Author: dust all the way
- Published: 2004-10-22 19:55:59
- Access security
Under Office 2000, the security mechanism for Access databases is more perfect. In addition to setting password protection for the database, encoding the database, you can also enable user-level security mechanisms, control access to the database on the user level.
First, the database settings password
For a single-machine database or a database that requires a shared group sharing, only the password protection is set. A group member who knows the password has a full-service permission of the database, and there is no difference between the use rights between each other. The steps to set the password are as follows:
Start Microsoft Access, cancel in the pop-up selection window, do not open any database.
Click Menu: File - Open, in the pop-up window, select the database file you want to open. Then open the arrow on the right side of the open button to open in exclusive way, open the selected database with exclusive ways.
Click on the Access Window menu: Tool - Security - Set the database password. In the pop-up password and verification input box, enter your password, pay attention to the size
Write, and keep in mind. Then click the OK button.
Turn off the database, exit the Access environment, and the password is set. The next time you open this database, you will prompt your password and your password is correct to open the database.
To copy the database, please do not use the database password. If the password is set, the replicated database will not be synchronized. The password of the database is to place together with the database file, not in the working group information file.
Second, database compression coding
In order to further encrypt the database, the database can be encoded. This cannot be viewed using software such as other tools or word processing. The use of users under Access does not affect. The coded steps are as follows:
Start Microsoft Access, cancel in the pop-up selection window, do not open any database.
Click on the menu: Tool - Security - Encrypted / Decrypt Database.
In the pop-up database encryption / decryption window, select the database you want to encode, and click the OK button.
In the pop-up database encryption, in the window, enter the encoded file name in the File Name input box, click the save button. The encoding compressed database is subject to another file.
Third, user-level safety mechanism
Using user-level security mechanisms, you can more flexible and safer databases. Under this safety mechanism,
Create a user and workgroup account in an Access associated workgroup information file to manage users; manage object permissions in a specific database, you can specify use permissions to users and workgroups. The user wants to enter the user name and password to open the database, and the operation of the database is subject to the restrictions.
1, Working Group Information File
In Microsoft Access, the user and workgroup's information account is stored in the Workgroup Information file, which is to manage users and workgroups using the workgroup information file. The default workgroup information file is: c: // program files // microsoft office // office // system.mdw.
Users can also establish their own working group information files, used to divide and manage users and workgroups in accordance with their needs, usually in the second.mdw file stored in the working directory where the database is located, of course, the user can specify the file Name and storage location, but the extension of the file cannot be changed.
Workgroup information files correspond to the entire Access, which is valid in the Access running environment, rather than corresponding to a database. Each ACCESS is started, and the workgroup information file is read to get the account information of the user and workgroup. The default is to read the default workgroup information file system.mdw, but users can specify which workgroup information file association: Run Working Group Information Manager WRKGADM.EXE, (usually in C: // Program Files // Microsoft Office / / Office // There is already a shortcut to this program MS Access Workgroup Administrator to create a new workgroup information file or specify an Access to join a working group information file. You can also start the parameter option / WRKG
Start the MS Access Workgroup Administrator shortcut, in the Working Group Administration window, point join button can change the workgroup information file to be coupled when Access startup: The path name of the file is specified in the pop-up information file window. Create a button, you can create a new workgroup information file: In the pop-ups Ownership Information window, enter the workgroup name, unit, and work group ID. Enter the storage path and name of the Workgroup Information File Database in the Workgroup Information File window. This can create a new working group information file and have been associated.
The Working Group ID is the only uniqueness identifier for the working group, which is used to distinguish other working group information files, and you must save it if necessary.
Under Access, click Menu: Tool - Security - User Level Security Wizard, select New Workgroup Information file, or create a new workgroup information file.
3, safety mechanism
Under the user-level security mechanism, each user has a user name, personal identifier (PID), unique security ID (SID), password generated by the name and PID encryption algorithm; each working group has a unique working group name, personal Identification (PID), Safety Identity (SID), no password, and cannot log in with a group name.
The personal identification (PID) of the user and group is unique, consists of 4 to 20 characters, which is case sensitive. The security identifier SID (Security ID) of the user and group is generated by the name and PID encryption algorithm, uniqueness.
In the Working Group information file (actually a special access database), the name of the user and group, SID, password information, user, and group of SID, and user passwords are saved in the table MSYSACCounts. In the table msysgroups, the control relationship between the working group SID and the user SID is stored, which is determined which group belongs to. Both tables are hidden system tables.
Users and groups, for the corresponding operation permission relationship between the objects of the database machine, is not saved in the working group information file, but stored in the database file and is done by the database. In the Access Database (.MDB) file, there is a hidden system table Msysaces, where the SID of the user and group is stored and the identification ID of each object of the corresponding database, as well as operational rights information. This represents the correspondence and operation permission relationship between users and groups and database objects.
When the user opens the database, Microsoft Access finds the user's SID according to the user name and password entered by the user. If the prompt account is invalid and lets re-enter; if the user's SID is found; Then find the SID of the user belonging to the user's parties in the MSYSGroups table. According to the SID of the found user and group, then find the corresponding database object ID and its permission information in the MSYSACES table of the database (.mdb), thereby determining what database objects and what operations can be accessed by the user and group. 4, users and workgroups
In the default workgroup information file system.mdw, the default has three accounts: admin, creator, engine, where Creator and Engine are built by Microsoft Jet database engine, and users cannot interfere. Administrator account admin, the unique default account, with all permissions to all objects in the database, in Chinese Access, the account name can be "admin" or admin.
In the default workgroup information file, two working groups are set by default: administrators groups and user groups.
In the default, users are using the admin account when the user launches Access, and does not need to enter the user name and password because the name admin default, and the initial password is empty. If you use this default manner, start Access, then click Menu Tool - Security - Users and Group Accounts, in User and Group Accounts window, select Change Login Password tab, empty, new password, verify input box in the old password input box The new password for the administrator account can be added to the new password. If it is not the default login method, you can change your password only in the old password input box. For other users, you can also change your own password. After setting the password, start the Access to open the database, you will ask the user account.
The SID of the administrator account is the same for all the workgroup information files, which means: Whether you use which workgroup information file is associated with the Access boot system, you can use the administrator account to access all this unit's Access database.
The user who creates an object is the owner of the object, has all permissions. Even if permissions are canceled by the administrator, you can also enter the user and group permissions dialog, assign permissions to yourself. The administrator cannot permanently revoke the permissions of the object owner, but can change the owner of the object. Therefore, in addition to controlling the permissions, the administrator must change the owner of the object in time to ensure security.
5. Management and authority of users and workgroups
Setting Working Groups To assign and manage privileges, you can assign users to the workgroup, then grant permissions to the workgroup without authorizing the user. The default administrators group and user groups are usually available, and all permissions are available by default. The SID of the administrator group is the same for all working group information files, while the user group's SID is different from all working group information files. All users are user groups.
The administrator has all permissions, and the user's permissions are best derived from user groups instead of authorization. For security, you should not let the user group have all permissions.
The management of users and groups can be as follows:
Start Access, you must log in with the administrator's account.
Open the database you want to manage.
Click on the menu: Tool-Security - Users and Group accounts, enter the user and group management window, which can create new users, new groups, allocate users to a group, change the login password, delete the user, delete group, clear user password, etc. .
Click on the menu: Tool-Security - Users and Group permissions, enter the user and group permission management window, you can set each user, what object, what is the operation permission, and you can change the owner of the object. In the selection of users, groups, object types, you can switch the settings. In order to be more thorough, an administrator account can be created separately, grant all permissions, and delete the default administrator account (from the administrator group, it cannot be completely deleted). Then delete all permissions from the administrator and user group. The owner of all objects should be the newly created administrator account. This ensures that only new administrator accounts can access the database.
User-level security: belongs to the administrator group, password is empty; assign all permissions of all objects of the database to the user group; assign all object owners to the administrator.
6, user-level security wizard
User-level security wizards can be utilized to establish user-level security of the database. Bring the database backup before running the wizard. From Menu: Tool - Security - Setting the Security Mechanism Wizard, you can start the wizard. Follow the prompts to set the operation, you can set various security of groups, users, permissions, etc.
Fourth, protect the database with .mde file
MDE is a compiled special form of database. Under this format, most objects can only be performed without modification. It is also not possible to import and export objects.
Click Tools - Database Utility - Generate> MDE files, you can go to the save window.
Specifies the original database location and name, specify the location and name of the MDE file you want to save, and click Save.
The security of Access database is basically better than the server level database of SQL Server is so perfect. But for database management applications on the desktop, these security confidentiality can already meet the requirements.
