[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


How to secure an MS Access database with a CAC (common access card)?

Posted on 2009-12-17
Medium Priority
Last Modified: 2012-05-08
Hi, I'm not an MS Access guru, but I have been asked about possible ways to secure an Access database using a CAC (US DoD common access card) (which is a type of Smart Card).  Please also discuss how to administer rights to some individuals but not others based on the CAC's ID, and any potential problems relating to expiration of CAC IDs, etc.  

Points will be shared among all contributors with unique and coherent answers.
Question by:InkEye
LVL 85

Accepted Solution

Scott McDaniel (Microsoft Access MVP - EE MVE ) earned 2000 total points
ID: 26079515
How are the CAC ID's processed? That is, I assume there is some form of API involved with the smart cards which would be integrated in the operating system - this is where you'd have to explore your options. I would assume the smart cards would authenticate the user and perhaps log them into their own roaming profile. From there, your Access application would have to retrieve that information and work from there.

First - understand that Access has no real builtin security. If I can open an Access database, then generally speaking I can get to every part and piece of that database. Note that versions before 2007 did have User Level Security, which could prohibit me from interacting with certain parts of the application, but ULS is easily broken and thus would not be considered secure (in terms of DoD stuff, anyway). There are ways of hiding certain parts, and you can make it more difficult for users to get to those parts, but be forewarned - you MUST provide users with Read/Write access to the folder hosting the database, and if you do that, then users can always get to the file.

That said - with Access you can build a permissions strucuture which would allow you to let UserA see FormA (but not FormB), and then let UserB see FormC, FormD and FormE but not print Report1, etc etc. This can be a useful navigation structure, but provides no real security. There are many tutorials out there about building a structure like this. If you're interested in doing this, let us know and we'll see what can be done.

I don't think you'd have any issues with expiring CAC ID's, IF you structure your app such that when a CAC expires, you would still maintain that "users" rights in the database - in other words, your Access database rights would be completely separate from the CAC user's, but would be related.

Author Closing Comment

ID: 31667547
Well, I left it open for as long as practical.  I wish the answer could be otherwise, but you gave the cold hard truth.  You get all the points!  Thanks for your answer.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re using QODBC to update QuickBooks data from Microsoft® Access but Access is not showing the updated data, you could have set up QODBC incorrectly.
Windows Explorer lets you open cabinet (cab) files like any other folder. In VBA you can easily handle normal files and folders, but opening and indeed creating cabinet files takes a lot more - and that's you'll find here.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question