• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 73
  • Last Modified:

What is the best way to secure an Access database?

I want to set the permissions on the folder/file so that people can open and use the Access file using Access runtime yet not be able to rename the file.
How should I set the permissions on the folder and file to secure it?
0
emeschke
Asked:
emeschke
  • 3
  • 2
  • 2
  • +3
1 Solution
 
Pawan KumarDatabase ExpertCommented:
Please refer this -

https://www.experts-exchange.com/questions/29071308/If-I-encrypt-a-value-will-anyone-With-Access-be-able-to-decrypt-it.html?notificationFollowed=200998910#a42388121

MS ACCESS will only encrypt your data but wont provide security. You need to use a database engine like SQL Server. No security on files etc,,
0
 
Scott McDaniel (Microsoft Access MVP - EE MVE )Infotrakker SoftwareCommented:
I'm not sure what a discussion about encrypting data in a database has to do with this question ...

You cannot restrict users from accessing the folder hosting your Jobboss database. In order to be able to use an Access database, users must have Read/Write/Create/Destroy permissions on the Folder. You can remove the Delete permissions from the FILE (i.e. the Access file), but that's about it.

As others have said, if you want true data security you'll have to move to a more robust database engine.
1
 
emeschkeAuthor Commented:
We are using SQL as the backend database. Hopefully removing the delete permissions will be enough...
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
PatHartmanCommented:
This isn't my area of expertise but I believe that you can hide a directory so that users cannot see it using file manager.  they need transit or something like that permission to get through the invisible path.  You need to talk to someone expert in Windows permissions.  I added another topic that might attract the expert you need.
0
 
Pawan KumarDatabase ExpertCommented:
We are using SQL as the backend database. Hopefully removing the delete permissions will be enough...
>> Yes you can set the deny permission for delete and it will work.

For files we can set the encryptions so that no one can read and delete and access it. Eg. TDE.
0
 
Gustav BrockCIOCommented:
You should leave the frontend on a shared network folder where users have been granted read-only rights.
Then copy the frontend file to the user's local drive and launch it from there.

This can be controlled from a shortcut at the user's Desktop and a script as described here (Citrix not needed):

Deploy and update a Microsoft Access application in a Citrix environment

This will also take care of distribution of updates to the frontend.

/gustav
0
 
Scott McDaniel (Microsoft Access MVP - EE MVE )Infotrakker SoftwareCommented:
If you're using SQL, then unless you're running some sort of wacky security setup a Standard User would not be able to delete the actual database file.

If you're referring to the Frontend file (i.e. the one with the Forms, Reports, etc), then Gustav has the best solution for that - just move a copy of the FE to each user's desktop when they launch the program. They could rename it to their heart's content and it wouldn't make a difference.
0
 
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
What is it exactly that you are trying to prevent?

  People looking at the code?   You mention renaming; what does it mean to you if they could rename the file?

 Since your data is in SQL server, that is protected by SQL security.   That leaves the "Front end", which as gustav pointed out, everyone should be getting their own copy anyway and the "master copy" should be in a directory where everyone only has read rights.

 But once they have a copy of it, they would be able to do anything they want with it.  i.e. take a copy home and use a full version of Access on it.

 If your trying to protect the code,  then you'll need to distribute the front end as a .accde to prevent that.

Jim.
0
 
emeschkeAuthor Commented:
We will give the local file idea a try.

Thanks,
Ellis
0
 
emeschkeAuthor Commented:
We installed it on a terminal server and deployed it via Group Policy. This seems to be the most secure way at the moment.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now