Microsoft Office 2000/Visual Basic Programmer's Guide

Securing Your Database Without Asking Users to Log On

If you want to secure some objects in a database but you don't need to grant various permissions to different groups of users, you might want to consider securing your solution without asking users to log on. You can do this by running the User-Level Security Wizard and granting the permissions you want available for all users to the Users group as described in the following procedure.

To secure your solution without asking users to log on

1. Open the database you want to secure.
   
   
2. On the Tools menu, point to Security, and then click User-Level Security Wizard.
   
   
3. Follow the directions in the wizard dialog boxes up to the sixth dialog box. In the sixth dialog box, click Yes, I would like to grant some permissions to the Users group. Assign the permissions to the Users group for objects you want to be available to all users. Typical permissions may include Read Data and Update Data permissions for tables and queries, and Open/Run permission for forms and reports. Don't give the Users group the permission to modify the design of tables and queries, or Administer permission for the database.
   
   
4. Complete the remaining dialog boxes to secure the database.
   
   
5. Distribute the database to users who are using the default workgroup information file that is created when Access is installed, or another file that doesn't have the default Admin user's password set so that the Logon dialog box won't be displayed when users start Access.

Users can now open your database without logging on — that is, they are automatically logged on as the Admin user. They will be able to perform all actions you gave the Users group permission to perform in step 3, but the User-Level Security Wizard will have removed the Admin user from the Admins group, so users won't have any administrative permissions. This works for any workgroup because the Users group is the same in every workgroup information file. Even if a user logs on as a member of the Admins group of some other workgroup information file, that user will be able to perform only actions granted to the Users group, because the SID of the Admins group is unique to each workgroup information file. Only members of the Admins group of the workgroup information file that was in use when you ran the User-Level Security Wizard have full permissions on the objects in your database. To perform administrative functions, you must use the workgroup information file that was in use when you secured the database, and you must log on as one of the members of that file's Admins group.

Important   Do not distribute copies of the workgroup information file that was in use when you secured the database in this procedure. If you need to allow a user to administer your database, give a copy of the workgroup information file to that user only.