Lessons

Addendum

There is now a way to hide your back-end folder! See Hide Folder.

Resources

Questions?

Please feel free to post your questions or comments below. If you have questions about a specific lesson, please specify the lesson number and the time index in the lesson where the issue occurs. Thank you!

Subscribe for Updates

If you would like to be notified whenever changes are made to this page, new lessons are posted, or comments are made, click on the subscribe button.

Comments for Security Seminar Lessons

Age	Subject	From
4 months	Lesson 26 Encrypt Password	Jesus Rodriguez
6 months	Getting an Error Message Run-time Error 438:	Vannak Hou
7 months	L13 ServiceF Opens Blank	Todd Adams
13 months	Locking Disables Hiding Ribbon	Michael Craytor
14 months	Split Vs External Link	Tanin Uthayanaka
15 months	Invalid password when creating links	David Campbell
2 years	Create Table Links	Leo Rivera
3 years	Form Filtering User Groups	Jorge Restrepo
3 years	Stuck in Set rs	Jorge Restrepo
3 years	Custom ribbon	Kevin Whitthread
3 years	create links	Kevin Whitthread
3 years	ButtonClick Not working	Sami Shamma
3 years	Security Roles	Steven Lazo
4 years	Error Group Level Security	Pino Arcuri
4 years	Force Users to Log Out	Emad A
4 years	Database Log security 101	James Corbett
4 years	Application Close button	Emad A
4 years	Security Seminar 24 Email	James Corbett
4 years	Lesson 36 VBA problem	Victor Lugo
4 years	Cant Move to Next Record	Lori Foy
Next >>

Subscribe to Security Seminar Lessons
Get notifications when this page is updated

Intro

In this lesson you will learn how to build a secure Microsoft Access database from the ground up, focusing on internal user security, login forms, user groups, workflow management, controlling access to forms and fields, sending email notifications, creating system logs to monitor user activity, and encrypting your database. I will show you how to manage user permissions, set up database workflows, restrict access to sensitive data, and utilize Access security features such as splitting the database, disabling the bypass key, and creating ACCDE or MDE files. These lessons use Microsoft Access 2007, with notes for earlier versions.

Transcript

Welcome to the Microsoft Access Security Seminar brought to you by AccessLearningZone.com. I am your instructor, Richard Rost.

This seminar is not only about Microsoft Access Database Security, although we will cover it in detail. The main focus of this seminar is to teach you how to build a secure database from the ground up, including all the steps necessary to control every action your users can take inside the database itself and to monitor those actions.

This seminar will cover user security inside your database, controlling who can log on, managing database workflow, the step-by-step procedures in your database, controlling access to database objects, which users can see which forms and fields, sending email notices from your database, creating a detailed system log to see what users are doing, and finally encrypting and securing your database.

Microsoft removed user-level security from Access 2007, mostly because it was not that secure to begin with. So the first thing we are going to do is create our own user table and make our own log-on form. This way we can set up user names and passwords for our users and control who can log on to the database.

Then we will create a form where we can add users in the different groups such as manager, sales rep, admin, service tech, and so on. This will control what types of access rights they have in the database. Of course, you can make whatever user groups you want.

Next we will come up with a workflow for our database. How do we want this database to function when the users are actually inputting data? Our example for this class will be a basic work order for service techs.

It will start off where a sales rep will enter a request for service. Then the service technician performs the service and enters the information into the database. Then a manager gets to review the details to make sure everything is okay. The manager then assigns this for a follow-up and the sales rep calls the customer to make sure everything is good. The manager then gives it one final review and closes the work order.

You will learn how to control what users can enter data into which fields. For example, here you can see a service tech can only enter data into the service performed field and not the service requested field. That is the job of the sales rep. You will be able to manage each step of the process.

For example, when the service tech is done entering his information, he clicks on the service call completed button which moves it along to the next step. You will learn how to lock and unlock forms and fields to control who can enter data where.

You will learn how to send the email notices at each step in the process to notify, for example, the sales rep that he has a follow-up to make. That is handy, especially if you do not have employees who use the database every day.

You will learn how to log everything. In addition to logging each step of the process when a work order was opened, serviced, reviewed and served, and by which user, we will also create a secret system log where you can track everything a user does, what time they logged in, what fields they changed, what records they edited. This is great for tracking workers and making sure they are doing their jobs and also keeping track of who changed what data in the database.

We will focus on internal database security, things that happen inside the database while your users are working in it. For example, who can edit customers? Do you want sales reps to be able to change each other's customers? Who can see customer data? Do you want your service techs looking at all of your customer records? Who can edit and delete data? Who has permission to delete customer records, for example? What information is required? Should you force your users to have to enter certain information? Who can see which buttons and forms? What the manager might see on the main menu might be completely different from what one of the service techs sees. This of course is based on their permissions.

Next, we will take a look at some of the Access built-in security measures. We will split the database into a front end and back end solution. Then we will encrypt the back end database so it requires a password to see any of your table data.

We will turn off the navigation pane and specify our own login form. And we will learn how to disable the bypass key using some VBA code. For an extra security measure, next we will learn how to dynamically link to our tables and back end database and destroy those links when we are done.

We will also learn how to make an encrypted version of your front end database that hides all of the report, form, and module design. It is called an ACCDE file in Access 2007 or an MDE file in older versions. For our Access 2003 users, we will run through the user level security wizard to secure a database. We will talk about users and passwords, groups and permissions, and how to manage all of the above.

While the seminar does stand alone and I will cover all the concepts in detail, it is strongly recommended that you have some background in Microsoft Access before taking this class. Of course, you can find my beginner, intermediate, and expert level classes on my website at AccessLearningZone.com.

I will be using Microsoft Access 2007 for the videos in this class. However, most of the material I will be covering is also valid for Access 2000 through 2003. If there are major differences, I will try to point them out. The lesson on user level security in fact is specific to Access 2003.

Now this is a long seminar. It is over 7 hours long, but it is broken up into 36 lessons that are themselves pretty short. I recommend you sit back and relax and watch the entire seminar series once through without doing anything. Get a feel for what I am trying to accomplish. Then watch the lessons a second time, following along with my examples. Build the database that I am building in the class videos and do not try to apply what you are learning in the lessons to your other database that you are working on, whatever project you have on the side. Build this database as I am building it and you will get a lot more out of these lessons.

The sample database files for this course can be found at AccessLearningZone.com-security-seminar. If you are watching this course online or in our special video player software, you will see the student interaction forums appear in a small browser window next to the videos. If you have any questions about the topics covered in these videos, please feel free to post them in the student interaction forums.

Now let us take a more detailed look at exactly what the seminar will be covering.

Quiz

Q1. What is the primary focus of the Microsoft Access Security Seminar?
A. How to create advanced queries in Access
B. How to build and monitor a secure database from scratch
C. How to design dashboards in Access
D. How to migrate databases to SQL Server

Q2. Why did Microsoft remove user-level security from Access 2007?
A. It was too expensive
B. It was not secure to begin with
C. It was hard to use
D. It required too much storage space

Q3. What is the first step in implementing user security according to the seminar?
A. Encrypting the front end database
B. Creating a user table and a custom log-on form
C. Backing up the database
D. Disabling the navigation pane

Q4. What is the purpose of creating user groups like manager, sales rep, admin, and service tech?
A. To assign different database themes
B. To control access rights within the database
C. To reduce database size
D. To improve database speed

Q5. In the seminar's workflow example, who is responsible for entering the request for service?
A. Manager
B. Admin
C. Sales rep
D. Service tech

Q6. How does the database ensure that only specific users can enter data into certain fields?
A. By using separate databases for each user
B. By controlling form and field access based on user role
C. By encrypting all tables
D. By using Access macros exclusively

Q7. What feature is used to move a work order along in the workflow after a service tech has entered the information?
A. Reset Database button
B. Service Call Completed button
C. Submit Feedback button
D. End Session button

Q8. How does the seminar propose notifying users about follow-up tasks?
A. By physically handing them notes
B. By sending email notices from the database
C. By publishing updates on the company intranet
D. By using cell phone apps

Q9. What type of logging will be covered in the seminar?
A. Only when a user logs in
B. A secret system log tracking all user actions and changes
C. Only when data is deleted
D. Only password changes

Q10. What type of database security does the seminar mainly focus on?
A. Network firewall configuration
B. Internal database security controlling users' actions within Access
C. Hardware-based encryption
D. Cloud database permissions

Q11. What is one method taught to restrict what a user can edit or delete?
A. Hiding all forms
B. Setting object permissions based on user groups
C. Disabling the database
D. Giving everyone admin rights

Q12. What is a recommendation for students before starting the seminar project?
A. To migrate their existing databases
B. To watch all lessons once through, then build the sample database as shown in class videos
C. To upgrade to the latest Access version immediately
D. To skip lessons unrelated to their current project

Q13. What file format allows you to secure reports, form, and module designs in Access 2007?
A. ACCDT
B. ACCDE
C. MDBX
D. XLSX

Q14. What precaution is suggested regarding user interaction with the database while watching the seminar?
A. Try to apply the lessons to existing projects right away
B. Follow along using the same sample database as in the videos before modifying personal projects
C. Change their Windows password
D. Use macros for security

Q15. How are questions about the course content handled during the seminar?
A. Students must email the instructor directly
B. Through student interaction forums next to the videos
C. There is no way to ask questions
D. Only during live webinars

Answers: 1-B; 2-B; 3-B; 4-B; 5-C; 6-B; 7-B; 8-B; 9-B; 10-B; 11-B; 12-B; 13-B; 14-B; 15-B

DISCLAIMER: Quiz questions are AI generated. If you find any that are wrong, don't make sense, or aren't related to the video topic at hand, then please post a comment and let me know. Thanks.

Summary

Today's video from Access Learning Zone focuses on building a secure Microsoft Access database from start to finish. While Microsoft Access Database Security will certainly be discussed, the primary goal of this seminar is to show you how to construct a database where you can control and monitor every action your users take inside the system.

Throughout the seminar, I will guide you through a range of key security measures. These include database user security, managing logins, controlling workflow, monitoring database usage, restricting access to certain objects, specifying which users can view or modify particular forms and fields, sending notification emails from your database, keeping a comprehensive activity log, and adding encryption for greater security.

An important aspect we will address is that Microsoft removed user-level security in Access 2007, mostly because it was never very secure. To improve on this, we will design our own table to store user information and create a custom log-on form. This means you gain full control over user names, passwords, and access rights.

You will also learn how to manage users by creating groups such as manager, sales rep, admin, or service technician. These groups will help you define what actions each type of user can perform inside the database. All of these categories are customizable so you can set them up to fit your own needs.

Next, we will establish a workflow that dictates how users interact with the system when entering data. For this purpose, we will use a simple work order process as our example. The process begins when a sales rep enters a request for service. The service technician then completes the job and records it in the database. After that, a manager reviews the work, assigns any needed follow-up, and the sales rep contacts the customer to confirm the outcome. Finally, the manager gives the order a last review before closing it out.

With this setup, you will learn how to control which users can enter information into which fields. For example, only the sales rep is allowed to fill in the service requested, while only the technician can document the service performed. Each step is clearly managed, allowing you to control the flow and security of data entry.

When the technician finishes entering their details, the task moves forward with a completion button. You will learn how to set up controls so only authorized users can unlock, edit, or lock specific forms and fields at each stage.

As you move through each phase of the workflow, you will set up automatic email notifications to alert users of their responsibilities. This is particularly helpful if your team does not use the database constantly and needs reminders for their next steps.

Keeping a detailed log is another essential feature we will build. Beyond tracking major workflow steps, such as when a work order was opened or serviced and by whom, we will set up an internal system log. This log records exactly what changes each user makes, when they log in, which fields they update, and which records they edit. It is invaluable for monitoring user activity and ensuring data integrity.

The seminar puts strong emphasis on internal security within the database itself. For example, you will learn how to determine who can edit customer information, whether sales reps can access or change customers belonging to each other, and if service technicians should see all customer records. You will be able to decide who may edit, delete, or view sensitive data and specify which fields require mandatory input. You will also be able to customize the user interface so that the menus and options displayed depend entirely on each user's permissions.

Moving beyond custom systems, we will examine Microsoft's own built-in security features. You will learn how to split your database into a front-end and back-end, then encrypt the back-end so a password is required to access any of the tables. We will remove easy navigation options and set up our custom log-in form as the starting point. I will also show you how to use VBA code to turn off the bypass key, which can otherwise let users circumvent your startup routines. An additional security measure you will learn is how to link to your tables dynamically, and how to destroy those links when each session ends.

Another advanced topic we will cover is how to create an encrypted version of your front-end database, where form, report, and module designs are hidden from users. In Access 2007, this is called making an ACCDE file, while in earlier versions it is known as an MDE file. If you are using Access 2003, I will demonstrate the user-level security wizard to set up permissions, define groups, and manage users.

While this seminar is self-contained and every topic is covered thoroughly, I recommend having at least some background in Access. If you are new to the program, I have beginner, intermediate, and expert courses on my website at AccessLearningZone.com.

I am using Access 2007 for the demonstrations, but most concepts apply equally to Access 2000 through 2003. When there are significant version differences, especially for features like user-level security, I will point them out.

This is a comprehensive seminar, lasting over seven hours but divided into 36 shorter lessons. I suggest watching the full seminar once straight through to understand the big picture before attempting to take any action. Once you are familiar with the concepts, revisit the lessons, follow along step by step, and build the same database as shown in the examples. Building along with the video will help you master the security techniques being taught.

The sample files for this seminar are available at AccessLearningZone.com-security-seminar. If you are viewing this course online or in our special player, student forums are also available for any questions you might have about the material.

A detailed outline of the seminar's content follows. For the full video course and all step-by-step demonstrations, please visit my website at the link below.

Live long and prosper, my friends.

Topic List

Creating user tables for custom logon
Building a custom log-on form
Setting up user groups and access rights
Managing user group permissions
Designing workflow for service-based databases
Assigning and managing work order steps
Controlling access to forms and fields by user role
Locking and unlocking fields based on workflow stage
Implementing buttons to move records through workflow
Sending email notifications at workflow steps
Creating a detailed system log of user activity
Tracking field changes and record edits
Restricting access to customer data by user group
Assigning permissions for editing and deleting records
Customizing interface visibility based on permissions
Splitting database into front end and back end
Encrypting the back end database with passwords
Disabling navigation pane and enforcing custom startup
Disabling the bypass key using VBA
Dynamically linking and unlinking tables for security
Creating ACCDE/MDE files to hide design elements
Implementing user-level security in Access 2003
Managing users, groups, and permissions in Access