Building a security door to an Access database

access| Security | data | Databases under Office 2000, Access databases are more secure. In addition to setting password protection for the database, encoding and compressing the database, you can also enable user-level security to control access to the database at the user level.

　One, the database sets the password

For a stand-alone database or a database that requires a workgroup share, it is more appropriate to set up password protection only. The members of the group who know the password have full operational rights to the database, and there is no difference between the permissions they use. To set a password, follow these steps:

Starts Microsoft Access, cancels the point in the pop-up Selection window, and does not open any databases.

Click on the menu: file---Open, in the pop-up open window, select the database file you want to open. Then, on the right expand arrow on the Open button, click Select to open exclusively, and open the selected database in exclusive mode.

On the Access Window menu, click: Tools-Security-set the database password. In the pop-up password and validation input box, enter the password, note that the case is case-sensitive, and keep in mind. Then click the OK button.

Close the database, exit the access environment, and complete the password. The next time you open this database, you will be prompted for a password and the password is correct to open the database.

To copy a database, do not use the database password. If you set a password, the replicated database will not be synchronized. The password for the database is placed with the database file rather than in the workgroup information file.

　Second, the database compression code

In order to further encrypt and protect the database, the database can be encoded and compressed. This will not be possible to view the contents of this database using software such as other tools or word processing. It does not affect the user's use under Access. The steps for encoding are as follows:

Starts Microsoft Access, cancels the point in the pop-up Selection window, and does not open any databases.

Click menu: Tools-Security-encrypt/Decrypt database.

In the pop-up database encryption/Decryption window, select the database to encode, click the OK button.

After the database is encrypted, save as a window, enter the encoded filename in the file name input box, and click the Save button. The encoded compressed database is saved as another file.

　Third, user-level security mechanisms

With user-level security, you can protect your database more flexibly and securely. Under this security mechanism,

Set up user and workgroup accounts in Access-associated workgroup information files to manage users, and to manage object permissions in a specific database, specifying permissions for users and workgroups individually. The user must enter a user name and password to open the database, and the operation of the database is limited by the permissions.

1. Working Group information file

In Microsoft Access, the information accounts for users and workgroups are stored in the workgroup information file, which uses the workgroup information file to manage users and workgroups. The default workgroup information file is: C:Program filesmicrosoft officeofficesystem.mdw.

Users can also create their own workgroup information files to divide and manage users and workgroups according to their needs, typically in Secured.mdw files located in the working directory where the database resides, and, of course, the user can specify the file name and location, but the file extension cannot be changed.

The workgroup information file corresponds to the entire Access association and is valid in the context of the Access runtime, rather than the corresponding database. Each time access starts, you read the workgroup information file to get the user and workgroup account information. The default is to read the default workgroup information file System.mdw, but users can specify which workgroup information file the access is associated with: Run the workgroup information manager Wrkgadm.exe, usually in C:Program FilesMicrosoft Officeoffice already has a shortcut to the program MS Access Workgroup Administrator can create a new workgroup information file or specify Access to join a workgroup information file. You can also specify a joined workgroup information file by using the command line startup parameter option/WRKG < workgroup information file name > When you start Access.

2. Management of the Working Group's information files

Start the MS Access Workgroup Administrator shortcut, in the Workgroup Administrator window, the Point join button to change the workgroup information file to join when Access starts: Specify the path name of the file in the workgroup information File window that pops up. Point creation button, you can create a new workgroup information file: In the Workgroup ownership Information window that pops up, enter the workgroup name, organization, workgroup ID three items. Enter the storage path and name of the workgroup information file database in the workgroup information File window. This allows you to create a new workgroup information file, and you have established an association.

The workgroup ID is the only unique identity of the workgroup that distinguishes it from other workgroup information files and must be saved and rebuilt if necessary.

Under Access, click the menu: Tools-Security-user-Level Security Wizard, select the new workgroup information file, or create a new workgroup information file.

3. Security mechanism

Under User-level security, each user has a user name, personal identification (PID), the unique security identifier (SID) and password generated by the encryption algorithm based on the name and PID, each workgroup has a unique workgroup name, personal identification (PID), security identification (SID), the group has no password, and cannot log in with the group name.

The user and group's personal identity (PID) is unique and consists of 4~20 characters, case-sensitive. The security ID of the user and group, which is generated by the encryption algorithm of name and PID, is unique.

In the workgroup information file (which is actually a special Access database), the user and group name, sid, password information, the SID of the user and group, and the user's password are saved in the table msysaccounts, in binary form. In table msysgroups, a control relationship between the workgroup SID and the user SID is stored to determine which group the user belongs to. Both tables are hidden system tables.

Users and groups, for the database machine, the corresponding operational permissions between the objects are not saved in the workgroup information file, but stored in the database file, is different from the database. In an Access database (. mdb) file, there is a hidden system table msysaces, which holds the user and group SID and the identity IDs of the corresponding database objects, as well as Operation permission information. This represents the corresponding and operational permission relationships between users and groups and database objects.

When the user opens the database, Microsoft Access looks for the user's SID in the Msysaccounts table of the workgroup information file based on the user's name and password, and if not, the prompt account is invalid and the user's SID is found. The SID of the group to which the user belongs is found in the Msysgroups table. Depending on the SID of the users and groups that are found, the database object ID and its permission information are also located in the Msysaces table of the databases (. mdb), which determines what database objects users and groups can access and what operational permissions they have.

4. Users and Working Groups

In the default workgroup information file System.mdw, the default is three accounts: Admin, Creator, Engine, where Creator and Engine are built within the Microsoft Jet database engine and cannot be interfered with by the user. Admin Account Admin, is the only default account that has all the permissions on all objects in the database, and in Chinese access the account name can be either "admin" or "admin" in English.

In the default workgroup information file, two workgroups are set up by default: The Administrators group and the user group.

By default, the user starts access with the admin account and does not need to enter a user name and password because its name is admin default and the initial password is empty. To start Access using this default method, then click the Menu tool-security-user and group account, in the User and Group account window, select the Change Login Password tab, in the old password input box Hollow, new password, verify the input box to fill in the new password, you can add a new password for the administrator account. If you are not logged in by default, you can change your password by simply filling in the old Password entry box. For other users, you can change your password as well. When you set a password, and then start Access to open the database, you will be asked to enter a user account.

The SID for the administrator account is the same for all workgroup information files, which means that you can use an administrator account to access all native access databases, regardless of which workgroup information file is associated with access to start the system.

The user who created the object is the owner of the object and has full permissions. Even if the administrator revokes permissions, you can enter the user and Group Permissions dialog box to assign permissions to yourself. Administrators cannot permanently revoke permissions on object owners, but can change the owner of an object. Therefore, in addition to the Administrator to control the right, but also timely change the owner of the object in order to ensure security.

5, User and workgroup management and authority

Set up workgroups for the convenience of assigning and managing permissions, you can assign user partitions to workgroups, and then grant permissions to workgroups without having to authorize users one by one. The default Administrators group and user groups are generally ready for use and have all the permissions by default. The SID for the Administrators group is the same for all workgroup information files, and the user group's SID is different for all workgroup information files. All users belong to the user group.

Administrators have full permissions, and the user's permissions are best derived from the user group rather than the individual authorization. For security purposes, you should not have full permissions for the user group.

For user and group management, you can follow these steps:

To start Access, you must log on with the administrator's account.

Open the database that you want to manage.

Click menu: Tools-Security-user and group account, enter the user and Group Management window, where you can create new users, new groups, assign users to a group, change the login password, delete users, delete groups, clear user password, etc.

Click menu: Tools-Security-user and group permissions, access to the user and Group Rights Management window, in which you can set each user, what object, what action permissions, can also change the owner of the object. You can switch settings settings in the selection of users, groups, and object types.

For more thorough security, you can set up a separate administrator account, grant all the permissions, and delete the default Administrator account (from the Administrators group and not delete it completely). Then remove all permissions for the administrator and user groups. The owner of all objects should be the new administrator account. This ensures that only the newly created administrator account can access the database.

Revoke user-level security: Assign administrators to the Administrators group, have null passwords, allocate all permissions for all objects in the database to user groups, and assign ownership of all objects to the administrator.

6. User-level Security wizard

You can use the user-Level Security wizard to establish user-level security for the database. Backup the database just in case before running the wizard. From the menu: Tools-Security-Set Security Wizard, you can start the wizard. Follow the prompts to set up operations, you can set up a good group, users, permissions and other security.

　Protecting the database with. mde files

An MDE is a compiled, special form of a database in which most objects can only be executed and cannot be modified. It is also not possible to import and export objects.

Click Tools-Database Utility-generates >MDE files and can enter the Save window.

Specify the original database location and name, specify the location and name of the MDE file you want to save, and click Save to complete.

The security of an Access database is fundamentally less complete than a server-level database such as SQL Server. But for the database management applications on the desktop, these security confidentiality can already meet the requirements of the use.