Learn Microsoft Access Advanced Programming Techniques, Tips and Tricks.

Access Security Key Diagram

Introduction

As you are aware implementing Microsoft Access Security is serious business. Even though this has been deprecated from Access2007 and later versions, thousands of Access Developers are still using this feature.  There are several pages of MS-Access Help text explaining the complexities of this feature and it is difficult to visualize how all of them fit together to form the security key.

I made an attempt here to put the main elements of Microsoft Access Security elements together into the form of a picture so that we will get a general idea as what all components are involved and where they are all kept for implementing Microsoft Access Security.  

It is important to regulate Users' roles and maintain security of data, integrity of various objects and VBA Code.

We already have several Articles discussing Microsoft Access Security. You can access these articles from the Security Sub-Menu from the Main Menu Bar on this site.

Microsoft Access Security - Two Sections.

  1. The first part of the Security elements (Workgroup File Id elements and User/Group Names, Personal IDs and Passwords), which resides within the Workgroup Information File. 
  2. Object level access rights information which resides within the Database, forms the second part.

When both parts are combined, consisting of fourteen pieces of security elements, becomes the full security key of a User.  See the Diagram given below:


Workgroup FileID.

The first three elements: Workgroup Name, Organization & Workgroup Id forms the unique Workgroup Information File identification elements. You must keep these information in a safe place, after creating the Workgroup Information File.  If you somehow got lost this file you must give these specific information to create this Workgroup Information File again.  MS-Access distinguishes one Workgroup Information File from the other using this unique information.


User Specific Credentials.

The next three elements: User or Group Name, Personal ID & Password are User specific information.  Group Account have only Group Names and Personal IDs, no passwords.  It is very important that you keep a record of the User/Group Names and their Personal ID information in a safe place.

The Group Security Account is only a means of organizing Users into different groups so that their access privileges can be assigned at Group level.  The Users inherits the access privileges assigned to the Users’ Group Account when they are added to the Group.

When you create a new Workgroup Information File, by default there will be only one User Account: Admin and two Group Accounts: Admins & Users .  The Admin User account is a member of the Admins & Users Group Accounts.  You cannot delete these two Group Accounts and any new User Account you create will be a member of the Users Group Account by default.  You cannot delete the Admin User Account either but it can be removed from the Admins Group Account as part of a security measure.

Members of the Admins Group have full administrative power to assign permissions to Objects and transfer ownership of objects (except the Database Object) to other User/Group accounts.


Database Owner.

Here, one important aspect you have to keep in mind is that the Owner of the Database (the User who created the Database)/Object have equal privileges of an Administrator, a member of the Admins Group Account.  The Owner of an object can assign permissions, like an administrator, for other Users or transfer his ownership of the object to another User.  

Ownership of a Database Object cannot be transferred to anybody.  But, one who likes to take the ownership of a Database, he must create a new database and import all the objects (if, he has enough privileges to do that) into the new Database.

Share:

1 comment:

  1. [...] idea as how the Access Security Key elements assembled together to assign access privileges: http://msaccesstips.com/2011/10/acce...y-key-diagram/ If the tables are linked to the FE and the data can be read from there, then create Make-table [...]

    ReplyDelete

Comments are subject to moderation before publishing.

Translate



PageRank
Subscribe in a reader
Your email address:

Delivered by FeedBurner

Search

Popular Posts

Search This Blog

Blog Archive

Powered by Blogger.

Follow by Email

Labels

Forms Functions How Tos MS-Access Security Reports Class Module msaccess forms Animations msaccess animation Utilities msaccess controls Access and Internet MS-Access Scurity MS-Access and Internet Array External Links Queries msaccess reports msaccess tips Accesstips Downloads Objects Property Collection Object Event Menus and Toolbars Controls MsaccessLinks Process Controls WithEvents Art Work msaccess How Tos Combo Boxes Graph Charts List Boxes VBA msaccessQuery Command Buttons Dictionary Object Form Report Calculation Command Button Data Emails and Alerts Query RaiseEvent Custom Functions Custom Wizards DOS Commands Data Type Object Reference ms-access functions msaccess functions msaccess graphs msaccess reporttricks Item msaccessprocess security advanced Access Security Add Auto-Number Field Type Fields Form Instances Key Macros Menus SubForm Top Values Variables msaccess email msaccess menus progressmeter Access2007 Copy Excel Expression Join Methods Microsoft Numbering System Records Recordset Security Split Table Time Difference Utility Workgroup Wrapper Classes database function ms-access msaccess wizards reference text tutorial vba code Access2003 Accounting Year Action Animation Attachment Binary Numbers Bookmarks Budgeting ChDir Color Palette Conditional Formatting Data Filtering Defining Pages Diagram Disk Dynamic Lookup Error Handler Export External Filter Formatting Groups Hexadecimal Numbers Import Labels List Logo Macro Mail Merge Main Form Memo Monitoring Octal Numbers Operating System Paste Primary-Key Product Rank Reading Remove Rich Text Sequence SetFocus Summary Tab-Page Tables Union Query User Users Water-Mark Word automatically commands hyperlinks iSeries Date iif msaccess msaccess alerts pdf files restore switch toolbar updating upload

Featured Post

Opening Access Objects from Desktop

Frequently Used Methods. Set the Form Name in Display Form Option of Current Database in Access Options . BIG DEAL!, this is the first t...

Labels

Blog Archive

Recent Posts