Microsoft Access Security FAQ available in the Download Center

Moderate: Requires basic macro, coding, and interoperability skills.

This article applies only to a Microsoft Access database (.mdb).


The Secfaq.exe file contains a Microsoft Word document titled "Frequently Asked Questions About Microsoft Access Security for Microsoft Access versions 2.0 through 2000" written by Mary Chipman, Andy Baron, Chris Bell, Michael Kaplan, Paul Litwin, and Rudy Torrico. This document answers just about any Microsoft Access security question you may have.

To view the Microsoft Access Security FAQ, download the file by clicking the following download link:

The Secfaq.exe file contains the following files:

Secfaq.doc Microsoft Access Security FAQ Document
Readme.txt This readme file
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

More Information

The "Frequently Asked Questions About Microsoft Access Security for Microsoft Access versions 2.0 through 2000" paper contains the following topics:
  • What are the steps to secure a database?
  • In a nutshell, how does Microsoft Access security work?
  • What has changed in Microsoft Access security between Microsoft Access 2.0, 95, 97, and 2000?
    • 3.1Table 1: DAO Security Constants
  • How can I set a single password on my database?
    • Database Password Bugs
  • How can I clear a user's forgotten password?
  • What's the best way to convert my secured Microsoft Access application to the latest version of Microsoft Access?
  • What's all this about a security hole in Microsoft Access 2.0?
  • How can I secure just my code without users having to log on?
  • How do I delete the Admin user?
  • How do I implement field-level or row-level security on my tables (RWOP or queries with Run Permissions set to Owner's)?
  • Why can't I get my RWOP Append Query to Run?
  • What is the difference between an "attached" table and a "linked" table?
  • How do I manage linked tables using Microsoft Access security?
  • What permissions are necessary to update table links?
    • Using RefreshLink to relink tables
    • Using TransferDatabase to relink tables
    • No Permissions necessary - Using the .Connect property to relink tables
    • Error messages
  • Why do users require permission to create new tables in the destination database in order to update a table attachment?
  • What happens when the front-end database permissions on an attached table differ from those in the back-end database?
    • Creating New Links
    • What permissions should you set for <New Table/Queries>?
    • Updating or Refreshing Existing Links/Attachments
    • Synchronizing Permissions
  • How can I retrieve the "most restrictive" permissions for attached tables?
  • Can I prevent users from linking tables?
  • How do I work with a secured application and an unsecured application at the same time?
  • How do I keep users from viewing Code Behind Forms?
  • How can I tell who is logged on to my shared, networked application?
  • How can I obtain group and user membership information programmatically?
  • How can I obtain the groups that the current user belongs to without hard-coding an Admins ID and password in the code?
  • How can I prevent users from creating new objects in my database?
  • How can I prevent users from updating any tables by any means other than through forms?
  • How can I secure some parts of my application (an add-in), yet make others totally open to any Microsoft Access user?
  • How do I prevent users from holding down the SHIFT key to bypass the AutoExec macro?
  • How do I prevent a run-time application from being opened in full retail Microsoft Access?
  • Does Microsoft Access security still work if I use OLE automation or Microsoft Query to manipulate Microsoft Access tables?
  • How can I use the Security Wizard without creating an encrypted database?
  • When I use the Security Wizard in Microsoft Access 2.0, it runs to 99%, and then freezes
  • I thought I secured my database, but someone opened it with his or her own workgroup file. Is Microsoft Access security broken?
  • I want to create a remote site administrator able to administer the database and add user accounts but not alter permissions on database objects
  • How can I "de-secure" a database?
  • I lost/forgot my password and can't get into my database
  • Do I need a separate workgroup file for every database I develop for my department?
  • How do I use DAO to manipulate permissions?
  • I created a user in code but the user isn't in the Users group and can't start Microsoft Access
  • I created a user and I can't log on as that user
  • I ran the Security Wizard but users from another workgroup can still open the database
  • How do I implement security when I am using Visual Basic as a front-end?
  • Do I need to use a System.mda when I'm using Visual Basic to control secured objects?
  • How do I open a password-protected database from Visual Basic?
  • How do I open a report in a secured Access database from Visual Basic?
  • What about using ADOX or ADO to programmatically manage security?
  • How can I open a database in code that was secured using another workgroup file?
  • Additional Sources of Information