About securing an Access project

Microsoft Jet User-Level security can't be used with a Microsoft Access project (.adp) file or .ade file. Users should protect their copy of the Access project file using their computer's file system and periodically make a backup copy if they add their own forms or reports. If their copy of the Access project file is accidentally or unintentionally altered, users can recopy the file from their backup copy or its central location.

Strategies for protecting your project file and its objects are briefly described below and roughly arranged from least secure to most secure.

Show or hide objects in the Database window

This method of protection is the least secure because it is relatively simple to show any hidden objects.

Note that because tables, views, database diagrams, and stored procedures reside in the SQL Server database, you cannot hide these objects in the database window.

Using startup options

You use the startup options to specify or determine settings such as which form opens automatically when your Access project file opens and your Access project application's title and icon. In a new Access project file, the startup properties do not exist until a user makes a change to the default settings in the Startup dialog box.

Securing data access pages

To protect a data access page and the data it accesses, do the following:

Protect the Access project file containing the data access page's link, and the data access page's corresponding HTML file by using the file system security of the computer where you have stored these files.
Protect the database connected to the data access page by securing the database against unauthorized users, controlling the level of access to the data once a user logs in, and not saving the database password with the data access page.
Prevent unauthorized access from a malicious script by using Internet Explorer security options and using three-tier data access.

Securing Visual Basic for Applications (VBA) code

You can protect Visual Basic for Applications (VBA) code in modules and modules behind forms and reports with a password which you enter once per session. The password prevents unauthorized users from editing, cutting, pasting, copying, exporting, and deleting VBA code.

To protect your code, you can remove editable VBA code from your Access project file and prevent modifications to the code behind your forms and reports by saving it as an ADE file.

Securing a Microsoft SQL Server database

Secure SQL Server database objects

You can secure data and other database objects that are stored in an SQL Server database (tables, views, stored procedures, and database diagrams) by doing the following:

Encrypt views, stored procedures and triggers. You can encrypt views to prevent a user from changing the view. You can also encrypt stored procedures and triggers when you edit them by using Transact-SQL Statements (for example, CREATE PROCEDURE...WITH ENCRYPTION).
Important Once you encrypt a view, you can't change the design of that view. If you anticipate the need to revise an encrypted view, save the SQL statements in a text file in a secure location before you encrypt it. You can then delete the encrypted view, change the saved view, and re-encrypt it.
Implement full security features using the SQL Server Enterprise Manager. See the SQL Server documentation.

Control logging on to SQL Server

From a Microsoft Access project, you can administer basic security tasks by using the Database Security command to add, edit, or delete server logins, database users, and database roles. You must have SQL Server installed on the same computer as the Access project for these commands to work.

SQL Server provides two security methods for validating logins to the SQL Server database:

SQL Server security, which uses SQL Server user names and passwords.
Windows NT integrated security, which uses Windows NT account user names. In this case, Windows NT authenticates a user when they log on, and SQL Server accepts Windows NT accounts without requiring a secure log on.