Help protect an Access database and its objects with user-level security (MDB)

 Note   The information in this topic applies only to a Microsoft Access database (.mdb).

User-level security (user-level security: When using user-level security in an Access database, a database administrator or an object's owner can grant individual users or groups of users specific permissions to tables, queries, forms, reports, and macros.) is the most flexible and extensive method of implementing security measures for your Microsoft Access database (Microsoft Access database: A collection of data and objects (such as tables, queries, or forms) that is related to a particular topic or purpose.). You can set up security on your database to require users to log on to get into the database or not.

ShowHelp protect a database by using the User-Level Security Wizard

With the User-Level Security Wizard, you can apply user-level security (user-level security: When using user-level security in an Access database, a database administrator or an object's owner can grant individual users or groups of users specific permissions to tables, queries, forms, reports, and macros.) with a comprehensive security scheme and encode your Microsoft Access database (database: A collection of data related to a particular subject or purpose. Within a database, information about a particular entity, such as an employee or order, is categorized into tables, records, and fields.).

  1. Open the database that you want to help protect.
  2. On the Tools menu, click Security, and then click User-Level Security Wizard.
  3. Follow the directions in the wizard dialog boxes.

Notes

ShowHelp protect a database without requiring users to log on

If you want to help protect some parts of a database, such as the design of certain objects, but you do not care about establishing different levels of access for different groups of users, you may want to consider securing an application without requiring users to log on. This does not remove user-level security but essentially disables it for all but specific objects.

  1. Help protect your database by using the User-Level Security Wizard.

ShowHow?

With the User-Level Security Wizard, you can apply user-level security (user-level security: When using user-level security in an Access database, a database administrator or an object's owner can grant individual users or groups of users specific permissions to tables, queries, forms, reports, and macros.) with a comprehensive security scheme and encode your Microsoft Access database (database: A collection of data related to a particular subject or purpose. Within a database, information about a particular entity, such as an employee or order, is categorized into tables, records, and fields.).

  1. Open the database that you want to help protect.
  2. On the Tools menu, click Security, and then click User-Level Security Wizard.
  3. Follow the directions in the wizard dialog boxes.

Notes

  1. For each table, query, form, report, and macro you want to be available to users, grant the appropriate permissions (permissions: A set of attributes that specifies what kind of access a user has to data or objects in a database.) to the Admin user account (Admin account: The default user account. When you install Access, the Setup program automatically includes the Admin user account in the workgroup information file that it creates.)

ShowHow?

  1. Open the database.

The workgroup information file (workgroup information file: A file that Access reads at startup that contains information about the users in a workgroup. This information includes users' account names, their passwords, and the groups of which they are members.) in use when you log on must contain the user (user account: An account identified by a user name and personal ID (PID) that is created to manage the user's permissions to access database objects in an Access workgroup.) or group accounts (group account: A collection of user accounts in a workgroup, identified by group name and personal ID (PID). Permissions assigned to a group apply to all users in the group.) that you want to assign permissions for at this time; however, you can assign permissions (permissions: A set of attributes that specifies what kind of access a user has to data or objects in a database.) to groups and add users to those groups later.

  1. On the Tools menu, point to Security, and then click User And Group Permissions.
  2. On the Permissions tab, click Users or Groups, and then in the User/Group Name box, click the user or group that you want to assign permissions to.
  3. Click the type of object in the Object Type box, and then click the name of the object to assign permissions for in the Object Name box. Select multiple objects in the Object Name box by dragging through the objects you want to select, or by holding down CTRL and clicking the objects you want.

 Note   Hidden objects aren't displayed in the Object Name box unless you select Hidden objects on the View tab of the Options dialog box (Tools menu).

  1. Under Permissions, select the permissions you want to assign, or clear the permissions you want to remove for the group or user, and then click Apply. Repeat steps 4 and 5 to assign or remove permissions for additional objects for the current user or group.
  2. Repeat steps 3 through 5 for any additional users or groups.

 Notes 

  • Some permissions automatically imply the selection of others. For example, the Modify Data permission for a table automatically implies the Read Data and Read Design permissions because you need these to modify the data in a table. Modify Design and Read Data imply Read Design. For macros (macro: An action or set of actions that you can use to automate tasks.), Read Design implies Open/Run.
  • When you edit an object and save it, it retains its assigned permissions. However, if an object is saved with a new name, it is now a new object, and so has the default permissions defined for that object type rather than the permissions of the original object.
  1. Turn off the Logon dialog box.

ShowHow?

If you don't need to establish different levels of permissions (permissions: A set of attributes that specifies what kind of access a user has to data or objects in a database.) for different groups of users, you can have Microsoft Access automatically log users on as the Admin user (Admin account: The default user account. When you install Access, the Setup program automatically includes the Admin user account in the workgroup information file that it creates.) in the Users group (Users group: The group account that contains all user accounts. Access automatically adds user accounts to the Users group when you create them.) with the permissions specified for that group. Users will not be required to enter their user name and password in the Logon dialog box when they open the database. Using this method, you can help protect any or all of the objects in a database. However, each user will have the same set of permissions. This does not remove user-level security (user-level security: When using user-level security in an Access database, a database administrator or an object's owner can grant individual users or groups of users specific permissions to tables, queries, forms, reports, and macros.) from the database.

  1. Join the workgroup (workgroup: A group of users in a multiuser environment who share data and the same workgroup information file.) that has the logon procedure that you want to deactivate.

ShowHow?

 Important   If you are setting up user-level security (user-level security: When using user-level security in an Access database, a database administrator or an object's owner can grant individual users or groups of users specific permissions to tables, queries, forms, reports, and macros.) and need to make sure that your workgroup (workgroup: A group of users in a multiuser environment who share data and the same workgroup information file.) and its permissions (permissions: A set of attributes that specifies what kind of access a user has to data or objects in a database.) can't be duplicated, you should make sure the workgroup information file (workgroup information file: A file that Access reads at startup that contains information about the users in a workgroup. This information includes users' account names, their passwords, and the groups of which they are members.) that defines the workgroup you're joining has been created with a unique workgroup ID (WID (workgroup ID: A case-sensitive alphanumeric string that is 4 to 20 characters long and that you enter when creating a new workgroup information file by using the Workgroup Administrator. This uniquely identifies the Admin group for this workgroup file.)). If such a workgroup information file doesn't exist, you should create one.

  1. Start Microsoft Access.
  2. On the Tools menu, point to Security, and then click Workgroup Administrator.
  3. In the Workgroup Administrator dialog box, click Join.
  4. Type the path and name of the workgroup information file that defines the Microsoft Access workgroup you want to join, and then click OK, or click Browse and then use the Select Workgroup Information File dialog box to locate the workgroup information file.

The next time you start Microsoft Access, it uses the user (user account: An account identified by a user name and personal ID (PID) that is created to manage the user's permissions to access database objects in an Access workgroup.) and group accounts (group account: A collection of user accounts in a workgroup, identified by group name and personal ID (PID). Permissions assigned to a group apply to all users in the group.) and passwords stored in the workgroup information file for the workgroup you joined.

  1. On the Tools menu, point to Security, and then click User And Group Accounts.
  2. Click the Users tab.
  3. In the Name box, select Admin from the list, and then click Clear Password.

The next time any member of the workgroup that you joined in step 1 starts Microsoft Access and opens a database, it will no longer display the Logon dialog box.

 
 
Applies to:
Access 2003