1 chapter 13 securing an access application. 13 chapter objectives learn about the elements of...
TRANSCRIPT
![Page 1: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/1.jpg)
1Chapter 13Chapter 13
Securing an Access Application
Securing an Access Application
![Page 2: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/2.jpg)
13Chapter ObjectivesChapter Objectives
• Learn about the elements of security
• Explore application-level security
• Use user-level security
![Page 3: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/3.jpg)
13The Elements of SecurityThe Elements of Security
• Security Refers to the protection of an application from
unauthorized use
• Authorization Specifies who can access and update different
objects in the application
![Page 4: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/4.jpg)
13The Elements of SecurityThe Elements of Security
• Application-level security Makes it difficult for unauthorized users to
view the contents of the application
• User-level security Gives different users different permissions for
various objects that comprise an application
• Permission Ability to perform an action on an object
![Page 5: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/5.jpg)
13Stripping Source CodeStripping Source Code
• .mde file Compiled database file that cannot be modified,
even though it is smaller and runs more quickly
• Advantages of .mde file Can be distributed, but users cannot view or
change the application’s objects Protects a developer’s investment in the
application
![Page 6: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/6.jpg)
13 Data Encryption and Decryption
Data Encryption and Decryption
• Encryption Conversion of data from one representation into
anotherNew representation is coded so that it cannot be
easily understood
• Decryption Reverses the process of encryption
![Page 7: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/7.jpg)
13 Data Encryption and Decryption
Data Encryption and Decryption
• Security measures supplied by Access apply only to Access Encryption will make the data more difficult to
read
• To read encrypted files: You must possess processes and the decoding
key necessary to decrypt the files
![Page 8: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/8.jpg)
13 Creating a Database Password
Creating a Database Password
• Database password Simplest way to prevent unauthorized access to
an Access application Can be set in the Set Database Password dialog
box
• You can’t set a database password if user-level security has been defined for your database and you do not have Administer permission for the database
![Page 9: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/9.jpg)
13User-Level SecurityUser-Level Security
• User account An object that represents a user (or developer)
of an Access application
• PID Case-sensitive string that can hold between 4
and 20 characters Used in combination with the user name to
create a 128-bit machine-readable number
![Page 10: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/10.jpg)
13User-Level SecurityUser-Level Security
• Workgroup Set of accounts that tend to access the same set of
Access applications
• Accounts in the workgroup share the same workgroup information file Have the .mdw extension Access reads file information when it starts Contains information about the users in a workgroup
![Page 11: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/11.jpg)
13User-Level SecurityUser-Level Security
• Workgroup identifier (WID) Uniquely identifies a workgroup Case-sensitive string that can hold between 4
and 20 characters
• Owner of an object Special user who always has full permissions
on the object Identified by the user name and PID
![Page 12: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/12.jpg)
13User-Level SecurityUser-Level Security
• Group Named collection of user accounts that share
the same set of permissions on an application’s objects
• Permissions Privilege
![Page 13: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/13.jpg)
13 Creating and Joining Workgroups
Creating and Joining Workgroups
• Workgroups are created and managed through the Microsoft Access Workgroup Administrator Workgroup Administrator
Application separate from AccessFile name Wrkgadm.exe
• When a new workgroup is joined, the old workgroup is no longer considered active
![Page 14: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/14.jpg)
13User Accounts and PasswordsUser Accounts and Passwords
• Admins group Group account that retains full permissions on all
databases created when the workgroup was active
• Users group Group account that contains all user accounts
• Secure workgroup A workgroup that prompts for a user name and
password
![Page 15: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/15.jpg)
13Creating a New User AccountCreating a New User Account
Figure 13-2 Entering a user
![Page 16: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/16.jpg)
13Creating a New User AccountCreating a New User Account
• Access applications use the user name and PID to determine the identity of the current user
• Users can assign themselves a password when a database is open by using the Change Logon Password tab of the User and Group Accounts dialog box
![Page 17: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/17.jpg)
13Creating a New User AccountCreating a New User Account
Figure 13-3 Change Logon Password tab
![Page 18: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/18.jpg)
13Workgroup DynamicsWorkgroup Dynamics
• Workgroups do not share information including user name and password A user account and password must be created
for each workgroup that a particular user must use
• You can modify passwords and create new users within VBA
![Page 19: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/19.jpg)
13Users and Their GroupsUsers and Their Groups
• Groups with the same group name and PID, regardless of workgroup, receive the same permissions on a particular application
• When an application supports a large number of users, permissions should be managed through groups Easier to assign permissions to a few groups
than to each individual user
![Page 20: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/20.jpg)
13Users and Their GroupsUsers and Their Groups
• You can create or delete groups in the Group tab of the User and Group Accounts dialog box
Figure 13-4 Entering a new group
![Page 21: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/21.jpg)
13 Adding and Removing Users To and From Groups
Adding and Removing Users To and From Groups
• Creating users and groups is less cumbersome under the ADO model than the DAO model Append the new user to the Users collection or
new group to the Groups collection
• A reciprocal relationship exists between the objects in a user’s Groups collection and the objects in the group’s Users collection
![Page 22: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/22.jpg)
13 Adding and Removing Users To and From Groups
Adding and Removing Users To and From Groups
Figure 13-6 Relationship between security-related objects in collections
![Page 23: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/23.jpg)
13 Using and Assigning Permissions
Using and Assigning Permissions
• Permissions can be assigned to: All database objects Database Individual users Groups of users
All members of the group have the same permissions
![Page 24: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/24.jpg)
13 Using and Assigning Permissions
Using and Assigning Permissions
• Permissions can be assigned through the User and Group Permissions dialog box
Figure 13-7 User and Group Permissions dialog box
![Page 25: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/25.jpg)
13 Assigning Permissions Through User and Group Permissions
Dialog Box
Assigning Permissions Through User and Group Permissions
Dialog Box
• With OwnerAccess Option declaration Used when the developer would like the user to
update data in a table, but does not want the user to view the details of the table’s design
When possessed by a query, a user can run the query as long as the owner of the query has the appropriate permissions
![Page 26: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/26.jpg)
13 Setting and Using Permissions in VBA
Setting and Using Permissions in VBA
• Access stores information related to Permissions in properties of the Container and Document objects Containers collection
Located inside a database objectA container exists for every type of object used in
an Access applicationContains a document collection,which also exists
for every object
![Page 27: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/27.jpg)
13 Setting and Using Permissions in VBA
Setting and Using Permissions in VBA
• SetPermissions method Sets a value that establishes the permissions for the user
or group identified by the Group or User object
• GetPermissions method Retrieves permissions once they have been set
• Bitwise arithmetic Involves a bit-by-bit comparison of identically
positioned bits in two numeric expressions
![Page 28: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/28.jpg)
13 Owner and Admins Group Security Problems
Owner and Admins Group Security Problems
• User-level security is not complete until you have considered the special capabilities of Admins group members and owners
• Owners of an object always have the ability to assign themselves full permissions on the object
• If an application was created in an unsecured environment, the Admin account is the owner of all objects
![Page 29: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/29.jpg)
13 Owner and Admins Group Security Problems
Owner and Admins Group Security Problems
Table 13-1 Permissions granted to users
![Page 30: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/30.jpg)
13 Owner and Admins Group Security Problems
Owner and Admins Group Security Problems
• Important implications of these relationships: Admin account should not own any object in a
secure application Workgroup used to create an application should
not be distributed as part of the application
• Developers can restrict the permissions of the Admin account and Admin group
![Page 31: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/31.jpg)
13 Changing Object Ownership and Creating a Secure Application
Changing Object Ownership and Creating a Secure Application
• Object owner User who creates an Access object Always has full permissions applicable to an
object
• Administer permission Exists regardless of whether the user is a
member of the Admins group or whether an account in the Admins group attempts to change owner’s permission
![Page 32: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/32.jpg)
13 Changing Object Ownership and Creating a Secure Application
Changing Object Ownership and Creating a Secure Application
• If an object is not a database, it’s ownership may be changed through the Change Owner tab on the User and Group Permissions dialog box
Figure 13-8 Change Owner tab
![Page 33: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/33.jpg)
13Changing Object OwnershipChanging Object Ownership
• Owners of a database always have the right to open the database
• To change the ownership of an entire database: Import the database into Access while you are
logged on using the account of the new owner
![Page 34: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/34.jpg)
13Changing Object OwnershipChanging Object Ownership
Figure 13-9 Import Objects dialog box
![Page 35: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/35.jpg)
13 Changing Database Ownership and Securing an Application
Changing Database Ownership and Securing an Application
• The import database technique is one way to secure an unsecured application Allows ownership of all objects, including the
database, to be transferred from an unsecured database
![Page 36: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/36.jpg)
13 The User-Level Security Wizard
The User-Level Security Wizard
• User-Level Security Wizard WILL: Create a new database Import all the objects from the old database Remove all permissions from the Users group Encrypt the new database
• Application’s performance will be degraded slightly because it now uses an encrypted database
![Page 37: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/37.jpg)
13 Preparing a Workgroup for Distribution
Preparing a Workgroup for Distribution
• Each computer that runs an Access application must have access to: The application files The workgroup information file
The Access default workgroup information file is used to run an application or
The developer will distribute a workgroup information file
![Page 38: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/38.jpg)
13Chapter SummaryChapter Summary
• Security can be provided at both the application and the user levels
• Application-level security has the same effect on all users of a particular Access database file
• Database files can be encrypted and assigned a password
![Page 39: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/39.jpg)
13Chapter SummaryChapter Summary
• User-level security Provides different types of security for different
users
• Key to understanding how user-level security is implemented is to understand the relationships between workgroups, groups, users, owners, and permissions
![Page 40: 1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level](https://reader035.vdocuments.us/reader035/viewer/2022062621/551c463d5503467b488b4d40/html5/thumbnails/40.jpg)
13Chapter SummaryChapter Summary
• Admins members can always modify their own permissions when the workgroup that created an Access application is active
• Owners can modify their own permissions no matter which workgroup is active
• Security features can be implemented through Access menus and VBA