securing a database
DESCRIPTION
Securing a Database. Understanding database security Protecting the Database File Protecting Code Using User level Security Working with workgroups Working with Accounts Working with Permissions Converting a secured databases Start Up Forms Main Switchboards. DBMS – SECURITY ISSUES. - PowerPoint PPT PresentationTRANSCRIPT
Securing a Database1. Understanding database security2. Protecting the Database File3. Protecting Code4. Using User level Security5. Working with workgroups6. Working with Accounts7. Working with Permissions8. Converting a secured databases9. Start Up Forms10.Main Switchboards
DBMS – SECURITY ISSUES
Security of information: Why, What, How, and When.•Confidentiality•Privacy•Accuracy •Reduce the chance for errors•Level of access / privilege•Unauthorized access•Control Updates•Sharing of Databases
Sharing of Databases
No Locking:
Starting Balance $400
Tranx 1 $300
Tranx 2 $200 Closing Balance -$100 Overdrawn
With Locking:Starting balance: $400
Tranx 1 $300 locked
Balance $100 unlocked
Tranx 2 $200 insuf. fund
Closing balance $100
Protecting a Database File
Securing a Microsoft Access database file• The simplest method of protection is to set a password
for opening a Microsoft Access database (.mdb).• Only users who type the correct password will be
allowed to open the database.• Once a database is open, all its objects are available to
the user (unless other types of security have already been defined)
Caution: Do not use a database password if you will be replicating a database. Replicated databases can't be synchronized if database passwords are defined.
If passwords is forgotten, Database can not be opened.
Protect a database by adding a database passwordCaution • If you lose or forget your password, it can't be recovered, and you won't be
able to open your database.
Do not use a database password if you will be replicating a database. Replicated databases can't be synchronized if database passwords are defined.
Notes • A database password is stored with the database and not with the workgroup
information file.
You can't set a database password if user-level security has been defined for your database and you don't have Administer permission for the database. Also, a database password is defined in addition to user-level security. If user-level security has been defined, any restrictions based on user-level security permissions remain in effect.
If a table from a password-protected database is linked, the password is cached (saved) in the database it is linked to when the link is established. This may have unforeseen consequences. For more information, click .
Protect a database by adding a database password
1. Close the database. If the database is shared on a network, make sure all other users have closed the database.
2. Make a backup copy of the database, and store it in a secure place.
3. On the File menu, click Open.
4. Click the arrow to the right of the Open button, and then click Open Exclusive.
5. On the Tools menu, point to Security, and then click Set Database Password.
6. In the Password box, type your password. Passwords are case-sensitive.
7. In the Verify box, confirm your password by typing the password again, and then click OK. The password is now set. The next time you or any other user opens the database, a dialog box will be displayed that requests a password.
Remove a database password
On the File menu, click Open.
1. Click the arrow to the right of the Open button, click Open Exclusive, and then open the database.
2. In the Password Required dialog box, type the database password, and then click OK. Passwords are case-sensitive.
3. On the Tools menu, point to Security, and then click Unset Database Password. This command is only available if a database password was set previously.
4. In the Unset Database Password dialog box, type your current password.
5. Click OK.
Hide objects in the Database window – Protecting Code:
1. In the Database window, click the object you want to hide.
2. Click Properties on the toolbar.
3. Click Hidden, and then click OK.
Notes • To show all hidden objects, click Options on the Tools menu,
click the View tab, and then select the Hidden Objects check box. The icons for hidden objects will be displayed with a dimmed outline. You can then repeat the steps, but in step 3 clear Hidden, to unhide the objects.
• In a Microsoft Access project, you cannot hide tables, views, database diagrams, or stored procedures.
Security Account PasswordsThe second kind of password is called a "security account password"
and is only used when user-level security has been defined for a workgroup. A security account password is created to make sure that no other user can log on using that user name.
• The Admin user account (to activate the Logon dialog box).The user account that owns the database and its tables, queries, forms, reports, and macros.Any user accounts that you add to the Admins group.
In addition, you might want to add passwords to the accounts you create for users, or instruct users to add their own passwords.
Users can create or change their own user account passwords; however, only an administrator account can clear a password if a user forgets the password.
How to organize security accountsA Microsoft Access workgroup information file contains the following predefined
accounts.
Account - Admin
The default user account. This account is exactly the same for every copy of Microsoft Access and other applications that can use the Microsoft Jet database engine, such as Microsoft Visual Basic for Applications and Microsoft Excel.
Account - Admins
The administrator's group account. This account is unique to each workgroup information file. By default, the Admin user is in the Admins group. There must be at least one user in the Admins group at all times.
Account - Users
The group account comprising all user accounts. Microsoft Access automatically adds user accounts to the Users group when a member of the Admins group creates them. This account is the same for any workgroup information file, but it contains only user accounts created by members of the Admins group of that workgroup. By default, this account has full permissions on all newly-created objects. The only way to remove a user account from the Users group is for a member of the Admins group to delete that user.
Secure a database using the User-Level Security Wizard
By using the User-Level Security Wizard, you can apply user-level security with a commonly-used security scheme and encrypt your
Microsoft Access database.
1. Open the database that you want to secure.
2. On the Tools menu, click Security, and then click User-Level Security Wizard.
Follow the directions in the wizard dialog boxes. Notes
• The User-Level Security Wizard creates a back-up copy of the current Access database with the same name and a .bak extension, and then secures the selected objects in the current database.
User-level securityWhen using user-level security in a Microsoft Access database, a database administrator or an
object's owner can grant specific permissions to individual users and groups of users on the following objects: tables, queries, forms, reports, and macros. Data access pages and modules are not protected by user-level security.
WorkgroupA group of users in a multiuser environment who share data and the same workgroup
information file.
Admin accountThe default user account. When you install Microsoft Access, the Setup program
automatically includes the Admin user account in the workgroup information file it creates. The Admin account is the same for every copy of Microsoft Access and for other applications, such as Microsoft Visual Basic, that use the Microsoft Jet database engine. By default, Microsoft Access automatically logs you on at startup using this account and gives you full permissions to database objects.
Admins groupThe system administrator's group account that retains full permissions on all databases used
by a workgroup. The Setup program automatically adds the default Admin user account to the Admins group. There must be at least one user in the Admins group at all times.
Control how an Access database or Access project looks and behaves when it starts
You can specify, for example, what form to display, whether toolbars can be customized, and whether shortcut menus are available.
1. On the Tools menu, click Startup.
2. Select the options, or enter the settings you want to use.
Notes • For information about a specific item in the dialog box, click the
question mark at the top of the dialog box, and then click the item.
• For a list of issues to consider when setting options in the Startup dialog box, click .
For additional information about creating an application, click
Create, customize, and delete a switchboard formYou create, customize, and delete a switchboard by using the Switchboard Manager. Create a switchboard1. Open the database. 2. On the Tools menu, point to Database Utilities, and then click Switchboard Manager. 3. If Microsoft Access asks if you'd like to create a switchboard, click Yes. 4. Click New. 5. Type the name of the new switchboard, and then click OK.
Microsoft Access adds the switchboard to the Switchboard Pages box. 6. Click the new switchboard, and then click Edit. 7. Click New. 8. Type the text for the first switchboard item in the Text box, and then click a command in the
Command box. For example, type View Recording Artists, and then click Open Form In Edit Mode in the Command box. Note: To create a switchboard that branches to other switchboards, click the Go To Switchboard command in the Command box, and then specify the switchboard you want to go to.
9. Depending on which command you click, Microsoft Access displays another box below the Command box. Click an item in this box, if necessary. For example, if you clicked Open Form In Edit Mode in step 8, click the name of the form you want to open in the Form box, such as Recording Artists, and then click OK.
10. Repeat steps 7 through 9 until you've added all the items to the switchboard. Note: To edit or delete an item, click the item in the Items On This Switchboard box, and then click Edit or Delete. If you want to rearrange items, click the item in the box, and then click Move Up or Move Down.
11. When you've finished creating the switchboard, click Close.
• Notes • To make a switchboard open when you
open the database, click the switchboard name in the Switchboard Manager dialog box, and then click Make Default.
• When you create a switchboard with the Switchboard Manager, Microsoft Access creates a Switchboard Items table that describes what the buttons on the form display and do. If you make changes to the Switchboard form later in form Design view, the application may no longer work.
Database Recovery
• Backups – Off site, full system, incremental, part
• Log Files• Recovering from hardware or software
failure and sudden power cut• Recovering the database with a transaction
that was half way thru• Preventive methods - UPS
Back up a database1. Close the database. If you are in a multiuser environment, confirm that all users have
closed the database.
2. Using the Windows Explorer, My Computer, Microsoft Backup, the MS-DOS copy command, or other backup software, copy the database file (an .mdb file) to a backup medium of your choice.
Notes • If you are backing up to a floppy disk and your database file exceeds the size of the
disk, you cannot use Windows Explorer or My Computer to back up your database; you must use Microsoft Backup or backup software so that you can copy the file over more than one disk.
• You should also create a backup of the workgroup information file. If this file is lost or damaged, you won't be able to start Microsoft Access until you restore or rebuild it.
• You can back up individual database objects by creating a blank database and then importing the objects you want from the original database.
Repairing an Access database
In most cases, Microsoft Access detects that an Access database is damaged when you try to open it and gives you the option to compact it at that time. In some situations, Microsoft Access may not detect that an Access database is damaged. If an Access database behaves unpredictably, compact it.
Compacting a previous-version Access database won't convert it to Access 2000 format. Learn more about converting a previous-version Access database.
If you are compacting a multiuser (shared) database that is located on a server or shared folder, make sure that no one else has it open. You must have Open/Run and Open Exclusive permissions for an Access database in order to compact it. Learn more about assigning permissions.
• Powerful Tool to Repair Corrupt Access Database
• SysTools Access Recovery is the most popular advanced access database repair tool to repair corrupt MS Access database. SysTools Access Recovery supports to repair Access database of MS Office 97/2000/XP/2003. Software is a secure & easy access database recovery utility designed to repair corrupt Access database (.mdb files).
• SysTools Access Recovery recovers objects like tables, queries, relationships and repairs password protected MS Access or mdb files.