Converting an Access 97 DB to Access 2002 - Security problems -

[Guest]

Hi,

I'm working on converting an old Access database that is currently in the
Access 97 version to Access 2002 and am having trouble with some security
issues. The old database currently has different levels (supposedly) of
security using tables. For example, to log onto the database, the employee's
logon ID is automatically entered in a text box & then there is a macro that
compares the logon ID to an Employee table within the database. If the logon
ID is there, you are able to log on, if not, you can append your logon ID to
the table. Another "security" item set up is by "Department" with passwords
saved on a table within the database & to display certain information, the
password entered is compared to the table information. There are also some
macros and modules with VBA code related to the passwords.

My questions is, is there an easy way to convert these tables to the way
Access 2002 handles security? Or, will we need to remove (or obsolete) all
information/code related to these "security tables" in Access 97, convert the
database, then "re-build" the security in the Access 2002 version?

Any help would be appreciated. Thanks!

 

[Chris Mills]

That is a description of a "home-grown" security system, basically something
written in MS-Access.

Regardless of the benefits or otherwise of that, there should be no great
difficulty converting from A97 to A2002.

There is no way really to auto-convert a home-grown security system to MS
Access "User-Level Security". In fact, you may wish to retain (parts of) the
home-grown system on top of User-level security for all I know. (it may do
special things ULS doesn't handle).

Your description sounds like most of it would be handled by standard ULS.
Except possibly for how you display "certain information". ULS is essentially
limited to table-level security. Record-level security and field-level
security can be "simulated" in forms, or in the latter case perhaps by RWOP
queries. Most of the concepts are likely to be unrelated to the original
"home-grown security".

(There are also further security concepts you can use, such as compiling to
MDE, encryption, locking down bypass keys to limit "views" of the database)

and last but not least there's a new utility available for assisting the
understanding of ULS
http://www.grahamwideman.com/gw/tech/access/permexpl/index.htm
....plus a fair description of some security aspects on that website.

Chris

 

[TC]

Home-grown security has no hope of protecting an Access database from
anyone with moderate skills. Believe me, anyone with moderate skills
will be into it, bypassing the homegrown scheme, in 5 minutes flat.

Of course, this might or might not matter in your situation. 5% of
effort will deter 99% of potential crackers; but /no amount/ of extra
effort will deter the remaining 1%. So maybe what you have already, is
enough. Just don't make the mistake of believing that it will keep
anyone out, who has moderate skills.

Your best bet, IMO, would be to identify what functions the current
scheme is capable of; for example:

- check entered name against a list of valid users;
- disable options not permitted to the current user;

and so on. Then you could work on reimpimenting the same functions, but
using proper Access security methods.

HTH,
TC

 

[TC]

PS. Get rid of the macros! Macros are absolutely deprecated. There are
very few cases where you have to have a macro. Better to reimplement
them in VBA, which has much better error handling, better flow control
structures, & so on.

HTH,
TC