Warrio said:
Even with an .mde file the user can still see the databse window
the only thing that he cannot do is to edit the forms or reports and
see the the code..
but he can still see the access objects (tables, queries, forms,
reports...)
Thanks but it doesn't answer my question
any correct answer would help
Security in Access is largely a process of erecting barriers. The simplest of
barriers will block most people who are not familiar at all with Access. As the
familiarity with Access goes up, you have to erect higher barriers. Keeping in
mind that nothing will make an Access file completely secure you have the
following options.
Use the tools in Startup to...
Hide the db window
Disable all built in Menus
Disable "Special Keys" (like F11)
This is a "level 1" barrier. Users more familiar with Access will know that
they can bypass all of these settings by holding the shift key while opening
the file. To raise the bar you can execute code that will disable the shift key
for your particular file. See help topic on AllowBypassKey Property for
details.
That would be a "level 2" barrier, but more sophisticated users will know that
they could run similar code to re-enable the bypass key. To raise the bar
further you can utilize Access User Level Security. Besides the normal benefits
of applying ULS it gives you the ability to disable the bypass key in a manner
that cannot be reversed except by users with Adminstrator authority in the
security settings. Details of this at link below...
http://www.mvps.org/access/general/gen0040.htm
In parallel with the above you can hide your objects so even if they get to the
db window they will not see anything. This is level 1 because many users will
know that they can alter their options to show hidden objects. Level 2 would be
to prefix all object names with USys which will also hide them by treating them
as system objects. The user who changes his option settings to show hidden
objects still would not see these unless they also chose to show system objects.
Level 3 would be to create all table links at startup and destroy them at
closing so that they simply don't exist until your application needs them. The
tables that are linked to can exist in a file with an obscure file name (doesn't
even need mdb extension) in an obscure location so that the user would have
difficulty even knowing what file it is.
An old axiom is that 5% of your efforts will block 95% of the users. The
remaining 95% of your efforts will block an additional 3% of users. No amount
of effort will block the last 2%.