Access 2000 MDB security - Password or Group Level Security using VB6?

Posted on 2011-04-22
Last Modified: 2012-05-11
I would like to attach security to an Access 2000 MDB that is part of an application that will be released shortly for distribution to a group of customers.

I have looked at Access password security and also Group Level security.

Was wondering if one method offers more security than the other?

The application using Access 2000 mdb is a VB6 desktop program.

Is it even possible to use the Group Level security method that would allow access from within the VB6 program when the MDB is opened by passing the Group Level password?

Thanks for any input here.
Question by:morrisbo
    LVL 42

    Accepted Solution

    With a VB6 application, security credentials are passed in the connection string. So, you will pass a userid/password that is established by the VB6 application.  That user will then gain it's own permissions plus those granted to any group it is a member of.  

    If you want to forgo individual userids, then you can certainly share a "group" userid amongst many individuals and just pass that in the connection string.
    LVL 42

    Expert Comment

    I forgot to mention, in addition to the userid/password, the connection string must identify the access .mdw file with the "SystemDB=path_to_your_workgroup_file" parameter.

    I don't think one method is any more secure than the other and, truth-be-told, neither is very secure.  However, administering security at the group level is usually less work.
    LVL 84

    Assisted Solution

    by:Scott McDaniel (Microsoft Access MVP - EE MVE )
    As dqmq said, both methods are not overly secure, but with ULS you'd have more control over individuals. For example, if you have Manager group, and that group should be the only one who can review the data in tblEmployees, then you can define that using ULS.

    ULS is quite tricky, and in general it's not something that is easy to install after the fact. This is generally something that is done during development, since it can take quite a bit of time to fully implement and test. That said. in order to correctly implement security on your Access database, see this page:

    Once you do that, you can then implement the methods suggested by dqmq to properly connect to your secured Access database.


    Author Comment

    After reviewing the comments and further research on this I wanted to add some additional information and indicate what I think the approach of adding security should be.

     I appreciate your input and any additional comments that might be offered. The link provided for additional access security was very helpful.

    The VB6 program provides userid and password security internally to limit access to the data
    provided from within the program. It provides for an Administrator and sub users the ability
    to enter their ID and associated password. Only the Administrator may add user ids

    This would prevent anyone without a password from accessing the data from within the program.

    The purpose of considering Access Password security would be to protect the user passwords from
    compromise thru viewing the access table containing User IDs and Passwords by running Access directly.

    Now my thinking is that we should encript the user passwords before placing  in the proper table.

    Also, we would like to protect the proprietary structure and identity of the various tables and fields.

    Our approach would be to add the password facility directly using the Access 2000 program itself prior to releasing the software for sale.

    The software program would be modified to pass the access password with the connection string.

    Thanks for your comments.  Really appreciate your help here.

    LVL 84
    The Access 2000 password is easily broken, and in fact there are hundred of free programs available that will do this, so please don't think that setting the Access password is any form of real security.

    Your approach, as stated above, should work to keep the overwhelming majority of people out of your data - it'll keep honest people honest, in other words :)).  If someone wants to get at your data, it'd take them about 30 seconds to find a program, download it and run it, so just be aware of this as you move forward.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    Basics of query design. Shows you how to construct a simple query by adding tables, perform joins, defining output columns, perform sorting, and apply criteria.
    In Microsoft Access, learn how to “cascade” or have the displayed data of one combo control depend upon what’s entered in another. Base the dependent combo on a query for its row source: Add a reference to the first combo on the form as criteria i…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now