Access 2003 vs. 2007/2010 Security (1 Viewer)

[April15Hater]

Maybe it's just me, but I've come to prefer the Access 2000/2003 ULS and in fact it is the reason I build my databases in 2003 still. Maybe I'm not seeing something....

While I'd love to get with the times, I still find enough usefulness in the good ol' ULS model to keep building in 2003. Even if it really isn't that secure, for the amount of users Access is capable of handling, I wouldn't feel comfortable putting sensitive data in an Access db anyways. Even though it's not secure, if anything it at least keeps users from accidentally entering bad data. It would take a significant effort (I think) for the layman to hack into 2003 ULS, just to get access to what.... a 5-user database?

I've read the forums a little and I saw that you can use windows security with multiple back ends to recreate the ULS, but sheesh, that could lead to a bunch of back ends and some frustrating Fridays. I've learned you can do something similar with forms/reports and distribute multiple front-ends to the appropriate users. But all this is just a huge hassle when I can accomplish the same things on Access 2003's ULS.

So back to my original question...Am I missing something? Does Access still offer a security solution that I'm not seeing?

Thanks,

Joe

 

[GinaWhipp]

Joe,

No, Access does not still off ULS in Access 2007 or Access 2010 unless your database is in .MDB format. IMHO, they probably won't offer it going forwarsd either. There are way to many programs (and some are free) that can crack it.

Now for the *average* user it's not worth the trouble. So one would really have to want the data or the code to do so.

As for entering *bad* data that really has nothing to do with security and more to do with formatting and data validation.

 

[The_Doc_Man]

I usually roll my own security anyway. ULS is not fine-grained enough for the kinds of things I want to do, so I wrote some code to selectively enable or disable controls based on your role in the DB. ULS is what you use when you don't have time to roll your own security or when your security requirement is extremely limited.

 

[GinaWhipp]

Good point... I never ULS as I found it a bit too easy to crack. For me, you want security use SQL Server...

 

[Banana]

I think it may also help to differniate between security in the sense of securing and protecting unauthorized access to data from "access control" which merely grants/deny you the access to interface you need to manipulate data with.

As former, ULS sucked. As latter, ULS did work pretty well. It was at least nice to be able to set at least at form/report level which group of users can interact with the object and slap on a generic routine to handle the "Access Denied" message.

That said, I don't see myself wanting to work with ULS anymore - sure, MDB file format are native to 2010 but there's no guarantee that MDB file format (and by extension, ULS) will continue to be supported. I can't see myself putting my clients on old technology that's just missing an obituary. For this reason, if access control is important enough, I usually get what I need via either integration with Active Directory or at least querying the server-based RDBMS for permission.

Tom van Stiphout has a nice blog article about how one can use Active Directory to fulfill the role of access controls for Access objects. Obviously, you want to also use *DE files so nobody can get clever and rewrite the VBA.