Introduction to Access 2010 security

This article provides an overview of the security features offered by Access 2010, and explains how to use the tools that Access provides for helping to secure a database. This article also links to more detailed content about various security features.

This article does not discuss the SharePoint security features that are available if you publish your database to the web by using Access Services. For more information, see Help in Microsoft SharePoint Server 2010.

In this article


What's new in Access security

Access provides an improved security model that helps to simplify the processes of applying security to a database and of opening a database that has security enabled.

 Note   Although the model and techniques discussed in this article enhance security, the most secure way to help protect your Access data is to store your tables on a server, such as a computer running Windows SharePoint Services 3.0 or Microsoft Office SharePoint Server 2010.

Here's what's new in Access security:

New in 2010

  • New encryption technology     Office 2010 offers new encryption technology that is stronger than the technology offered in Office 2007.
  • Support for third party encryption products     Access 2010 lets you use a third party encryption technology if you prefer. This article does not discuss using third party products.

New in 2007

  • The ability to view data even when you don't want to enable database content     In Microsoft Office Access 2003, if you set your security level to High, you had to code-sign and trust a database before you could view data. Now you can view data without having to decide whether you trust a database.
  • Greater ease of use     If you place database files (in either the new Access file format or the earlier file formats) in a trusted location, such as a file folder or network share that you designate as secure, those files will open and run without displaying warning messages or asking you to enable any disabled content. Also, if you open databases from earlier versions of Access, such as .mdb or .mde files, in Access 2010, and those databases have been digitally signed and you have chosen to trust the publisher, those files will run without the need to make trust decisions. However, remember that VBA code in a signed database will not run until you trust the publisher, and it will not run if the digital signature becomes invalid. A signature becomes invalid when someone other than the person who signed it tampers with the content of a database.

If you are unsure of whether to trust a certificate, the article How to tell if a digital signature is trustworthy provides general information about checking the dates and other items in a certificate to ensure that it is valid.

  • Trust Center     The Trust Center is a dialog box that provides a single location for setting and changing security settings for Access. You use the Trust Center to create or change trusted locations and to set security options for Access. Those settings affect how new and existing databases behave when they are opened in that instance of Access. The Trust Center also contains logic for evaluating the components in a database and for determining whether the database is safe to open or whether the Trust Center should disable the database and let you decide to enable it.

For general information about using the Trust Center, see the article View my security and privacy settings in the Trust Center.

  • Fewer warning messages     Earlier versions of Access forced you to deal with a variety of alert messages — macro security and sandbox mode, just to name two. By default, if you open an .accdb file that you have not already trusted, you see a single tool called the Message Bar.

Message Bar

If you want to trust the database, you can use the Message Bar to enable any disabled database content — action queries (queries that add, delete, or change data), macros, ActiveX controls, expressions (functions that evaluate to a single value), and VBA code — when you open a database that contains one or more of those components.

  • New ways to sign and distribute database files     In versions of Access earlier than 2007, you used the Visual Basic Editor to apply a security certificate to individual database components. Now you package the database, and then sign and distribute the package.

If you extract a database from a signed package to a trusted location, the database opens without displaying the Message Bar. If you extract a database from a signed package to an untrusted location, but you have trusted the package certificate and the signature is valid, the database opens without displaying the Message Bar.

 Note   When you package and sign a database that is untrusted or that contains an invalid digital signature, you must use the Message Bar to trust the database each time you open it, unless you place it in a trusted location.

  • A stronger algorithm for encrypting databases in the .accdb file format that use the database password feature     Encrypting a database scrambles the data in your tables and helps prevent unwanted users from reading your data.

 Note   When you encrypt a database with a password, the encrypted database will use page-level locking, regardless of your application settings. This may affect the availability of data in a shared environment.

  • A new subclass of macro actions that run when a database is disabled     These safer macros also contain error-handling capabilities. You can also embed macros (even those that contain actions that Access disables) directly into any form, report, or control property that would logically work with a module of VBA code or a macro from an earlier version of Access.

Finally, remember these rules as you proceed:

  • If you open a database in a trusted location, all components run without the need to make trust decisions.
  • If you package, sign, and deploy a database with an older file format (.mdb or .mde file), all components run without the need to make trust decisions if the database contains a valid digital signature from a trusted publisher, and you trust the certificate.
  • If you sign and deploy an untrusted database to an untrusted location, the Trust Center disables the database by default, and you must choose to enable the database each time you open it.

Access and user-level security

Access does not support user-level security for databases that are created in the new file format (.accdb and .accde files). However, if you open a database from an earlier version of Access in Access 2010 and that database has user-level security applied, those settings will still function.

 Important   Permissions created by using the user-level security feature do not protect your database from users who have malicious intent, and are not intended as a security barrier. It is appropriate to use this feature to improve the usability of a database for trusted users. To help keep your data secure, allow only trusted users to access your database file or associated user-level security files by using Windows file system permissions.

If you convert a database from an earlier version of Access with user-level security to the new file format, Access strips out all security settings automatically, and the rules for securing an .accdb or .accde file apply.

Finally, remember that all users can see all database objects at all times when you open databases that have the new file format.

Access security architecture

To understand the Access security architecture, you need to remember that an Access database is not a file in the same sense as an Excel workbook or a Word document. Instead, an Access database is a set of objects — tables, forms, queries, macros, reports, and so on — that often depend on each other to function. For example, if you create a data entry form, you cannot enter or store data with that form unless you bind (link) the controls in the form to a table.

Several Access components can pose security risks, and are therefore disabled in an untrusted database:

  • Action queries (queries that insert, delete, or change data)
  • Macros
  • Some expressions (functions that return a single value)
  • VBA code

To help make your data more secure, Access and the Trust Center perform a set of security checks whenever you open a database. The process works as follows:

  • When you open an .accdb or .accde file, Access submits the location of the database to the Trust Center. If the Trust Center determines that the location is trusted, the database runs with full functionality. If you open a database that has an earlier file format, Access submits the location of the file and details about its digital signature (if any) to the Trust Center.

The Trust Center checks that "evidence" to evaluate trust for the database and then informs Access how to open the database. Access either disables the database or opens it with full functionality.

 Note   Remember that the settings you or your system administrator choose in the Trust Center control the trust decisions that occur when Access opens a database.

For more information about using the Trust Center, see the See Also section.

  • If the Trust Center disables database content, the Message Bar appears when the database opens.

Message Bar

To enable the database content, click Options and then choose the appropriate options in the dialog box that appears. Access enables the disabled content, and the database reopens with full functionality. Otherwise, the disabled components will not work.

  • If you open a database that was created in the earlier file format (.mdb or .mde files), and that database is not signed and trusted, by default, Access disables any executable content.

Disabled mode

When the Trust Center evaluates a database as untrusted, Access opens that database in Disabled mode — that is, it turns off all executable content, regardless of the database file format.

In Disabled mode, Access disables the following components:

  • VBA code and any references in the VBA code, plus any unsafe expressions.
  • Unsafe actions in all macros. "Unsafe" actions are any actions that could allow a user to modify the database or gain access to resources outside the database. However, actions that Access disables can sometimes be considered "safe." For example, if you trust the person who created the database, you can trust any unsafe macro actions.
  • Several types of queries:
    • Action Queries    These add, update, and delete data.
    • Data Definition Language (DDL) Queries     These are used to create or alter objects in a database, such as tables and procedures.
    • SQL Pass Through Queries    These send commands directly to a database server that supports the Open Database Connectivity (ODBC) standard. Pass-through queries work with the tables on the server without involving the Access database engine.
  • ActiveX controls.

When a database opens, Access might attempt to load add-ins — programs that extend the functionality of either Access or the open database. You also might want to run wizards that create objects in the open database. When an add-in is loaded or a wizard starts, Access passes evidence to the Trust Center, which makes additional trust decisions and either enables or disables the object or action. Whenever the Trust Center disables a database and you disagree with that decision, you can almost always use the Message Bar to enable the content. Add-ins provide the exception to that rule. If, in the Trust Center (in the Add-ins pane), you select the Require Application Extensions to be Signed by Trusted Publisher check box, Access prompts you to enable the add-in, but that process does not involve the Message Bar.

Top of Page Top of Page

Use an Access database in a trusted location

When you place an Access database in a trusted location, all VBA code, macros, and safe expressions run when you open the database. You do not have to make trust decisions while the database opens.

The process of using an Access database in a trusted location follows these broad steps:

  1. Use the Trust Center to find or create a trusted location.
  2. Save, move, or copy an Access database to the trusted location.
  3. Open and use the database.

The following sets of steps explain how to find or create a trusted location and then add a database to that location.

Open the Trust Center

  1. On the File tab, click Options.

The Access Options dialog box appears.

  1. Click Trust Center, and under Microsoft Office Access Trust Center, click Trust Center Settings.
  2. Click Trusted Locations, and then do one of the following:
    • Note the path of one or more trusted locations.
    • Create a new trusted location. To do so, click Add new location, and then complete the options in the Microsoft Office Trusted Location dialog box.

Place a database in a trusted location

  • Use your favorite technique for moving or copying a database file to a trusted location. For example, you can use Windows Explorer to copy or move the file, or you can open the file in Access and save it to the trusted location.

Open a database in a trusted location

  • Use your favorite technique for opening a file. For example, you can double-click the database file in Windows Explorer, or, if Access is running, you can click Open on the File tab to locate and open the file.

Top of Page Top of Page

Package, sign, and distribute an Access 2010 database

Access makes it easy and fast to sign and distribute a database. When you create an .accdb file or .accde file, you can package the file, apply a digital signature to the package, and then distribute the signed package to other users. The Package and Sign tool places the database in an Access Deployment (.accdc) file, signs the file, and then places the signed package at a location that you determine. Others can then extract the database from the package and work directly in the database (not in the package file).

Remember these facts as you proceed:

  • Packaging a database and signing the package is a way to convey trust. When you package and sign a database, your digital signature confirms that the database has not been altered after you created the package.
  • After the database is extracted from the package, there is no longer a connection between the signed package and the extracted database.
  • You can use the Package and Sign tool only with databases saved in .accdb, .accdc, or .accde file format. Access also provides tools to sign and distribute databases that were created in an earlier file format. You must use the digital signature tool that is appropriate for the database file format that you are using.
  • You can add only one database to a package.
  • The process digitally signs a package that contains your entire database, not just macros or modules.
  • The process compresses the package file to help reduce download times.
  • You can extract databases from package files that are located on Windows SharePoint Services 3.0 servers.

The steps in the following sections explain how to create a signed package file and how to extract and use the database from a signed package file.

Create a signed package

  1. Open the database that you want to package and sign.
  2. On the File tab, click Save & Publish, and then under Advanced click Package and Sign.

The Select Certificate dialog box appears.

  1. Select a digital certificate and then click OK.

The Create Microsoft Office Access Signed Package dialog box appears.

  1. In the Save in list, select a location for your signed database package.
  2. Enter a name for the signed package in the File name box, and then click Create.

Access creates the .accdc file and places it in the location that you chose.

Extract and use a signed package

  1. On the File tab, click Open.

The Open dialog box appears.

  1. Select Microsoft Office Access Signed Packages (*.accdc) as the file type.
  2. Use the Look in list to locate the folder that contains your .accdc file, select the file, and then click Open.
  3. Do one of the following:
    • If you chose to trust the security certificate that was used to sign the deployment package, the Extract Database To dialog box appears. Go to the next step.
    • If you have not yet chosen to trust the security certificate, the following message appears.

Advisory message

If you trust the database, click Open. If you trust any certificate from that provider, click Trust all From Publisher. The Extract Database To dialog box appears.

 Note   If you use a self-signed certificate to sign a database package and then click Trust all from publisher when you open that package, packages signed by using your self-signed certificates will always be trusted.

  1. Optionally, in the Save in list, select a location for the extracted database and then, in the File name box, enter a different name for the extracted database.

 Tip   If you extract the database to a trusted location, its contents will be automatically enabled whenever you open it. If you choose a non-trusted location, some database content may be disabled by default.

  1. Click OK.

If you are unsure of whether to trust a certificate, the article How to tell if a digital signature is trustworthy provides general information about checking the dates and other items in a certificate to help ensure that it is valid.

Top of Page Top of Page

Enable disabled content when you open a database

By default, Access disables all executable content in a database unless you either trust the database or place the database in a trusted location. When you open a database, Access disables the content and displays the Message Bar.

Message Bar

Also by default, Access no longer displays a set of modal dialog boxes (dialog boxes that require you to make a decision before you can do anything else) when you open a database, as it did in Access 2003. If you prefer that behavior, you can add a registry key and display an older modal dialog box.

Trust a database

Regardless of how Access behaves when it opens a database, if that database comes from a reliable publisher, you can choose to enable the executable components in the file — to trust the database.

  • On the Message Bar, click Enable Content.

 Important   When you click Enable Content, Access enables all disabled content, including potentially malicious code. If malicious code harms your data or your computer, Access cannot undo that damage.

Hide the Message Bar

  • Click the Close button (X) in the upper corner of the Message Bar.

The Message Bar closes. It will reappear the next time that you open the dataabse, unless you move the database to a trusted location.

Add the registry key to display modal dialog boxes

Caution      Incorrectly editing the registry may severely damage your operating system, requiring you to reinstall it. Microsoft cannot guarantee that problems resulting from editing the registry incorrectly can be resolved. Before editing the registry, back up any valuable data. For the most recent information about using and protecting your computer's registry, see Microsoft Windows Help.

  1. In Microsoft Windows, click the Start button, and then click Run.
  2. In the Open box, type regedit and then press ENTER.

The Registry Editor starts.

  1. Expand the HKEY_CURRENT_USER folder and navigate to the following registry key:

Software\Microsoft\Office\14.0\Access\Security

  1. In the right pane of the Registry Editor, right-click the blank area, point to New, and click DWORD Value. A new, blank DWORD value appears.
  2. Type the following name for the value: ModalTrustDecisionOnly.
  3. Double-click the new value.

The Edit DWORD Value dialog box appears.

  1. In the Value Data field, change the 0 value to 1, and then click OK.
  2. Close the Registry Editor.

Now when you open a database that contains unsafe content, you see a series of dialog boxes instead of the Message Bar. To revert to the original behavior, repeat these steps and change the 1 value to 0.

Top of Page Top of Page

Use a database password to encrypt an Access database

The encryption tool in Access combines and improves on two older tools — encoding and database passwords. When you use a database password to encrypt a database, you make all data unreadable by other tools, and you force users to enter a password to use the database. The encryption applied in Access 2010 uses a stronger algorithm than was used in earlier versions of Access.

 Note   If you used a database password in Access 2007 to encrypt a database, you might want to switch to the new encryption technology, which helps provide better security.

Switch an encrypted Access 2007 database to the new encryption technology

To switch to the new encryption technology, remove the current database password, and then add it back.

Encrypt by using a database password

  1. Open the database that you want to encrypt in Exclusive mode.

ShowOpen the database in Exclusive mode

  1. On the File tab, click Open.
  2. In the Open dialog box, browse to the file that you want to open, and then select the file.
  3. Click the arrow next to the Open button, and then click Open Exclusive.

Opening a file in Exclusive mode

  1. On the File tab, click Info, and then click Encrypt with Password.

The Set Database Password dialog box appears.

  1. Type your password in the Password box, and then type it again in the Verify field.

 Note    Use strong passwords that combine uppercase and lowercase letters, numbers, and symbols. Weak passwords don't mix these elements. Strong password: Y6dh!et5. Weak password: House27. Passwords should be 8 or more characters in length. A pass phrase that uses 14 or more characters is better. For more information, see Help protect your personal information with strong passwords.It is critical that you remember your password. If you forget your password, Microsoft cannot retrieve it. Store the passwords that you write down in a secure place away from the information that they help protect.

  1. Click OK.

Decrypt and open a database

  1. Open the encrypted database as you typically open any other database.

The Password Required dialog box appears.

  1. Type your password in the Enter database password box, and then click OK.

Remove a password

  1. On the File tab, click Info, and then click Decrypt Database.

The Unset Database Password dialog box appears.

  1. Type your password in the Password box, and then click OK.

Top of Page Top of Page

How security works with databases from earlier versions of Access opened in Access 2010

When you open a database that was created in an earlier version of Access, any security features applied to that database still work. For example, if you applied user-level security to a database, the feature works in Access 2010.

By default, Access opens all older untrusted databases in Disabled mode and keeps them in that state. You can choose to enable any disabled content each time you open the older database, or you can apply a digital signature by using a certificate from a trusted publisher, or you can place the database in a trusted location.

 Important   The steps in this section do not apply to databases that use one of the new file formats (*.accd?).

For databases in an older file format, you can apply a digital signature (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) to the components in the database. A digital signature confirms that any macros, code modules, and other executable components in the database originated with the signer and that no one has altered them since the database was signed.

To apply a signature to your database, you first need a digital certificate. If you create databases for commercial distribution, you must obtain a certificate from a commercial certificate authority (CA). Certificate authorities do background checks to verify that the people who create content (such as databases) are reputable.

To learn more about certification authorities that offer services for Microsoft products, refer to the See Also section.

If you want to use a database for personal or limited workgroup scenarios, Microsoft Office Professional 2007 provides a tool for creating a self-signed certificate. The steps in the following sections explain how to install and use a tool called SelfCert.exe to create a self-signed certificate.

Create a self-signed certificate

  1. Browse to the folder that contains your Office 2010 program files. The default folder is Drive:\Program Files\Microsoft Office\Office14. In that folder, locate and double-click SelfCert.exe.

The Create Digital Certificate dialog box appears.

  1. In the Your certificate's name box, type a name for the new test certificate.
  2. Click OK twice.

 Note   If you don't see the Digital Certificate for VBA Projects command, or you can't find SelfCert.exe, you might need to install SelfCert.

Code sign a database

 Note   Remember that these steps apply only when you are using databases that use an older database file format, such as an .mdb file.

  1. Open the database that you want to sign.
  2. On the Database Tools tab, in the Macro group, click Visual Basic to start the Visual Basic Editor.

Keyboard shortcut  Press ALT+F11.

  1. In the Project Explorer window, select the database or Visual Basic for Applications (VBA) project that you want to sign.
  2. On the Tools menu, click Digital Signature.

The Digital Signature dialog box appears.

  1. Click Choose to select your test certificate.

The Select Certificate dialog box appears.

  1. Select the certificate that you want to apply.

If you followed the steps in the previous section, select the certificate that you created by using SelfCert.

  1. Click OK to close the Self Certificate dialog box, and click OK again to close the Digital Signature dialog box.

Tips for signing earlier version databases

  • If you want to prevent users of your solution from accidentally modifying your VBA project and invalidating your signature, lock the VBA project before signing it.

 Note   Locking your VBA project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators might re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users may run on their computers.

  • When you digitally sign a VBA project, consider obtaining a timestamp so that others can verify your signature even after the certificate used for the signature has expired. See Microsoft Office Online for more information about VBA security and timestamps.

 Note   Remember that these steps apply only when you are using databases with an older file format in Access 2010.

Install SelfCert.exe

  1. Start your Office 2010 Setup CD or other installation media.
  2. In Setup, click Add or Remove Features, and then click Continue.

 Note   If you work in an environment in which Microsoft Office is installed on individual computers by IT administrators rather than by CD, follow these steps:

  1. In Microsoft Windows, open the Control Panel.
  2. Double-click Programs & Features.
  3. Select Microsoft Office 2010, and then click Change.

Setup starts.

  1. Click Add or remove features, and then click Continue.
  2. Continue with the following steps.
  1. Expand the Microsoft Office and Office Shared Features nodes by clicking the plus signs (+) next to them.
  2. Click Digital Certificate for VBA Projects.
  3. Click Run from My Computer.
  4. Click Continue to install the component.
  5. Click Close after the installation finishes, and then go back to the first set of steps in this section.

Top of Page Top of Page

Run unsafe expressions (disable sandbox mode)

When you add an expression to a database and you then trust the database or place it in a trusted location, Access runs that expression in an operating environment called sandbox mode. Access does this for databases that were created in either Access or earlier Access file formats. Access enables sandbox mode by default, and the mode always disables unsafe expressions, even after you trust a database. For more information about the expressions that sandbox mode disables, see the Microsoft Office.com article About Microsoft Jet Expression Service sandbox mode.

If you trust a database and you want to run an expression that sandbox mode disables, you can run that expression by changing a registry key and disabling sandbox mode. Remember that you must first trust a database to follow these steps.

The following drawing shows the decision process that you follow to run unsafe expressions.

The decision process for enabling or disabling sandbox mode

Caution      Incorrectly editing the registry may severely damage your operating system, requiring you to reinstall it. Microsoft cannot guarantee that problems resulting from editing the registry incorrectly can be resolved. Before editing the registry, back up any valuable data. For the most recent information about using and protecting your computer's registry, see Microsoft Windows Help.

If you are not familiar with the registry, or you are not comfortable with changing registry keys, contact someone who is, or consider converting the database from the earlier version of Access to the newer file format. Also, you must have administrator permissions on the computer to change the registry values.

Change the registry key

 Important   Following these steps allows unsafe expressions to run in all instances of Access for all users on the computer.

  1. In Microsoft Windows, click the Start button, and then click Run.
  2. In the Open box, type regedit and then press ENTER.

The Registry Editor starts.

  1. Expand the HKEY_LOCAL_MACHINE folder and navigate to the following registry key:

\Software\Microsoft\Office\14.0\Access Connectivity Engine\Engines

  1. In the right pane of the registry editor, double-click the SandboxMode value.

The Edit DWORD Value dialog box appears.

  1. In the Value Data field, change the value from 3 to 2, and then click OK.
  2. Close the Registry Editor.

Important    Remember that if you do not first trust the database, Access disables any unsafe expressions regardless of whether you change this registry setting.

Top of Page Top of Page

Try Office 2010 today!

 
 
Applies to:
Access 2010