This article provides an overview of how you can secure a
database so that it is not changed or copied by other Microsoft Access users.
This article assumes that you have a thorough understanding of the
pieces that make up the Microsoft Access security model: workgroups, accounts,
ownership, and permissions. For more information about the Microsoft Access
security model, you can obtain the "Security Wizard and White Paper for Version
For information about how to download the "Security
Wizard and White Paper for Version 2.0," please see the following article in
the Microsoft Knowledge Base: 122036
ACC2: Security Wizard and White Paper for Access 2.0 Available
an overview of how to secure a database in Microsoft Access version 7.0, search
the Help index for "security, user-level security" and display the topic,
"Secure a database using the Security Wizard."
For an overview of
how to secure a database in Microsoft Access 97, search the Help index for
"security, overview" and display the topic, "Secure a database." Scroll to the
bottom of the topic and click the link to "Secure a database with the
User-Level Security Wizard."
Three common mistakes you can make when you create a
database that enable other Microsoft Access users to circumvent security are as
- You create the database and its objects while you are
logged in as the Admin user.
- You do not remove the default Users group permissions that
are granted in full for all objects.
- Your distributed application includes the same SYSTEM.MDA
file used to create the database. In the SYSTEM.MDA, the Admin account has no
password and is a member of the Admins group.
To protect your database from being changed by other Microsoft
Access users, follow these steps:
- Open the Workgroup Administrator (WRKGADM.EXE) file and
create a new system database (SYSTEM.MDA in versions 1.0 and 2.0; SYSTEM.MDW
for version 7.0 or later) that has a unique Name, Organization, and Workgroup
- Start Microsoft Access and open any database.
- On the Security menu, click Change Password. Assign a
password to the Admin user account.
- On the Security menu, click Users. Create a new user
account, and then add the account to the Admins group.
- In the Users box, select the Admin user name. Remove the
Admin account from the Admins group.
- On the File menu, click Exit. Restart Microsoft Access and
log in as the new user you created in step 4.
- Create a new database.
- On the Security menu, click Permissions. By making the
selections in the Object Type box, remove the default Users group permissions
for the following objects that appear in the Object Name box:
- <Current Database>
- <New Tables/Queries>
- <New Forms>
- <New Reports>
- <New Macros>
- <New Modules>
- Import all of the objects from your original database into
the new database.
- Create other group and user accounts as necessary.
- Assign group and user permissions to your objects as
- Close the database, and then use the Encrypt/Decrypt
Database command to encrypt the database. (This step is optional.)
Microsoft Access "Building Applications," version 2.0,
Chapter 14, "Securing Your Application," pages 313-344
Article ID: 132143 - Last Review: January 19, 2007 - Revision: 4.2
- Microsoft Access 2.0 Standard Edition
- Microsoft Access 95 Standard Edition
- Microsoft Access 97 Standard Edition
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.