0

I designed an MS Access Database that reads the user's window's username and restricts access based on that, with some users having full access, some having partial/controlled access, and some getting kicked out on opening it. I work for a large organization (thousands of employees) but the DB is stored somewhere only some people can get to, so I don't need super security, I just want something to keep someone from stumbling into it and then breaking it.

However, since I am using VBA code for the security, if someone hasn't made the document "trusted," the VBA code doesn't run, and obviously it won't be trusted the first time they open it, so...my security does nothing. I'm trying to figure out a way to "fail closed," so people can't get in unless the Macro can run, and I was thinking I could password protect the DB and then have the macro enter the password, but I have no idea if that is possible, or how I would do it?

If someone has a better idea than a password lock of the DB, I'm happy to hear it. I'm nervous that the macro could break when there is no one around who would know the password...

Help??? Please?

Thanks

Edit, found this: Excel VBA - Automatically Input Password Looks like the answer to my original question is no.

There is nothing in my DB that is really sensitive, I just don't want someone editing if they don't know what they are doing. Is there a way to set it to read only unless a password is entered? I guess I could set each table and form to read only and have the property change if opened by someone on the user list???

I'm happy to accept a "You are thinking about this wrong, here is a solution that doesn't do what you asked, but does what you want."

computant
  • 1
  • 2
  • _The most flexible and extensive method of securing a database is called user-level security. With user-level security, you can establish different levels of access to sensitive data and objects in your database. To use a database secured with user-level security, users type a password when they start Microsoft Access. Access reads a workgroup information file, where each user is identified by a unique identification code. The level of access and the objects that a user has access to are established based on this identification code and password._ From Access 2003 help. –  Feb 10 '20 at 23:45
  • 1
    @Mark User level security only works for ancient access filetypes, and can be trivially bypassed. Encryption works, but only with one password per db, no row/table level security. For anything more flexible, you can set up the access db as a frontend for SQL Server Express, with permissions based on AD group. – OwlsSleeping Feb 11 '20 at 00:44
  • @OwlsSleeping exactly. What I have is flexible enough, but in a corporate environment where I'm not IT, I can't make the DB "Trusted" for all users, and the VBA only runs if it is a trusted document. If I could set up a password for entry with the VBA having the password, then folks who are new won't be able to stumble into it and mess things up because the "Trusted document," bypasses my security. What I don't know is if I can have a macro enter the password, and I couldn't find anything about that in the first few pages of google. – computant Feb 12 '20 at 14:46
  • Your question is quite similar to this: https://stackoverflow.com/questions/46179795/prevent-enabling-of-shift-bypass-access-2010 – Andre Feb 12 '20 at 16:19
  • @Andre, Read the other question, it is about the shift bypass of security, my question is about the fact that VBA won't work unless a document is trusted. I didn't see anything in there about VBA and macros. I did read the description by another user of having a database manage passwords and those passwords controlling access to another password to unlock the database. Seems like a pretty hard core answer to what should be a simple question. It is somewhat related to this: https://stackoverflow.com/questions/32822374/how-do-i-allow-databases-to-run-activex-content-when-opened-with-vba – computant Feb 12 '20 at 22:27
  • @Andre, Just re-read my response and realized English was playing it's tricks. I meant that I read (past tense) the other question, but I realize it could be read as telling you to read (present/future tense) the other question. I apologize for not making sure my intent was clear. – computant Feb 13 '20 at 20:21

0 Answers0