Aug 30

Your Top 10 Security Steps to Protect Your Data, Part 5

5. Restrict data access with accounts and privilege sets

Use accounts and privilege sets to provide the most basic security method within your database files. With accounts and privilege sets, you can limit what users can see and do in a database file. You can restrict:
• File access: Require users to enter an account name and password in order to open a file.
• Data access: Make particular records or fields from individual tables view-only, or hide them completely depending on their level of security clearance.
• Layout access: Prevent users from viewing or modifying layouts in Layout mode.
• Access to value lists and scripts: Prevent users from accessing and modifying value lists and scripts, and from running scripts.
• Outputting data: Prevent users from printing or exporting data, especially if the information is proprietary.
• Menu access: Make only a limited set of menu commands available to the users depending on security level.
When files are restricted with accounts, users must know the account name and password before opening or connecting to a database. The account name and password they enter determines which privilege set will be used, which limits what they will be able to do in a file.
Your security is only as good as the user accounts and passwords you define. By including personal information about them in their record, they will be more unlikely to be willing to share it with anyone else. Change it about every three monts with minor but memorable modifications.
•Do not share your administrator-level user account name and password with anyone. This protects your files in the event that your physical security, operating system security, or network security has been bypassed. Make sure you also change it frequently.
Your database server can be configured to allow databases to perform external server authentication based on group names in place of accounts/passwords stored in the database. Again, make sure you change your passwords on a regular basis.
In many cases, when you are setting up a new database, the default for the file is initially unprotected. When opening files, users are automatically logged in with the Admin account, which is assigned the Full Access privilege set.
So to prevent others from opening a database with full access, rename the Admin account and assign a password at once. Before sharing the file with others, plan the security of the file and assign the necessary access levels to each user and user group. For example, the Sales department does not need access to the Accounting or Marketing department files.

Leave a Reply