1 / 40

Chapter 13

Chapter 13. Securing an Access Application. Chapter Objectives. Learn about the elements of security Explore application-level security Use user-level security. The Elements of Security. Security Refers to the protection of an application from unauthorized use Authorization

kennan
Download Presentation

Chapter 13

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 13 Securing an Access Application

  2. Chapter Objectives • Learn about the elements of security • Explore application-level security • Use user-level security

  3. The Elements of Security • Security • Refers to the protection of an application from unauthorized use • Authorization • Specifies who can access and update different objects in the application

  4. The Elements of Security • Application-level security • Makes it difficult for unauthorized users to view the contents of the application • User-level security • Gives different users different permissions for various objects that comprise an application • Permission • Ability to perform an action on an object

  5. Stripping Source Code • .mde file • Compiled database file that cannot be modified, even though it is smaller and runs more quickly • Advantages of .mde file • Can be distributed, but users cannot view or change the application’s objects • Protects a developer’s investment in the application

  6. Data Encryption and Decryption • Encryption • Conversion of data from one representation into another • New representation is coded so that it cannot be easily understood • Decryption • Reverses the process of encryption

  7. Data Encryption and Decryption • Security measures supplied by Access apply only to Access • Encryption will make the data more difficult to read • To read encrypted files: • You must possess processes and the decoding key necessary to decrypt the files

  8. Creating a Database Password • Database password • Simplest way to prevent unauthorized access to an Access application • Can be set in the Set Database Password dialog box • You can’t set a database password if user-level security has been defined for your database and you do not have Administer permission for the database

  9. User-Level Security • User account • An object that represents a user (or developer) of an Access application • PID • Case-sensitive string that can hold between 4 and 20 characters • Used in combination with the user name to create a 128-bit machine-readable number

  10. User-Level Security • Workgroup • Set of accounts that tend to access the same set of Access applications • Accounts in the workgroup share the same workgroup information file • Have the .mdw extension • Access reads file information when it starts • Contains information about the users in a workgroup

  11. User-Level Security • Workgroup identifier (WID) • Uniquely identifies a workgroup • Case-sensitive string that can hold between 4 and 20 characters • Owner of an object • Special user who always has full permissions on the object • Identified by the user name and PID

  12. User-Level Security • Group • Named collection of user accounts that share the same set of permissions on an application’s objects • Permissions • Privilege

  13. Creating and Joining Workgroups • Workgroups are created and managed through the Microsoft Access Workgroup Administrator • Workgroup Administrator • Application separate from Access • File name Wrkgadm.exe • When a new workgroup isjoined, the old workgroup is no longer considered active

  14. User Accounts and Passwords • Admins group • Group account that retains full permissions on all databases created when the workgroup was active • Users group • Group account that contains all user accounts • Secure workgroup • A workgroup that prompts for a user name and password

  15. Creating a New User Account Figure 13-2 Entering a user

  16. Creating a New User Account • Access applications use the user name and PID to determine the identity of the current user • Users can assign themselves a password when a database is open by using the Change Logon Password tab of the User and Group Accounts dialog box

  17. Creating a New User Account Figure 13-3 Change Logon Password tab

  18. Workgroup Dynamics • Workgroups do not share information including user name and password • A user account and password must be created for each workgroup that a particular user must use • You can modify passwords and create new users within VBA

  19. Users and Their Groups • Groups with the same group name and PID, regardless of workgroup, receive the same permissions on a particular application • When an application supports a large number of users, permissions should be managed through groups • Easier to assign permissions to a few groups than to each individual user

  20. Users and Their Groups • You can create or delete groups in the Group tab of the User and Group Accounts dialog box Figure 13-4 Entering a new group

  21. Adding and Removing Users To and From Groups • Creating users and groups is less cumbersome under the ADO model than the DAO model • Append the new user to the Users collection or new group to the Groups collection • A reciprocal relationship exists between the objects in a user’s Groups collection and the objects in the group’s Users collection

  22. Adding and Removing Users To and From Groups Figure 13-6 Relationship between security-related objects in collections

  23. Using and Assigning Permissions • Permissions can be assigned to: • All database objects • Database • Individual users • Groups of users • All members of the group have the same permissions

  24. Using and Assigning Permissions • Permissions can be assigned through the User and Group Permissions dialog box Figure 13-7 User and Group Permissions dialog box

  25. Assigning Permissions Through User and Group Permissions Dialog Box • With OwnerAccess Option declaration • Used when the developer would like the user to update data in a table, but does not want the user to view the details of the table’s design • When possessed by a query, a user can run the query as long as the owner of the query has the appropriate permissions

  26. Setting and Using Permissions in VBA • Access stores information related to Permissions in properties of the Container and Document objects • Containers collection • Located inside a database object • A container exists for every type of object used in an Access application • Contains a document collection,which also exists for every object

  27. Setting and Using Permissions in VBA • SetPermissions method • Sets a value that establishes the permissions for the user or group identified by the Group or User object • GetPermissions method • Retrieves permissions once they have been set • Bitwise arithmetic • Involves a bit-by-bit comparison of identically positioned bits in two numeric expressions

  28. Owner and Admins Group Security Problems • User-level security is not complete until you have considered the special capabilities of Admins group members and owners • Owners of an object always have the ability to assign themselves full permissions on the object • If an application was created in an unsecured environment, the Admin account is the owner of all objects

  29. Owner and Admins Group Security Problems Table 13-1 Permissions granted to users

  30. Owner and Admins Group Security Problems • Important implications of these relationships: • Admin account should not own any object in a secure application • Workgroup used to create an application should not be distributed as part of the application • Developers can restrict the permissions of the Admin account and Admin group

  31. Changing Object Ownership and Creating a Secure Application • Object owner • User who creates an Access object • Always has full permissions applicable to an object • Administer permission • Exists regardless of whether the user is a member of the Admins group or whether an account in the Admins group attempts to change owner’s permission

  32. Changing Object Ownership and Creating a Secure Application • If an object is not a database, it’s ownership may be changed through the Change Owner tab on the User and Group Permissions dialog box Figure 13-8 Change Owner tab

  33. Changing Object Ownership • Owners of a database always have the right to open the database • To change the ownership of an entire database: • Import the database into Access while you are logged on using the account of the new owner

  34. Changing Object Ownership Figure 13-9 Import Objects dialog box

  35. Changing Database Ownership and Securing an Application • The import database technique is one way to secure an unsecured application • Allows ownership of all objects, including the database, to be transferred from an unsecured database

  36. The User-Level Security Wizard • User-Level Security Wizard WILL: • Create a new database • Import all the objects from the old database • Remove all permissions from the Users group • Encrypt the new database • Application’s performance will be degraded slightly because it now uses an encrypted database

  37. Preparing a Workgroup for Distribution • Each computer that runs an Access application must have access to: • The application files • The workgroup information file • The Access default workgroup information file is used to run an application or • The developer will distribute a workgroup information file

  38. Chapter Summary • Security can be provided at both the application and the user levels • Application-level security has the same effect on all users of a particular Access database file • Database files can be encrypted and assigned a password

  39. Chapter Summary • User-level security • Provides different types of security for different users • Key to understanding how user-level security is implemented is to understand the relationships between workgroups, groups, users, owners, and permissions

  40. Chapter Summary • Admins members can always modify their own permissions when the workgroup that created an Access application is active • Owners can modify their own permissions no matter which workgroup is active • Security features can be implemented through Access menus and VBA

More Related