Access 2007 uses Windows Security. Is Windows Security secure
enough for you? If not, you should not use Windows.
Windows Security does not give you record-level security. Do you
need record-level security? i.e. some people can see some data,
other people only see other data? If you need record-level security,
you need an additional record-level security system.
The record-level security system in MDB files is very old, does
not use Windows Security, and is not secure. If you need secure
record-level security, you should use MS SQL Server (or MySQL
or Oracle, but only if you already use those systems) with Access.
The role-based security system in Access is also very old,
does not use Windows Security, and is not secure. If you need
secure role-based security, you should not use Access. You
should use C++ or C# or VB.net, so that a connection can
be associated with certificate. If you use Access, there is no
secure way to prevent a user from using Excel to do anything
that the same user can do in Access.
Access is just as secure as your corporate server is. It does not
make your corporate server less secure. It does not add any
new security features to your corporate server.
If you need new features, you need to add a new service that has
the new features. Adding a new service, or a new server, is
automatically less secure. Adding a new Oracle or MySQL server
will give you a new security weakness, will not make you more
secure, but will give you new things you can do.
If you need to securely do things that Access cannot securely do,
you need to a new service to do those things. It is not about if
Access/Windows is secure enough: Windows 3.1 was not secure.
Windows 98 was not secure. Windows Server 2003 is secure if
you secure it.
Word doc files on your corporate server are secure enough if
properly secured, but may not have all the database features
you want. Email files on your corporate server are secure enough
if properly secured, but may not have all the database features
you want. XLS files on your corporate server are secure enough
if properly secured, but may not have all the database features
you want. MDB files on your corporate server are secure enough
if secured properly, but may not have all the database features
you want. MSACCESS.exe on your workstation using Oracle
is secure enough if properly secured, but may not have all the
database features you want.
In particular, secure record-level access control is not available
with MDB files: (insecure record-level access control is available),
and secure role-based access is not available with MSACCESS
(insecure role-based access control is available). Secure table-
level access control is difficult to implement, and would also be
a reason for choosing Access with MySQL/Oracle/SQL Server
instead of Access with MDB.
(david)