Password protection for database with multiple users

  • Thread starter Thread starter Courtney
  • Start date Start date
C

Courtney

Hello and thanks in advance for any help you can offer!

I have created a database which will be accessed by several users. Legally,
not all of these individuals are allowed to have access to some of the
information we would like to keep on the database. Currently, we plan to
keep this information in subforms. Is it possible to password protect
subforms? Is there another way we could keep this information secure? Or is
this information better kept off the database?

Kind regards,
 
Courtney said:
Hello and thanks in advance for any help you can offer!

I have created a database which will be accessed by several users.
Legally, not all of these individuals are allowed to have access to
some of the information we would like to keep on the database.
Currently, we plan to keep this information in subforms. Is it
possible to password protect subforms? Is there another way we could
keep this information secure? Or is this information better kept off
the database?

Kind regards,

If your security needs have *legal* reasons then your data should not be in
an Access/Jet database. There is much you can do to slow down people with
no knowledge of Access, but for an informed person or one who knows how to
search the internet there is nothing you can do to prevent them from seeing
all of the data.

Your data needs to be in a server database like SQL Server. That is the
only way to reliably achieve what you are describing.
 
Hi Courtney,

It all depends on the level of security your trying to achieve. Most people
using Access work in small workgroups (several users). Access has a very good
security model for a user-type database. You can create forms that are only
accessible to authorized users. You can set it up so that it requires users
to log in and identify themselves using passwords, etc. You can even create
groups of users where some groups can have read-only access to data. You can
create accounts for users and when they quit, you can delete their accounts.

Here's where things get a little sticky with Access:

Creating a database in Access means that a file is created in your hard
drive (with extension .mdb). This file can easily be copied onto a portable
disk or USB memory drive (or even emailed). It is treated like any other file
on your computer (like a Word or Excel file).

The advantage with Access is that you can secure the file so that even if
someone steals the file they cannot simply open it at home. A good programmer
with enough knowledge of the Access Security model can secure the database
enough so that employees cannot simply bring it home and open the database.
The programmer would have to use the Access user-level security model to
create a separate file that holds all valid accounts ( this will have an .mdw
extension). Once this is done, you cannot open the database without this
second file.

However (yes there is a "However")
If one of your users has a valid account and a valid password then he or she
can copy the .mdb file AND the .mdw file, bring them home, and with enough
knowledge of the Access security model, yes, they can open it at home. So the
question now is: How well do you trust the users of the database? In most
companies I've worked with, this is more than enough. What I tell my clients
is this: Only use the database at work within a secure computer network. In
some cases, I've seen users bring a copy at home to work on it at home and
then bring back the file the next day and replace the updated copy. This
could be a good thing in some cases. Access gives you that flexibility if you
need it (something you can't easily do in a Server-based database).

However (yes, there is a third)...
If the .mdb file containing the data gets into the hands of someone that
really, really wants to get to the data (a determined individual), well,
there are tools out there that hackers can use to get into the file and read
the database. But this individual must first get his hands on the file (maybe
an employee gives it to him), or if he has access to the folder from another
department within the network, etc.

In my opinion, if you're forced to work with a PC-based database, Access is
your best option.

The question now is: Is this enough security for your needs?
Like I said before, I've worked for large corporations that use Access and
they don't worry about it because they trust the employees, and most are
working within small groups anyways.

But if you work with very, very sensitive data, like credit card numbers,
or anything that will make the evening news, then you'll need to go with a
Server-based database. Then again, even with a Server-based database, the
employees need to be trusted too.

Hope this helps,

Ray
 
Don't overlook the concept of a 2nd Front End for the outsiders use

And a 2nd BackEnd with only the secure info.

The insiders FE can link to tables in both backends while the outsiders FE
only link to one backend.
 
Back
Top