Decide whether to trust a database

Access 2010 uses a security model that is simpler than earlier versions. In Access 2010, you indicate whether you trust a database, and all other security decisions are made for you automatically, based on your trust decision. This is the same process as in Access 2007, but it is even more streamlined in Access 2010.

This article contains an overview of how trust works in Access 2010, how it differs from security in earlier versions of Access, and what factors you should consider when you decide whether to trust a database. This article does not explain the use of digital signatures (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) in trust decisions. For more information, see Show trust by adding a digital signature.

In this article


Overview

If you used the security features in versions of Access earlier than Access 2007, you had to make a series of choices when you opened a database. For example, you had to choose between security levels (Low, Medium, or High), and whether you wanted to run potentially unsafe code or not. You no longer have to make those kinds of decisions when you open a database in Access 2010. By default, Access 2010 disables all the potentially unsafe code or other components in a database, regardless of the version of Access that you used to create the database.

Changes since Access 2007

Access 2007 also presents one trust choice when you open a database from a non-trusted location, but when you click the button on the Message Bar, you are presented with a few more options. In Access 2010, these options are further streamlined, and now you only need to click once to trust a database.

How Access 2010 lets you trust a database

When Access disables content, it informs you of the action by displaying the Message Bar.

Message Bar

If you see the Message Bar, you can choose whether to trust the disabled content in the database. If you decide to trust the disabled content, you can do so in two ways:

  • Use the Message Bar    Click Enable Content on the Message Bar. When you choose this option, you may need to repeat the procedure if the database changes.
  • Trust the database permanently    Place the database in a trusted location — a folder on a drive or network that you mark as trusted. When you choose this option, you no longer see the Message Bar, and you never have to enable the database content as long as the database remains in the trusted location.

If you do not want to trust the database, ignore or close the Message Bar. When you ignore or close the Message Bar, you can still view the data in the database and use any components in the database that Access has not disabled.

Top of Page Top of Page

Factors to consider when deciding whether to trust a database

Before you decide whether to trust a database, you should consider the following factors.

  • Your own security policy    You or your company may have a security policy in place that specifies how to handle Access database files. For example, you might have a very robust backup system in place, and decide that you are willing to trust most database files, unless you have a specific reason not to. Conversely, you may not have a good backup system, and therefore might want to be very cautious when you decide whether to trust a database.
  • Your goal    When Access disables content in a database that you have not trusted, it does not block your access to the data in that database. If you want to review the data in a database and do not want to perform any actions that might be unsafe, such as running an action query or using certain macro actions, you do not have to trust the database. If you are not sure whether an action is considered unsafe, you can try to perform the action while the database content has been blocked by disabled mode. If the action is potentially unsafe, it will be blocked in this circumstance.
  • The database source    If you created the database, or if you know that it came from a source that you trust, you can decide to trust the database. If the database came from a possibly unreliable source, you might want to leave the database untrusted until you make sure that its content is safe.
  • The contents of the database file    If you cannot make a trust decision based on other information, you might consider thoroughly examining the database contents to see what potentially unsafe content the database might contain. After you conduct a complete check and are sure that the content is safe, you can decide to trust the database.
  • The security of the location where the database is stored    Even if you know that the contents of a database file are safe, if the file is stored in a location that is not fully secure, someone might introduce unsafe content into the database. You should be careful when deciding to trust database files that are stored in locations that might not be secure.

Top of Page Top of Page

Ways to trust a database

After you decide to trust a database, you can either trust it by using the Message Bar, or by putting the database file in a trusted location.

Enable content by using the Message Bar

The Message Bar appears just under the ribbon.

Message Bar

  • In the Message Bar, click Enable Content.

If you don't see the Message Bar but content has been disabled, make sure that the Message Bar is enabled.

Enable the Message Bar

  1. Click the File tab. Backstage view opens.
  2. On the left, under Access, click Options.
  3. In the left pane of the Access Options dialog box, click Trust Center.
  4. In the right pane, under Microsoft Office Access Trust Center, click Trust Center Settings.
  5. In the left pane of the Trust Center dialog box, click Message Bar.
  6. In the right pane, click Show the Message Bar in all applications when active content, such as macros and ActiveX controls, has been blocked, and then click OK.
  7. Close and reopen the database to apply the changed setting.

Once the Message Bar is visible and enabled, you can use it to enable content.

Move a database file to a trusted location

To specify that a given database is trustworthy and should be enabled by default, make sure that the database file is located in a trusted location. A trusted location is a folder or file path on your computer or a location on your intranet from which it is considered safe to run code. Default trusted locations include the Templates, AddIns, and Startup folders. You can also specify your own trusted locations.

 Tip   If you want to know the path of the current database, click the File tab to open Backstage view. The full path of the current database's location is listed on the Info tab.

  • Open the folder where the database file is currently located, and then copy the database file into the trusted location that you want.

Specify a trusted location

  1. On the File tab, click Options.
  2. In the Access Options dialog box, on the left, click Trust Center.
  3. On the right, under Microsoft Office Access Trust Center, click Trust Center Settings.
  4. In the left pane of the Trust Center dialog box, click Trusted Locations.
  5. To add a network location, in the right pane, select the Allow Trusted Locations on my network check box.
  6. Click Add new location.
  7. In the Microsoft Office Trusted Location dialog box, use one of the following methods:
    • In the Path box, type the full path of the location that you want to add.
    • Click Browse to browse to the location.
  8. To specify that subfolders of the new trusted locations should also be trusted, select the Subfolders of this location are also trusted check box.
  9. Optionally, in the Description box, type a description for the trusted location.

Top of Page Top of Page

 
 
Applies to:
Access 2010