As you are aware implementing Microsoft Access Security is serious business. Even though this has been deprecated from Access2007 and later versions, thousands of Access Developers are still using this feature.  There are several pages of MS-Access Help text explaining the complexities of this feature and it is difficult to visualize how all of them fit together to form the security key.

I made an attempt here to put the main elements of Microsoft Access Security elements together into the form of a picture so that we will get a general idea as what all components are involved and where they are all kept for implementing Microsoft Access Security.  

It is important to regulate Users’ roles and maintain security of data, integrity of various objects and VBA Code.

We already have several Articles discussing Microsoft Access Security. You can access these articles from the Security Sub-Menu from the Main Menu Bar on this site.

Microsoft Access Security can be divided into two parts:

  1. The first part of the Security elements (Workgroup File Id elements and User/Group Names, Personal IDs and Passwords), which resides within the Workgroup Information File. 
  2. Object level access rights information which resides within the Database, forms the second part.

When both parts are combined, consisting of fourteen pieces of security elements, becomes the full security key of a User.  See the Diagram given below:

Access Security Key

The first three elements: Workgroup Name, Organization & Workgroup Id forms the unique Workgroup Information File identification elements. You must keep these information in a safe place, after creating the Workgroup Information File.  If you somehow got lost this file you must give these specific information to create this Workgroup Information File again.  MS-Access distinguishes one Workgroup Information File from the other using this unique information.

The next three elements: User or Group Name, Personal ID & Password are User specific information.  Group Account have only Group Names and Personal IDs, no passwords.  It is very important that you keep a record of the User/Group Names and their Personal ID information in a safe place.

The Group Security Account is only a means of organizing Users into different groups so that their access privileges can be assigned at Group level.  The Users inherits the access privileges assigned to the Users’ Group Account when they are added to the Group.

When you create a new Workgroup Information File, by default there will be only one User Account: Admin and two Group Accounts: Admins & Users .  The Admin User account is a member of the Admins & Users Group Accounts.  You cannot delete these two Group Accounts and any new User Account you create will be a member of the Users Group Account by default.  You cannot delete the Admin User Account either but it can be removed from the Admins Group Account as part of a security measure.

Members of the Admins Group have full administrative power to assign permissions to Objects and transfer ownership of objects (except the Database Object) to other User/Group accounts.

Here, one important aspect you have to keep in mind is that the Owner of the Database (the User who created the Database)/Object have equal privileges of an Administrator, a member of the Admins Group Account.  The Owner of an object can assign permissions, like an administrator, for other Users or transfer his ownership of the object to another User.  

Ownership of a Database Object cannot be transferred to anybody.  But, one who likes to take the ownership of a Database, he must create a new database and import all the objects (if, he has enough privileges to do that) into the new Database.