How to Make an Access 2003 Database Read-Only

[dwilt]

We have created a database for a client, and our goal is to make it so
the client can search, run reports, etc., but we want to restrict them
from ever being able to add or modify data. What is the simplest and
most sure-fire way to accomplish this?

 

['69 Camaro]

Hi.

we want to restrict them
from ever being able to add or modify data. What is the simplest and
most sure-fire way to accomplish this?

There are no simple, yet sure-fire ways to prevent them from adding or
modifying the data. The simplest way is to set the file's attributes to
read-only. However, there are no sure-fire ways to keep this setting when
they are in charge of their own computers and the files on them. One could
also set the Windows security permissions on the directory so that write and
modify permissions are denied, but they own their computers, so they can
change these permissions at will, too.

A slightly more difficult method is to set a Validation Rule on the table
that is impossible (such as 1=0). Ensure that the Validation Rule is set so
they can't immediately figure out what you did and change it -- perhaps
"Sorry. No more records can be added to this table." Hence, no new records
can be added, and current records can't be modified, but the down side is
that current data can be deleted. But if they intentionally delete the
data, that's _their_ problem. However, if they have an Access developer
available, he'll figure it out if he's experienced, and he'll remove the
restriction. The good news is that most Access developers aren't
experienced yet, so it's entirely possible the restriction will stay "as
is."

The most difficult way is to implement User-Level Security and remove all
permissions to the tables and use RWOP (Run With Owner Permissions) SELECT
queries so that they can see the data that the queries show in the tables,
but they can't actually open the tables, nor import them into a new
database, nor modify or add to the current data.

The most sure-fire way to prevent them from adding or modifying the data is
to store the data in a client/server database and only give them SELECT
permissions on the views, but someone has to administer the database, so
that needs to be someone you can trust not the change those permissions.

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
Blog: http://DataDevilDog.BlogSpot.com
http://www.Access.QBuilt.com/html/expert_contributors2.html for contact
info.

 

[Jamie Collins]

On Feb 23, 11:01 pm, "'69 Camaro"

A slightly more difficult method is to set aValidationRule on the table
that is impossible (such as 1=0). Ensure that theValidationRule is set so
they can't immediately figure out what you did and change it -- perhaps
"Sorry. No more records can be added to this table." Hence, no new records
can be added, and current records can't be modified, but the down side is
that current data can be deleted. But if they intentionally delete the
data, that's _their_ problem. However, if they have an Access developer
available, he'll figure it out if he's experienced, and he'll remove the
restriction. The good news is that most Access developers aren't
experienced yet, so it's entirely possible the restriction will stay "as
is."

Even better, then, to use a table-level CHECK constraint that will
prevent rows being deleted e.g.

ALTER TABLE Test ADD
CONSTRAINT look_dont_touch
CHECK
(
-1 =
(
SELECT COUNT(*)
FROM Test AS T1
)
);

They are really obcure(d), especially if you rely on the Access user
interface ;-)

Jamie.

--