 One of the biggest misconceptions about MS Access, is that it isn’t a secure database. To be fair, the misconception has some grounding in fact. If the MS Access database is using native tables, then it isn’t any more secure than an Excel Spreadsheet. But, this is a simplistic understanding of the issue. Following are some things to take into consideration, about data security and the use of Microsoft Access. Many organizations fault MS Access Security, but have no problem with storing sensitive data in Excel spreadsheets, created by end users and stored in folders that may (or may not be) secure. For example – and I see this on a regular basis – users will download sensitive data from a secure enterprise software solution. They’ll dump their export into Excel, save the Excel file to a personal folder (or worse yet their desktop). This isn’t even logical. On the one hand, it’s o.k. for end users to copy/paste spreadsheets of sensitive data to in-secure locations (like their desktops). But, for some reason storing the same data in an Access database (with more controls than a spreadsheet) is forbidden. Even if security in Access was limited to native Access tools, one would have to look long and hard at a policy which allows so much exposure to data through Excel, but then limits the use of Access. Beyond the obvious problem described above, what most people don’t know – and never get to in their assessment of Access as an option for sensitive data – is that Access can be upsized to incorporate the use of SQL Server. You may want to read this Microsoft Knowledge Base article on upsizing Access Data. From the article: Benefits of upsizing a database to SQL Server In short, when you upsize an Access Database to SQL Server, you’re moving all Access tables and data to the more robust Microsoft SQL Server database. Then you link the SQL Server tables back to the MS Access frontend file. This is a very common way to use Access. Most of my clients are using a SQL Server backend database with Access as the frontend file. In the linked article, Microsoft lists many benefits of upsizing Access data to a SQL Server backend. The linked article is well worth your read. The benefit of Improved Security is highly important. By moving all of your Access data to a SQL Server backend database, you can immediately take advantage of the robust SQL Server Security capabilities. Specifically you can use SQL Server Active Directory Security. This means Active Directory security can be used to:
Beyond using Active Directory Security, there are other ways that one can control access to data. SQL Views can be used to limit which datasets a user sees. For instance users may only need to view customer records for their district. In a situation, such as this, it is possible to write a query at SQL level, which limits the record-set to a specified district. These queries are called SQL Views. Once the SQL View is written and stored it can be linked back to an Access frontend file. This is a subtle way to limit which records a user can view, but it is effective. Where Active Directory settings can be used to determine which tables a user is allowed to edit and which tables they are even allowed to read, SQL views can filter the data a user is allowed to view &/or edit down to a specific subset of records (such as all customers in one district). By upsizing Access data to a SQL Server database, and incorporating the robust security capabilities of SQL Server, the security problems one would expect in a stand-alone Access go away. Of course it only makes sense to continue to create restricted run-time versions of your Access frontend file and store these files in a secure folder, with limited access, by qualified users. In addition, when creating ODBC data connectors, you should use machine data sources, stored in secure folders and restricted to qualified users. That way only qualified users; logged into the specified machine, will be able to get to the data source. Once all of these things are taken into consideration, Microsoft Access can be used very successfully with sensitive data. More Articles About Microsoft Access
5 Comments
2/1/2018 10:41:02 am
Another example of how great Access is as a Windows Forms application development platform (which just happens to come with it's own database so you don't need to use .ini files, etc.)
Tony Croft
2/3/2018 02:30:17 pm
Well yes ...and no! Your heading suggests you are going to discuss Access Security and how best to use it to secure data; but you end up delivering an article on the benefits of moving data to SQL Server...we all know SQL is more secure than Access. What you are really putting forward is an argument for doing away with Access altogether, as with data already in SQL, it would be more logical to use SQL functionality to deliver the custom reports and views required by individual groups, doing away with the additional licence uplift fees of Office Pro version in the process. 2/5/2018 08:26:23 am
Hello Tony:
Relying on machine specifics is quickly going the way of the dinosaur. Companies are moving to more cost-effective virtual desktops which grab a new IP address every time they spin up. 2/5/2018 08:30:32 am
RE: virtual desktops. You might be interested in this article on deploying Access in a cloud environment. Leave a Reply. |
Michelle MeyerArticles discuss the place of Microsoft Access in data management processes. Archives
January 2022
Categories |
RSS Feed
|
Count Began On: 02-17-2018 |
|
©1st Contact Databases - 2018
|
|