Tuesday, June 13, 2006

Is Hiding Databases A Good Idea?

In case you missed my previous discussions on Access 2007 security, Workgroup security (otherwise knows as User Level Security) will not be supported in the new ACCDB file format. This led me to think about other credible alternatives and one that springs to mind is Windows File Security. One idea that I discussed a while ago with a friendly chap called Bill was hiding files in Windows Folders. i.e.

Right click on a File in Windows Explorer and select the Hidden Attribute check box


What I would like to find out from experienced Access DBA's is "Is the hidden file attribute a good way to protect your database? "

To help me out on this, read the rest of the conversation that I had on this topic and then post your ideas and knowledge on this topic below.


Garry said "Bill, I would be really interested on the positives and negatives of hiding a database using Windows Explorer. If you are interested I will post your answers in my newsletter and ask the users for their thoughts."

Bill said "No problems that I have been aware of in hiding databases. In our state wide domain, users do not have the ability to see hidden objects or to turn that ability on. Administrators do the backups. Generally we store our back-ends on servers with nightly backup and additional off site storage or mirror to another site."

Bill "Our system default is that standard users cannot see hidden objects and cannot turn that on, hiding adds another level of security and can prevent malicious deletion of files potentially, although I have never run into this, accidental, yes. "

Bill "Other times, we may make a front end visible but hide the back-end to make it harder for a user to copy, just another level of security."

Please post your thoughts below so that readers can ascertain if this is a good idea or not.

Wednesday, March 08, 2006

Access 2007 - An Overview Of Features

The beta 1 version of Office 12 is rolling along and it looks like it will be called Office 2007. Recently, Microsoft gave the Beta 1 testers permission to discuss the features of what is in the next version of Office. I am sure most of the readers will read many great things from many different people in Microsoft over the coming year or two and some will be true, some will simply be regurgitated media releases and some will be proper analysis of the new product. Anyway for what it is worth, here is a summary of what you are going to find in the next version of Access.

1) The menus are quite different
2) The database container now works like a interactive task bar
3) Access will support MDB files with the new interface and most of the old things that you are used to from Access 2000 onwards. The MDB format will not be developed much further.
4) Access will now have a new file format called ACEDB. If you adopt this format or users convert your database to this format, the following things will not be supported. Access user level security. Replication. Data Access Pages (ADP is still supported)
5) There will be new simpler forms and reports and the macro environment will be improved.

As for things that will appear in the next version, this following statement from Microsoft describes what the focus of the next version is." Our goals for Access 12 are to make new users more successful, to make existing users more productive, and to enable a whole new type of database application built around Windows SharePoint Services."To achieve these goals, the new Database templates are far more prominent in the next version of Access. MS states that there has been a million downloads of the Access 2003 new databases templates and they want to build on this success. It also describes why the menu's were redesigned to make them work the same as the next version of Word and Excel. Finally Sharepoint support means that a lot of changes to Access itself seemed geared around making linked tables work really well into SharePoint services. It seems as if they hope Access will be a prominent tool in supporting SharePoint development. Only time will tell.

As for my feelings on whether I like the next version of Access, I believe that the most important conclusion about the next version of Access is that it is still being treated seriously by Microsoft. Also there is a very good chance that there will be a lot more people using Access in the future because there is no software company in the world that spends more money on user research than Microsoft. Another interesting development sideline is that for ACEDB format databases, the Access team has now taken back development of the jet engine from the Windows development team. This should bode well for future development of Access databases. I cannot say much more as there is still a gag on us discussing our findings of Access 2007 outside the beta website.If you wish to comment on this topic, post your response (good or bad) below.

Tuesday, February 21, 2006

Access 2007 - Depreciated Workgroup Security

In the next version of Access, the much cursed, the difficult to understand but quite detailed security system that is known as User Level Security (workgroup security) is not going to be supported by the next version of the Microsoft Jet engine. The way that it is going to be phased out is as follows.

Access will support Access 2000-2003 databases (mdb, mde, and mda) in a similar manner to what you are used to.

If you or your users upgrades your databases to a new file format called a ACEDB format, workgroup security will not be supported. This means in reality that you will then need to rely on personal protection systems for your security. If you are a reader of my book on Access protection and security, this means that you will only be able to draw on Chapters 1-6 and Chapter 12 for information if your database gets upgraded to the ACEDB format.

The good news though is that you have removed ownership from the Admin account for any object in the database, your users will need Administrator workgroup accounts and passwords to upgrade the database to the ACEDB format and you will be left with managing the MDB in much the same manner. In this situation Chapters 7, 8, 10 do apply and arguably are more important. Of course when Access 2009/2010 rocks along, this may change and you may be forced to upgrade. Of course the new features in Access at this time may also encourage you to upgrade.

To counteract the developer protests on removing workgroup security, Microsoft have beefed up the database password so that it is not stored in the database and invented a way that macro security warnings can be turned off if a database is stored in nominated folder.

Please sign up for Beta 2 if you feel that this depreciated feature is going to affect your database going forward. Remember if you do so, please use a spare computer or an empty boot operating system for your testing. As I am a Beta 1 participant, I cannot make my views on this depreciated feature topic known.

To view the chapters in my book, head to read the table of contents in PDF format or head to a page describing the book at vb123.com.

What are your thoughts on User Level Security getting squished...