What’s New in Access 2007 Security?

Microsoft has completely revamped security in Microsoft Office Access 2007. The User Security model has been completely eliminated in Access 2007, unless you keep your database in the old Access file format (.MDB or .MDE) and that database already has user-level security applied. In other words, if you open a database created in an earlier version of Access and that database already has security applied, Access 2007 will support user-level security for that database. If you convert a database created in an earlier version of Access to the Access 2007 file format, Access 2007 will strip all user-level security settings from the database, and Access 2007 security will apply. The following is an overview of the changes to security in Access 2007:

• In Microsoft Access 2003, you had to code sign and trust a database before you could view any of its data. With Microsoft Office Access 2007, you can view the data in a database without having to enable Visual Basic for Applications (VBA) code.
• With Microsoft Office Access 2007, if you place a database (new or old database format) in a trusted location, those files will open and run without displaying warning messages or asking you to enable disabled content. A trusted location is a file folder or network share that you designate as secure. Furthermore, if you open databases created in earlier versions of Access and those databases have been digitally signed, if you have chosen to trust the publisher, those files will run without making trust decisions. VBA code in the signed database will not run until you trust the publisher. If the digital signature becomes invalid, you will once again not be able to run the VBA code.
• Microsoft Office Access 2007 includes a new feature called the Trust Center Using the Trust Center, you can set and change security options within Microsoft Access 2007.
• In Microsoft Access 2003, you had to deal with a multitude of security messages when you opened a database. Microsoft has greatly simplified this process with Microsoft Office Access 2007. When you open a Microsoft Office Access 2007 database, a message bar appears (see Figure 1). You simply click the Options button on the message bar. The Microsoft Office Security Options dialog appears. Click to select Enable This Content and then click OK. Access enables all disabled components.
• In Microsoft Access 2003, you had to apply security certificates to individual database components. In Microsoft Office Access 2007, the process of signing and distributing files is quite easy. All you need to do is to sign the database and then distribute it.
• Microsoft Office Access 2007 has a stronger algorithm for encrypting data. The encryption of a database scrambles the data in your tables. This prevents unwanted users from viewing the data in your Access databases using a tool such as a text editor.
• With Microsoft Office Access 2007 security, certain macro actions can execute without you or the user having to enable the database. In fact, all embedded macros run even if they contain macro actions that Access would ordinarily disable.
• If you open a database in a trusted location, all components of the database run without the need to explicitly trust the database.
• If you package, sign, and deploy a database from an earlier version of Access (.MDB or .MDE file), and the database contains a valid digital signature from a trusted publisher whose certificate you have trusted, all components will run without the need to make trust decisions. This is true whether you extract the database to a trusted or an untrusted location. When you package a database that is untrusted or one that contains an invalid digital signature, you will have to choose an option from the message bar to trust the database each time you open it, unless you deploy it to a trusted location.
• You must enable databases each time you open them if they are untrusted or you place them in an untrusted location.

Note

Although Microsoft Office Access 2007 offers an improved security model, if your data requires a higher level of security than what Access provides, you should store your data on a server such as Microsoft SharePoint Services version 3 or SQL Server 2005. Your Access forms and reports can then access the data stored on the server. For more information on integrating Access 2007 with SharePoint services, see the Short Cut Integrating Microsoft Office Access 2007 with SharePoint.