Access User-Level Security

The built-in User-level Security (ULS) is available for databases using the Jet (.mdb) format. It has been dropped in the newer ACE (.accdb) format in Access 2007.

With a JET (.mdb) database, you are always using the User-Level Security. By default, all users use the user admin from the system.mdw workgroup file.

While learning to use the User-Level Security (ULS) be sure to practice on a copy of your database. It is also very important to create a new workgroup file (.mdw). I would avoid modifying the default system.mdw workgroup file that installs with Access. Make sure to keep a backup of your custom workgroup file (.mdw)

Once a database is secured using a custom workgroup file, you must always use this workgroup file whenever you open the database. This means that you must copy the workgroup file (.mdw) with the .mdb/.mde front end.

I found it useful to store the workgroup file with the back end database. I create a shortcut to open the front end using the command line switch for Access to specify the workgroup file in the location with the back end. This way the workgroup file is shared.

I had stopped using the built-in User-Level Security and have developed a custom solution using Access objects/VBA code that works with all versions of Access.

Essentially Microsoft has decided to discourage the use of ULS as explained here:

"Since JET is a file-based database system where users need physical access to the file to operate on their data, the concept of user-level security in Jet to assign different levels of user access to the data within the same file was not recommended. To have multiple people use the database but with different data access privileges, the recommended practice was to move this data to a centralized service like an SQL server or SharePoint lists. However, Jet has had this feature for some time and it has worked OK for usability and custom navigation scenarios but isn’t recommended for actual security."


If you do decide to use the built-in User-Level Security, I would recommend reading:


Whitepaper by Jack MacDonald: How I use Microsoft Access User-Level Security



Microsoft Access Security Apparatus

Additional Links