cautious when you decide whether to trust a database.
  • Your goal    When Access disables content in a database that you have not trusted, it does not block your access to the data in that database. If you want to review the data in a database and do not want to perform any actions that may be unsafe, such as running an action query or using certain macro actions, you do not need to trust the database. If you are not sure whether an action is considered unsafe, you can try to perform the action while the database content has been blocked by disabled mode. If the action is potentially unsafe, it will be blocked in this circumstance.
  • The database source    If you created the database, or if you know that it came from a source that you trust, you can decide to trust the database. If the database came from a possibly unreliable source, you might want to leave the database untrusted until you can be sure that its content is safe.
  • The contents of the database file    If you cannot make a trust decision based on other information, you might consider thoroughly examining the database contents to see what potentially unsafe content the database might contain. After you conduct a complete check and are sure that the content is safe, you can decide to trust the database.
  • The security of the location where the database is stored    Even if you know that the contents of a database file are safe, if the file is stored in a location that is not fully secure, it is possible that someone might introduce unsafe content into the database. You should be careful when deciding to trust database files that are stored in locations that might not be secure.

Top of Page Top of Page

Ways to trust a database

After you decide to trust a database, you can either trust it once — and enable database content for a session — or you can trust it indefinitely by putting the database file in a trusted location.

Enable database content for a session

To enable database content for a session, you use the Message Bar.

Message Bar

The Message Bar appears just under the Ribbon, and is part of the Microsoft Office Fluent User Interface.

Use the Message Bar to enable content

If you do not see the Message Bar, it may be hidden or disabled. To use it, you must first show or enable it.

Show the Message Bar

If you see the Message Bar, you can skip this step.

  • On the Database Tools tab, in the Show/Hide group, select the Message Bar check box.

If the Message Bar check box is disabled, you can enable it.

Enable the Message Bar

If the Message Bar check box is enabled, you can skip this step.

  • Click the Microsoft Office Button Button image, and then click Access Options.
  • In the left pane of the Access Options dialog box, click Trust Center.
  • In the right pane, under Microsoft Office Access Trust Center, click Trust Center Settings.
  • In the left pane of the Trust Center dialog box, click Message Bar.
  • In the right pane, click Show the Message Bar in all applications when content has been blocked, and then click OK.
  • Close and reopen the database to apply the changed setting.

Once the Message Bar is visible and enabled, you can use it to enable content.

Enable content using the Message Bar
  1. In the Message Bar, click Options.
  2. In the Microsoft Office Security Options dialog box, click Enable this content, and then click OK.

Top of Page Top of Page

Enable a database by default

To specify that a given database is trustworthy and should be enabled by default, make sure that the database file is located in a trusted location. A trusted location is a folder or file path on your computer or a location on your intranet from which it is considered safe to run code. Default trusted locations include the Templates, AddIns, and Startup folders. You can also specify your own trusted locations.

 Tip   If you want to know the path of the current database, click the Microsoft Office Button, click Manage, and then click Database Properties. The full path of the current database's location is listed on the General tab of the Database Properties dialog box.

Move a database file to a trusted location

  • Open the folder where the database file is currently located, and then copy the database file into the trusted location that you want.

Specify a trusted location

  • In the Message Bar, click Options.
  • At the bottom of the Microsoft Office Security Options dialog box, click Open the Trust Center.
  • In the left pane of the Trust Center dialog box, click Trusted Locations.
  • To add a network location, in the right pane, select the Allow Trusted Locations on my network check box.
  • Click Add new location.
  • In the Microsoft Office Trusted Location dialog box, do one of the following:
    • In the Path box, type the full path of the location that you want to add.
    • Click Browse to browse to the location.
  • To specify that subfolders of the new trusted locations should also be trusted, select the Subfolders of this location are also trusted check box.
  • Optionally, in the Description box, type a description for the trusted location.

Top of Page Top of Page

 
 
Applies to:
Access 2007