Microsoft Office 2000/Visual Basic Programmer's Guide

Running the User-Level Security Wizard

In previous versions of Access, if you want to fully secure your Access database, you are required to perform a number of steps both before and after running the User-Level Security Wizard. In Access 2000, the new User-Level Security Wizard performs all of these steps for you, and can even be run again on a secured database to modify previous settings. The User-Level Security Wizard performs the following steps to secure your Access database:

1. Creates a new secure workgroup information file by using a secure workgroup ID (WID). You can also choose to use and modify the current workgroup information file created previously by running the User-Level Security Wizard or the Workgroup Administrator. You can choose to make the workgroup information file the default one for the current installation of Access, or the wizard can create a Windows shortcut that uses the \wrkgrp startup command-line option to open your secured database by using the workgroup information file.
   
   
2. Secures all selected database objects, and sets the permissions that will be assigned to any new objects that users create after running the wizard.
   
   
3. Secures the database's VBA project to protect access to all code modules (stand-alone modules, the modules behind forms and reports, and class modules) by setting a password. If the database's VBA project has been password-protected before running the wizard, you must provide the correct password or the wizard won't be able to secure your code modules.
   
   
4. Creates up to seven new predefined group accounts for the following typical user roles: Backup Operators, Full Data Users, Full Permissions, New Data Users, Project Designers, Read-Only Users, and Update Data Users. For more information about the permissions assigned to these predefined groups, see "Assigning Permissions to Users and Groups" later in this chapter.
   
   
5. By default, removes permissions on all objects for the default Users group. Optionally, you can grant permissions to the Users group for some objects. This is useful for developers of add-ins and other developers who don't want to require users to log on to the database and only want to secure certain objects.
   
   
6. Creates and adds new user accounts to the workgroup information file, and allows you to assign passwords for each new user. If you choose to create a new workgroup information file by using the first dialog box of the wizard, a new user account is created for you.
   
   
7. Assigns users to the default Admins group account, or to the selected predefined group accounts. At least one new user account must be assigned to the Admins group account to serve as the database administrator account, because the wizard will remove the default Admin user from the Admins group to fully secure the database. By default, the new user account created for you in the previous step is assigned to the default Admins group as the new database administrator account.
   
   
8. Creates a backup copy of the current database, and secures the current database in place. The objects you selected are secured by revoking all permissions on those objects for the default Users group. Ownership of the database and all objects in it is transferred to the new database administrator account. Finally, the secured database is encrypted. The secured database will have the same name as before, and the backup copy of the database will be named OriginalDatabaseName.bak.
   
   
9. Formats a report that documents the values used to create the new workgroup information file and user accounts. You should print this report and keep it in a secure location in the event you need to use these values to re-create the workgroup information file if it becomes corrupted. This report also documents which objects have been secured.

To secure your solution with the Access User-Level Security Wizard

1. Open the database you want to secure.
   
   
2. On the Tools menu, point to Security, and then click User-Level Security Wizard.
   
   
3. Follow the directions in the wizard dialog boxes.

If you log on as a member of the Admins group, you can run the User-Level Security Wizard again on the new, secured database to create new users, modify permissions, and to assign users to groups.