microsoft.com Home  
Microsoft
http://www.microsoft.com/office/ork  
Using Security Features in Access

Setting a Password to Prevent Opening a Database

Assigning a password to a database is an easy way to prevent unauthorized users from opening an application. Use this approach when you need to control which users can open the database, but not what they do after providing the correct database password.

Important   Before you set the database password, make a backup copy of the database. Also, close the database before you set the password; if the database is located on a server or in a shared folder, make sure no other user has it open.

To set a database password

  1. On the File menu, click Open.
  2. Navigate to the folder that contains the database and select it in the file list, click the arrow next to the Open button, and then click Open Exclusive.
  3. On the Tools menu, point to Security, and then click Set Database Password.
  4. In the Password box, type the password. Passwords are case sensitive.
  5. In the Verify box, type the password again to confirm it, and then click OK.

The password is now set. Each time a user tries to open the database, a dialog box appears that requests the database password.

Caution   If you or a user in your workgroup assigns password protection to a database and then forgets the password, you cannot open the database, gain access to its data from a data access page or from linked tables, remove protection from the database, or recover data from the tables. Keep a list of your passwords and their corresponding database names in a safe place.

When you set a database password, the Set Database Password command changes to Unset Database Password. To clear a database password, open the database in exclusive mode, click Unset Database Password (Tools menu, Security submenu), type the correct password in the Password box, then confirm it in the Verify box.

Top

Administrator permissions

Any user who knows the database password and has access to the Unset Database Password command can change or clear the password, unless you remove the Administer permission on the database for all users and groups except the database administrator.

Similarly, if you want to prevent users from setting a password on a database, you must remove the Administer permission on the database for those users or groups. By default, the Users group, the Admins group, and the creator of the database all have Administer permission on the database.

You can remove the Administer permission without establishing user-level security, but users can restore the Administer permission by using the User and Group Permissions command on the Security submenu (Tools menu). To ensure that no unauthorized user can set, clear, or change a database password, you must establish user-level security in addition to removing the Administer permission.

System Policy Tip   You can use a system policy to disable the user interface for setting database passwords. In the System Policy Editor, set the Microsoft Access 2000\Tools | Options\Disable items in user interface\Predefined\Disable command bar buttons and menu items policy and select the Tools | Security | Set Database Password check box. For more information about the System Policy Editor, see Using the System Policy Editor.

Top

Linked tables

If you use a password to protect an Access database that contains tables linked to another database, Access stores the password in an unencrypted form when the link is established. Any user who can open the database that contains the link can open the linked table. To avoid compromising the security of the password-protected database, implement user-level security instead to control access to sensitive data in the database.

Top

See also

Database passwords do not prevent an unauthorized user from using a disk editor or other utility program to read your data without opening the database. However, you can increase security by encrypting your database. For more information, see Encrypting a Database.

You cannot synchronize a replicated database when a database password has been set. If you plan to replicate the database, establish user-level security instead, which does not interfere with replica synchronization. For more information, see Setting User-Level Security.



Topic Contents   |   Previous   |   Next   |   Top

Friday, March 5, 1999
© 1999 Microsoft Corporation. All rights reserved. Terms of use.

License