How to secure an MS Access database with a CAC (common access card)?

Posted on 2009-12-17
Last Modified: 2012-05-08
Hi, I'm not an MS Access guru, but I have been asked about possible ways to secure an Access database using a CAC (US DoD common access card) (which is a type of Smart Card).  Please also discuss how to administer rights to some individuals but not others based on the CAC's ID, and any potential problems relating to expiration of CAC IDs, etc.  

Points will be shared among all contributors with unique and coherent answers.
Question by:InkEye
    LVL 84

    Accepted Solution

    How are the CAC ID's processed? That is, I assume there is some form of API involved with the smart cards which would be integrated in the operating system - this is where you'd have to explore your options. I would assume the smart cards would authenticate the user and perhaps log them into their own roaming profile. From there, your Access application would have to retrieve that information and work from there.

    First - understand that Access has no real builtin security. If I can open an Access database, then generally speaking I can get to every part and piece of that database. Note that versions before 2007 did have User Level Security, which could prohibit me from interacting with certain parts of the application, but ULS is easily broken and thus would not be considered secure (in terms of DoD stuff, anyway). There are ways of hiding certain parts, and you can make it more difficult for users to get to those parts, but be forewarned - you MUST provide users with Read/Write access to the folder hosting the database, and if you do that, then users can always get to the file.

    That said - with Access you can build a permissions strucuture which would allow you to let UserA see FormA (but not FormB), and then let UserB see FormC, FormD and FormE but not print Report1, etc etc. This can be a useful navigation structure, but provides no real security. There are many tutorials out there about building a structure like this. If you're interested in doing this, let us know and we'll see what can be done.

    I don't think you'd have any issues with expiring CAC ID's, IF you structure your app such that when a CAC expires, you would still maintain that "users" rights in the database - in other words, your Access database rights would be completely separate from the CAC user's, but would be related.

    Author Closing Comment

    Well, I left it open for as long as practical.  I wish the answer could be otherwise, but you gave the cold hard truth.  You get all the points!  Thanks for your answer.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
    Using Microsoft Access, learn some simple rules for how to construct tables in a relational database. Split up all multi-value fields into single values: Split up fields that belong to other things into separate tables: Make sure that all record…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now