Hi Courtney,
It all depends on the level of security your trying to achieve. Most people
using Access work in small workgroups (several users). Access has a very good
security model for a user-type database. You can create forms that are only
accessible to authorized users. You can set it up so that it requires users
to log in and identify themselves using passwords, etc. You can even create
groups of users where some groups can have read-only access to data. You can
create accounts for users and when they quit, you can delete their accounts.
Here's where things get a little sticky with Access:
Creating a database in Access means that a file is created in your hard
drive (with extension .mdb). This file can easily be copied onto a portable
disk or USB memory drive (or even emailed). It is treated like any other file
on your computer (like a Word or Excel file).
The advantage with Access is that you can secure the file so that even if
someone steals the file they cannot simply open it at home. A good programmer
with enough knowledge of the Access Security model can secure the database
enough so that employees cannot simply bring it home and open the database.
The programmer would have to use the Access user-level security model to
create a separate file that holds all valid accounts ( this will have an .mdw
extension). Once this is done, you cannot open the database without this
second file.
However (yes there is a "However")
If one of your users has a valid account and a valid password then he or she
can copy the .mdb file AND the .mdw file, bring them home, and with enough
knowledge of the Access security model, yes, they can open it at home. So the
question now is: How well do you trust the users of the database? In most
companies I've worked with, this is more than enough. What I tell my clients
is this: Only use the database at work within a secure computer network. In
some cases, I've seen users bring a copy at home to work on it at home and
then bring back the file the next day and replace the updated copy. This
could be a good thing in some cases. Access gives you that flexibility if you
need it (something you can't easily do in a Server-based database).
However (yes, there is a third)...
If the .mdb file containing the data gets into the hands of someone that
really, really wants to get to the data (a determined individual), well,
there are tools out there that hackers can use to get into the file and read
the database. But this individual must first get his hands on the file (maybe
an employee gives it to him), or if he has access to the folder from another
department within the network, etc.
In my opinion, if you're forced to work with a PC-based database, Access is
your best option.
The question now is: Is this enough security for your needs?
Like I said before, I've worked for large corporations that use Access and
they don't worry about it because they trust the employees, and most are
working within small groups anyways.
But if you work with very, very sensitive data, like credit card numbers,
or anything that will make the evening news, then you'll need to go with a
Server-based database. Then again, even with a Server-based database, the
employees need to be trusted too.
Hope this helps,
Ray
