Securing Your Database Without Asking Users to Log On

If you want to secure some objects in a database but you don’t need to grant various permissions to different groups of users, you might want to consider securing your application without asking users to log on. If you have secured your application properly, the Admin user should no longer be a member of the Admins group.

Û To secure your application without asking users to log on

1. Follow the procedures to secure a database with the User-Level Security Wizard in the “Securing Your Database with Microsoft Access” section earlier in this chapter.
   
   
2. While logged on as a member of the Admins group, assign the permissions to the Admin user for objects you want to be available to all users. Typical permissions may include Read Data and Update Data permissions for tables and queries, and Open/Run permission for forms and reports. Don’t give the default Admin user the permission to modify the design of tables and queries, or Administer permission for the database.
   
   
3. Clear the default Admin user’s password.

   Important This step disables the Logon dialog box for all databases using the same workgroup information file.

Users can now open your database without logging on — that is, they are automatically logged on as the Admin user. They will be able to perform all actions you gave the Admin user permissions to perform in step 2. This works for any workgroup because the Admin user account is the same in every workgroup information file. Only members of the Admins group of the workgroup information file that was in use when you ran the User-Level Security Wizard in step 1 have full permissions on the objects in your database.

Important Do not distribute copies of the workgroup information file in use when you secured the database in this procedure. If you need to allow a user to administer your database, give the copy of the workgroup information file to that user only.

To perform administrative functions, you must use the workgroup information file that was in use when you secured the database. There are two ways you can log on as a member of the Admins group of that workgroup information file:

• You can temporarily define a password for the Admin user to reactivate the logon procedure, and then log on as a member of the Admins group.
  
  
• You can use the /user and /pwd command-line options to specify your user name and password when starting Microsoft Access. If you define a shortcut that uses the /user and /pwd command-line options to do this, either delete the shortcut when you’re done, or physically secure the computer that the shortcut is located on, to prevent unauthorized users from accessing this information. For more information about command-line options, see “Microsoft Access Startup Command-Line Options,” earlier in this chapter.