Controlling access to Microsoft Access databases

Maintaining the security of Microsoft Access databases created by iBase is largely a matter of applying controls by using the Security menu in iBase Designer. However, outside iBase, you need to consider file-level security settings for the database and security files, user accounts, and group policies.

Application level security

iBase uses a security file (.ids) to secure the iBase database (.idb file) from unwanted access. Only users who are known to the security file are allowed access to the database. For detailed information on setting up iBase application security using iBase Designer, see Security Files, Users and Groups.

Making a database available and secure

A single security file can be used to control access to more than one database file. The security file is normally placed in the same folder as the database files it secures. You should protect both the security and database files at the file system level. Some suggested permissions are given in the following table.

You must also ensure that all iBase users can access the database file from a folder to which they have both create and read/write permissions. iBase creates a temporary locking file in the folder. This locking file can be created and deleted by any iBase user.

The folder in which the database file is stored must be shared. This is required because iBase records the location of the database file in UNC format so that it can be located from any client machine on the network.

Suggested permissions for users

These are the suggested permissions for users on iBase files and their folders. In summary, these settings deny most users the ability to rename or substitute files crucial to security, but allow them to create and delete lock files and to add to files such as the database log.

Files and folders	iBase System administrator	iBase users (not administrators)
Security file	Full Control	Read & Execute, Write
Database file	Full Control	Read & Execute, Write
Folders	Full Control	Modify, Read & Execute, and Write
All Users folder in the application data area (for example, the `Workgroup Templates` folder)	Read & Execute Note: Only the Windows administrator for the local machine has full control.	Read & Execute Note: You might want to change the permissions on the file Settings.xml (by default, any user can change local machine settings). Note: Write permission might be required to any mapping application configuration files; for details, see the iBase GIS Interfaces release notes.
User's personal folder in the application data (for example, the `Templates` folder)	Full Control (the default)	Full Control (the default)

iBase database administrators, security administrators, and system administrators require different permissions; for details, see the Administrative Center document Managing Access Control.