The simplest, yet least sophisticated, method of implementing security is to assign a password to the overall database. This means that every person who wants to gain access to the database must enter the same password. After a user gains access to the database, Access renders all of the database's objects available to that user. This type of security is called share-level security.
Share-level security is the simplest and quickest method of security to set up. With almost no effort, you can secure a database and its objects. This method of security is quite adequate for a small business in which the administrators of the database want to ensure that no unauthorized people can access the data but that each authorized person has full access to all the objects in the database.
To assign a database password to a database, follow these steps:
Open the database to which you want to assign a password by opening the Open dialog box and selecting Open Exclusive from the Open drop-down list box. You cannot assign a password to a database unless you open it exclusively.
Choose Tools | Security | Set Database Password. The Set Database Password dialog box appears, as shown in Figure 22.1.
Type the password and verify it and then click OK. Keep in mind that the password is case-sensitive.
After you assign a password to a database, Access prompts users for the password each time they open the database. The Password Required dialog box (see Figure 22.2) appears each time a user opens the database.
After a user enters a valid password, he or she gains access to the database and all its objects. In fact, the user can even remove the password by choosing Tools | Security | Unset Database Password. The Unset Database Password dialog box only requires that users know the original password (see Figure 22.3).
Although share-level security is extremely easy to understand and implement, they also are extremely unsophisticated. As you can see, users either have or do not have access to the database, and it is very easy for any user who has access to the database to modify or unset its password.
If you forget the password associated with a database, it is not easy to gain access to the database and its objects. It is therefore extremely important that you carefully maintain a list of the passwords associated with each database. On the other hand, it is not impossible to break security that is set on an Access database. In fact, there are Web sites that offer to remove Access database security for a fee! This means that, if security is of the utmost importance to you or your users, Access database security might not be the appropriate solution for you. To ensure that your data is secure, you can store it in a Microsoft SQL Server database. A client/server database such as Microsoft SQL Server offers a much more robust security model than what is available with the .MDB file format.
If you want to assign a password to a database, users must be able to open the database exclusively. You can grant or deny users the right to open a database exclusively by using the User and Group Permissions dialog box. Assigning rights that permit or deny users or groups exclusive open rights is covered in the section "Step 11: Assigning Rights to Users and Groups," later in this hour.