MS-Access / Getting Started

Managing Access (JET) Security with DAO

Security in Access is based on the workgroup model, which is conceptually similar to the user-level security model employed by the Windows operating system. In contrast to database-level security models employed by other desktop database systems, Access workgroup information is stored in a file that can reside on a network share. Using this approach, the same security system can be shared by many databases, rather than having to create a separate security system for every instance of your database. It enables you to simplify security maintenance by adding or removing users and groups, or changing permissions in one centralized file.

Microsoft Access security is always present and always enabled; it is not something that can be disabled. You just don't notice it because of the default workgroup and several default users and groups.

Because DAO acts only as an interface to security in the Access database engine. For those who want to learn about Access database engine security in greater detail, there are several excellent books on the subject that you can read. This tutorial discusses only those aspects of the DAO object model that directly relate to security; specifically how to manage users, groups, and permissions in the Access database engine using code.

Beginning with Access 2007, user-level security is no longer supported for new file formats. This means that you cannot assign permissions to database objects such as tables and queries, or Access objects such as forms and reports in ACCDB files. User-level security is still supported for MDB files. However, the DAO object model related to users and groups has been hidden. Your code will continue to run, although DAO objects such as User and Group will not appear in the Object Browser unless you select Show Hidden Members from the browser's context menu.

DAO deals with Access security in two ways. First, the Workspace object maintains two security-related collections: Groups and Users. Each Group object maintains a Users collection that contains information about all the users who belong to that group. Similarly, each User object contains a Groups collection that lists the groups to which that user belongs. Second, Access and database engine objects (for example, tables, forms, and so on) each have a Permission object that stores information about the permissions a user has to that object.

[Previous] [Contents] [Next]

In this tutorial:

  1. Using DAO to Access Data
  2. Data Access Objects
  3. New Features in DAO
  4. Referring to DAO Objects
  5. The DBEngine Object
  6. Using Transactions
  7. The Errors Collection
  8. The Databases Collection
  9. The CurrentDb() Function
  10. Opening an External Database
  11. Closing and Destroying Database Object References
  12. DAO Property Types
  13. Setting and Retrieving Built-In Object Properties
  14. Setting and Retrieving SummaryInfo Properties
  15. Creating Schema Objects with DAO
  16. Creating Indexes
  17. Creating Relations
  18. Creating Multi-Value Lookup Fields
  19. Database Encryption with DAO
  20. Setting Encryption Options
  21. Managing Access (JET) Security with DAO
  22. Creating Security Objects
  23. Creating and Deleting Groups
  24. Managing Passwords
  25. Data Access with DAO
  26. Modifying a QueryDef
  27. Filtering and Ordering Recordsets
  28. Navigating Recordsets
  29. BOF, EOF
  30. Navigating Recordsets with Multi-Value Lookup Fields
  31. Bookmarks and Recordset Clones
  32. Finding Records
  33. Working with Recordsets
  34. Using Arrays with Recordsets
  35. Working with Attachment Fields
  36. Append Only Fields