Learn Microsoft Access Advanced Programming Techniques, Tips and Tricks.

Access Security Key Diagram

As you are aware implementing Microsoft Access Security is serious business. Even though this has been deprecated from Access2007 and later versions, thousands of Access Developers are still using this feature.  There are several pages of MS-Access Help text explaining the complexities of this feature and it is difficult to visualize how all of them fit together to form the security key.

I made an attempt here to put the main elements of Microsoft Access Security elements together into the form of a picture so that we will get a general idea as what all components are involved and where they are all kept for implementing Microsoft Access Security.  

It is important to regulate Users' roles and maintain security of data, integrity of various objects and VBA Code.

We already have several Articles discussing Microsoft Access Security. You can access these articles from the Security Sub-Menu from the Main Menu Bar on this site.

Microsoft Access Security can be divided into two parts:

  1. The first part of the Security elements (Workgroup File Id elements and User/Group Names, Personal IDs and Passwords), which resides within the Workgroup Information File. 
  2. Object level access rights information which resides within the Database, forms the second part.

When both parts are combined, consisting of fourteen pieces of security elements, becomes the full security key of a User.  See the Diagram given below:

The first three elements: Workgroup Name, Organization & Workgroup Id forms the unique Workgroup Information File identification elements. You must keep these information in a safe place, after creating the Workgroup Information File.  If you somehow got lost this file you must give these specific information to create this Workgroup Information File again.  MS-Access distinguishes one Workgroup Information File from the other using this unique information.

The next three elements: User or Group Name, Personal ID & Password are User specific information.  Group Account have only Group Names and Personal IDs, no passwords.  It is very important that you keep a record of the User/Group Names and their Personal ID information in a safe place.

The Group Security Account is only a means of organizing Users into different groups so that their access privileges can be assigned at Group level.  The Users inherits the access privileges assigned to the Users’ Group Account when they are added to the Group.

When you create a new Workgroup Information File, by default there will be only one User Account: Admin and two Group Accounts: Admins & Users .  The Admin User account is a member of the Admins & Users Group Accounts.  You cannot delete these two Group Accounts and any new User Account you create will be a member of the Users Group Account by default.  You cannot delete the Admin User Account either but it can be removed from the Admins Group Account as part of a security measure.

Members of the Admins Group have full administrative power to assign permissions to Objects and transfer ownership of objects (except the Database Object) to other User/Group accounts.

Here, one important aspect you have to keep in mind is that the Owner of the Database (the User who created the Database)/Object have equal privileges of an Administrator, a member of the Admins Group Account.  The Owner of an object can assign permissions, like an administrator, for other Users or transfer his ownership of the object to another User.  

Ownership of a Database Object cannot be transferred to anybody.  But, one who likes to take the ownership of a Database, he must create a new database and import all the objects (if, he has enough privileges to do that) into the new Database.

Share:

1 comment:

  1. [...] idea as how the Access Security Key elements assembled together to assign access privileges: http://msaccesstips.com/2011/10/acce...y-key-diagram/ If the tables are linked to the FE and the data can be read from there, then create Make-table [...]

    ReplyDelete

Translate



PageRank
Your email address:

Delivered by FeedBurner

Search

Infolinks Text Ads


Blogs Directory

Popular Posts

Search This Blog

Blog Archive

Powered by Blogger.

Labels

Forms How Tos Functions MS-Access Security Reports Animations msaccess animation msaccess forms Utilities msaccess controls Access and Internet MS-Access Scurity MS-Access and Internet Queries External Links msaccess reports msaccess tips Menus and Toolbars Accesstips MsaccessLinks Process Controls Art Work Downloads msaccess How Tos Graph Charts msaccessQuery List Boxes Command Buttons Emails and Alerts Query Combo Boxes Custom Wizards ms-access functions msaccess graphs msaccess reporttricks msaccessprocess security advanced Access Security DOS Commands Data Macros Menus Property Report Top Values VBA msaccess email msaccess menus progressmeter Access2007 Array Auto-Number Command Button Custom Functions Join Microsoft Numbering System Records Security Split SubForm Table Utility Workgroup database msaccess functions msaccess wizards Access2003 Accounting Year Action Animation Attachment Binary Numbers Budgeting Calculation ChDir Color Palette Conditional Formatting Controls Copy Data Filtering Data Type Defining Pages Diagram Disk Dynamic Lookup Error Handler Excel Export Expression External Field Type Fields Filter Form Form Instances Formatting Groups Hexadecimal Numbers Import Labels List Logo Macro Mail Merge Main Form Memo Methods Monitoring Object Reference Objects Octal Numbers Operating System Paste Primary-Key Product Rank Reading Rich Text Sequence SetFocus Summary Tab-Page Time Difference Union Query User Users Variables Water-Mark Word automatically commands function hyperlinks iSeries Date iif ms-access msaccess msaccess alerts pdf files reference restore switch text toolbar tutorial updating upload vba code

Featured Post

DIR Getting File Names From Folder

We all know Dir() Function from the time of Windows DOS Operating System.  This is the first Command introduced to those who sit on a Perso...

Labels

Blog Archive

Recent Posts